Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-26597
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2024-12-19 08:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:
==================================================================
BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x172/0x475 mm/kasan/report.c:395
kasan_report+0xbb/0x1c0 mm/kasan/report.c:495
validate_nla lib/nlattr.c:386 [inline]
__nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
__nla_parse+0x3e/0x50 lib/nlattr.c:697
nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]
__rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594
rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091
netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0x154/0x190 net/socket.c:734
____sys_sendmsg+0x6df/0x840 net/socket.c:2482
___sys_sendmsg+0x110/0x1b0 net/socket.c:2536
__sys_sendmsg+0xf3/0x1c0 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
</TASK>
The buggy address belongs to the variable:
rmnet_policy+0x30/0xe0
The buggy address belongs to the physical page:
page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243
flags: 0x200000000001000(reserved|node=0|zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
^
ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of `nla_parse_nested_deprecated`, the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T22:33:57.842147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:32.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "093dab655808207f7a9f54cf156240aeafc70590",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "02467ab8b404d80429107588e0f3425cf5fcd2e5",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "2295c22348faf795e1ccdf618f6eb7afdb2f7447",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "3b5254862258b595662a0ccca6e9eeb88d6e7468",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "ee1dc3bf86f2df777038506b139371a9add02534",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "c4734535034672f59f2652e1e0058c490da62a5c",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "17d06a5c44d8fd2e8e61bac295b09153496f87e1",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "b33fb5b801c6db408b774a68e7c8722796b59ecc",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T08:43:14.704Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
}
],
"title": "net: qualcomm: rmnet: fix global oob in rmnet_policy",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26597",
"datePublished": "2024-02-23T14:46:26.042Z",
"dateReserved": "2024-02-19T14:20:24.127Z",
"dateUpdated": "2024-12-19T08:43:14.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-26597\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-23T15:15:09.557\",\"lastModified\":\"2024-11-21T09:02:37.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\\n\\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\\nglobal out-of-bounds read when parsing the netlink attributes. See bug\\ntrace below:\\n\\n==================================================================\\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\\n\\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\\nCall Trace:\\n \u003cTASK\u003e\\n __dump_stack lib/dump_stack.c:88 [inline]\\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\\n print_address_description mm/kasan/report.c:284 [inline]\\n print_report+0x172/0x475 mm/kasan/report.c:395\\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\\n validate_nla lib/nlattr.c:386 [inline]\\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\\n sock_sendmsg_nosec net/socket.c:714 [inline]\\n sock_sendmsg+0x154/0x190 net/socket.c:734\\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\\nRIP: 0033:0x7fdcf2072359\\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\\n \u003c/TASK\u003e\\n\\nThe buggy address belongs to the variable:\\n rmnet_policy+0x30/0xe0\\n\\nThe buggy address belongs to the physical page:\\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\\nflags: 0x200000000001000(reserved|node=0|zone=2)\\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\\npage dumped because: kasan: bad access detected\\n\\nMemory state around the buggy address:\\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\\n ^\\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\\n\\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qualcomm: rmnet: fix global oob in rmnet_policy La variable rmnet_link_ops asigna un maxtype *m\u00e1s grande* que conduce a una lectura global fuera de los l\u00edmites al analizar los atributos de netlink. Vea el seguimiento del error a continuaci\u00f3n: =============================================== ===================== ERROR: KASAN: global-fuera de los l\u00edmites en validar_nla lib/nlattr.c:386 [en l\u00ednea] ERROR: KASAN: global- fuera de los l\u00edmites en __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Lectura de tama\u00f1o 1 en addr ffffffff92c438d0 por tarea syz-executor.6/84207 CPU: 0 PID: 84207 Comm: syz-executor.6 Contaminado: GN 6.1.0 #3 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl +0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [en l\u00ednea] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c :495 validar_nla lib/nlattr.c:386 [en l\u00ednea] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [en l\u00ednea] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/ enlace de red /af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [en l\u00ednea] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/ socket.c:714 [en l\u00ednea] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3 /0x1c0 neto /socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 C\u00f3digo: 2 8 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ffff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf21 9ff80 RCX: 00007fdcf2072359 RDX: 00000000000000000 RSI: 0000000020000200 RDI: 00000000000000003 RBP: 00007fdcf20bd493 R08: 000000000000000000 R09: 0000000000000000 R10: 00000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R 15: 0000000000022000 La direcci\u00f3n con errores pertenece a la variable: rmnet_policy+0x30/0xe0 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:0000000065bdeb3c refcount:1 mapcount:0 mapeo:0000000000000000 \u00edndice:0x0 pfn:0x155243 banderas: 0x200000000001000(reservado|nodo=0|zona=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n del error: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9 \u0026gt;ffffffff92c438 80: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 Seg\u00fan seg\u00fan el comentario de `nla_parse_nested_deprecated`, el tipo m\u00e1ximo debe ser len (matriz de destino) - 1. Por lo tanto, use `IFLA_RMNET_MAX` aqu\u00ed.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.17.0\",\"versionEndExcluding\":\"4.19.306\",\"matchCriteriaId\":\"FF96CE9E-911A-4E4D-94D2-786495A44003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20.0\",\"versionEndExcluding\":\"5.4.268\",\"matchCriteriaId\":\"35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.10.209\",\"matchCriteriaId\":\"5D2E4F24-2FBB-4434-8598-2B1499E566B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.15.148\",\"matchCriteriaId\":\"E25E1389-4B0F-407A-9C94-5908FF3EE88B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndExcluding\":\"6.1.75\",\"matchCriteriaId\":\"2C4951FA-80C0-4B4C-9836-6E5035DEB0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"6.6.14\",\"matchCriteriaId\":\"BDBBEB0E-D13A-4567-8984-51C5375350B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.2\",\"matchCriteriaId\":\"0EA3778C-730B-464C-8023-18CA6AC0B807\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:07:19.733Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26597\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-23T22:33:57.842147Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:13.181Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"net: qualcomm: rmnet: fix global oob in rmnet_policy\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"093dab655808\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"02467ab8b404\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"2295c22348fa\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"3b5254862258\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"ee1dc3bf86f2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"c47345350346\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"17d06a5c44d8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"14452ca3b5ce\", \"lessThan\": \"b33fb5b801c6\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.17\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.17\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.306\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.268\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.209\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.148\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.75\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.14\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590\"}, {\"url\": \"https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5\"}, {\"url\": \"https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447\"}, {\"url\": \"https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468\"}, {\"url\": \"https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534\"}, {\"url\": \"https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c\"}, {\"url\": \"https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1\"}, {\"url\": \"https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc\"}], \"x_generator\": {\"engine\": \"bippy-9e1c9544281a\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\\n\\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\\nglobal out-of-bounds read when parsing the netlink attributes. See bug\\ntrace below:\\n\\n==================================================================\\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\\n\\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\\nCall Trace:\\n \u003cTASK\u003e\\n __dump_stack lib/dump_stack.c:88 [inline]\\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\\n print_address_description mm/kasan/report.c:284 [inline]\\n print_report+0x172/0x475 mm/kasan/report.c:395\\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\\n validate_nla lib/nlattr.c:386 [inline]\\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\\n sock_sendmsg_nosec net/socket.c:714 [inline]\\n sock_sendmsg+0x154/0x190 net/socket.c:734\\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\\nRIP: 0033:0x7fdcf2072359\\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\\n \u003c/TASK\u003e\\n\\nThe buggy address belongs to the variable:\\n rmnet_policy+0x30/0xe0\\n\\nThe buggy address belongs to the physical page:\\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\\nflags: 0x200000000001000(reserved|node=0|zone=2)\\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\\npage dumped because: kasan: bad access detected\\n\\nMemory state around the buggy address:\\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\\n ^\\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\\n\\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-11-05T09:12:14.396Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-26597\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-05T09:12:14.396Z\", \"dateReserved\": \"2024-02-19T14:20:24.127Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-23T14:46:26.042Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ghsa-m32w-wmcr-wvxf
Vulnerability from github
Published
2024-02-23 15:30
Modified
2024-06-27 12:30
Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a bigger maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below:
================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 _syssendmsg+0x6df/0x840 net/socket.c:2482 _sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
The buggy address belongs to the variable: rmnet_policy+0x30/0xe0
The buggy address belongs to the physical page: page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243 flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected
Memory state around the buggy address: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of nla_parse_nested_deprecated, the maxtype
should be len(destination array) - 1. Hence use IFLA_RMNET_MAX here.
{
"affected": [],
"aliases": [
"CVE-2024-26597"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-23T15:15:09Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.",
"id": "GHSA-m32w-wmcr-wvxf",
"modified": "2024-06-27T12:30:43Z",
"published": "2024-02-23T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26597"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2024-0475
Vulnerability from csaf_certbund
Published
2024-02-25 23:00
Modified
2025-01-13 23:00
Summary
Linux-Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0475 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0475.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0475 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0475"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022325-CVE-2023-52453-9f24%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022330-CVE-2023-52454-5cf0%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52455-a28f%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52456-f9dd%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52457-c7b9%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52458-d1cd%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022333-CVE-2023-52459-f653%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022333-CVE-2023-52460-a52b%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022334-CVE-2023-52461-a619%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022335-CVE-2023-52462-b663%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022335-CVE-2023-52463-6195%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022336-CVE-2023-52464-b17c%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26596-57cb%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26597-be75%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26598-24f4%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26599-cd65%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022405-CVE-2024-26600-44a2%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022411-CVE-2024-26601-b6ac%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022414-CVE-2024-26602-5e76%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022415-CVE-2024-26603-42c2%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022416-CVE-2024-26604-71a3%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022539-CVE-2023-52465-2e75%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022544-CVE-2023-52466-fea5%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022544-CVE-2023-52467-434b%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022545-CVE-2023-52468-59a2%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52469-5141%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52470-44d1%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52471-ab29%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022547-CVE-2023-52472-fa03%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022547-CVE-2023-52473-c3cc%40gregkh/"
},
{
"category": "external",
"summary": "VE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022555-CVE-2021-46904-d49f%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022558-CVE-2022-48626-8a90%40gregkh/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-061 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-061.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1249 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1249"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1250 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6688-1 vom 2024-03-11",
"url": "https://ubuntu.com/security/notices/USN-6688-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0855-1 vom 2024-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018151.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0858-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018153.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1306 vom 2024-03-13",
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0900-1 vom 2024-03-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018167.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1332 vom 2024-03-14",
"url": "https://access.redhat.com/errata/RHSA-2024:1332"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0900-2 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018182.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0910-1 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018181.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-1 vom 2024-03-20",
"url": "https://ubuntu.com/security/notices/USN-6707-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1249 vom 2024-03-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-1249.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-2 vom 2024-03-21",
"url": "https://ubuntu.com/security/notices/USN-6707-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0977-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-3 vom 2024-03-26",
"url": "https://ubuntu.com/security/notices/USN-6707-3"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1533 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1533"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1532 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1532"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-040 vom 2024-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-040.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-4 vom 2024-03-28",
"url": "https://ubuntu.com/security/notices/USN-6707-4"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-052 vom 2024-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-052.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1653 vom 2024-04-03",
"url": "https://access.redhat.com/errata/RHSA-2024:1653"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6725-1 vom 2024-04-09",
"url": "https://ubuntu.com/security/notices/USN-6725-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6726-1 vom 2024-04-09",
"url": "https://ubuntu.com/security/notices/USN-6726-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6726-2 vom 2024-04-16",
"url": "https://ubuntu.com/security/notices/USN-6726-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6725-2 vom 2024-04-16",
"url": "https://ubuntu.com/security/notices/USN-6725-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1320-1 vom 2024-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018372.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1321-1 vom 2024-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6726-3 vom 2024-04-17",
"url": "https://ubuntu.com/security/notices/USN-6726-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6740-1 vom 2024-04-19",
"url": "https://ubuntu.com/security/notices/USN-6740-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2008 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2006 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2004 vom 2024-04-25",
"url": "http://linux.oracle.com/errata/ELSA-2024-2004.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0103-1 vom 2024-04-30",
"url": "https://ubuntu.com/security/notices/LSN-0103-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2585 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2585"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2582 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2582"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5681 vom 2024-05-06",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5680 vom 2024-05-06",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00089.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6767-1 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6767-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6766-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6765-1 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6765-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
"url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024002 vom 2024-05-14",
"url": "https://www.insyde.com/security-pledge/SA-2024002"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6767-2 vom 2024-05-14",
"url": "https://ubuntu.com/security/notices/USN-6767-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018525.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15",
"url": "https://ubuntu.com/security/notices/USN-6766-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20",
"url": "https://ubuntu.com/security/notices/USN-6766-3"
},
{
"category": "external",
"summary": "F5 Security Advisory K000139682 vom 2024-05-20",
"url": "https://my.f5.com/manage/s/article/K000139682"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28",
"url": "https://ubuntu.com/security/notices/USN-6795-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6820-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6820-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156774 vom 2024-06-07",
"url": "https://www.ibm.com/support/pages/node/7156774"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6821-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6818-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6819-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-2 vom 2024-06-10",
"url": "https://ubuntu.com/security/notices/USN-6818-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-2 vom 2024-06-10",
"url": "https://ubuntu.com/security/notices/USN-6821-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6820-2 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/USN-6820-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3810 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-2 vom 2024-06-12",
"url": "https://ubuntu.com/security/notices/USN-6819-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-3 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/USN-6821-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/USN-6828-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3855 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3855"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3854 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3854"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0104-1 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/LSN-0104-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-3 vom 2024-06-12",
"url": "https://ubuntu.com/security/notices/USN-6819-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-4 vom 2024-06-14",
"url": "https://ubuntu.com/security/notices/USN-6821-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-3 vom 2024-06-14",
"url": "https://ubuntu.com/security/notices/USN-6818-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-4 vom 2024-06-19",
"url": "https://ubuntu.com/security/notices/USN-6818-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2135-1 vom 2024-06-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018783.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3841 vom 2024-06-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3842 vom 2024-06-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2190-1 vom 2024-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-4 vom 2024-06-26",
"url": "https://ubuntu.com/security/notices/USN-6819-4"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2525 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2525.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02",
"url": "https://access.redhat.com/errata/RHSA-2024:4211"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
"url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6871-1 vom 2024-07-04",
"url": "https://ubuntu.com/security/notices/USN-6871-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4352"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4415 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4415"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6892-1 vom 2024-07-10",
"url": "https://ubuntu.com/security/notices/USN-6892-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-1 vom 2024-07-12",
"url": "https://ubuntu.com/security/notices/USN-6895-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4352"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4211"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-2 vom 2024-07-16",
"url": "https://ubuntu.com/security/notices/USN-6895-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-3 vom 2024-07-19",
"url": "https://ubuntu.com/security/notices/USN-6895-3"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4740 vom 2024-07-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4740"
},
{
"category": "external",
"summary": "F5 Security Advisory K000140297 vom 2023-07-26",
"url": "https://my.f5.com/manage/s/article/K000140297"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6919-1 vom 2024-07-26",
"url": "https://ubuntu.com/security/notices/USN-6919-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6926-1 vom 2024-07-29",
"url": "https://ubuntu.com/security/notices/USN-6926-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161794 vom 2024-07-29",
"url": "https://www.ibm.com/support/pages/node/7161794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4928 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4928"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4928 vom 2024-08-01",
"url": "https://errata.build.resf.org/RLSA-2024:4928"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
"url": "https://ubuntu.com/security/notices/USN-6938-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4928 vom 2024-08-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-4928.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6926-2 vom 2024-08-01",
"url": "https://ubuntu.com/security/notices/USN-6926-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-4 vom 2024-08-05",
"url": "https://ubuntu.com/security/notices/USN-6895-4"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5067 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:5067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5066 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:5066"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5102 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5101 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5101"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6926-3 vom 2024-08-09",
"url": "https://ubuntu.com/security/notices/USN-6926-3"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5101 vom 2024-08-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-5101.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5363 vom 2024-08-14",
"url": "https://access.redhat.com/errata/RHSA-2024:5363"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5363 vom 2024-08-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-5363.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2203-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019244.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1663-1 vom 2024-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MFQEXBT2XPZQJMUF7MN6ZVO5FXVY4NKK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1669-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019269.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5672 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5673 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5673"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6976-1 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6976-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6972-1 vom 2024-08-21",
"url": "https://ubuntu.com/security/notices/USN-6972-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:5102 vom 2024-08-21",
"url": "https://errata.build.resf.org/RLSA-2024:5102"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:5101 vom 2024-08-21",
"url": "https://errata.build.resf.org/RLSA-2024:5101"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6971-1 vom 2024-08-21",
"url": "https://ubuntu.com/security/notices/USN-6971-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6972-2 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6972-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6973-2 vom 2024-08-23",
"url": "https://ubuntu.com/security/notices/USN-6972-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6972-4 vom 2024-08-29",
"url": "https://ubuntu.com/security/notices/USN-6972-4"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7167662 vom 2024-09-05",
"url": "https://www.ibm.com/support/pages/node/7167662"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3190-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6567 vom 2024-09-11",
"url": "https://access.redhat.com/errata/RHSA-2024:6567"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6567 vom 2024-09-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-6567.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3209-1 vom 2024-09-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNWVZVIFSX7PLBJX3I3PDZ4MIBERTN2Y/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:6567 vom 2024-09-17",
"url": "https://errata.build.resf.org/RLSA-2024:6567"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7001 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:7001"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7169778 vom 2024-09-24",
"url": "https://www.ibm.com/support/pages/node/7169778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7000 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:7000"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7000 vom 2024-09-26",
"url": "https://linux.oracle.com/errata/ELSA-2024-7000.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:7001 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:7001"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7069-1 vom 2024-10-16",
"url": "https://ubuntu.com/security/notices/USN-7069-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8161 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8161"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7069-2 vom 2024-10-17",
"url": "https://ubuntu.com/security/notices/USN-7069-2"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173960 vom 2024-10-23",
"url": "https://www.ibm.com/support/pages/node/7173960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8318"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10771 vom 2024-12-04",
"url": "https://access.redhat.com/errata/RHSA-2024:10771"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4316-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S4I5Z6ALCJLHTP25U3HMJHEXN4DR2USM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4314-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SARXL66CQHD5VSFG5PUBNBVBPVFUN4KT/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7179045 vom 2024-12-16",
"url": "https://www.ibm.com/support/pages/node/7179045"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA92874 vom 2024-01-09",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9315 vom 2025-01-13",
"url": "https://oss.oracle.com/pipermail/el-errata/2025-January/017000.html"
}
],
"source_lang": "en-US",
"title": "Linux-Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifische Angriffe",
"tracking": {
"current_release_date": "2025-01-13T23:00:00.000+00:00",
"generator": {
"date": "2025-01-14T13:52:38.618+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0475",
"initial_release_date": "2024-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2024-03-21T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2024-04-02T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE, Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu und Dell aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Insyde aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Ubuntu und F5 aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-09T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Ubuntu und IBM aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Dell und Oracle Linux aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-07-14T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-07-28T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-29T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Ubuntu und IBM aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Ubuntu, IBM und Oracle Linux aufgenommen"
},
{
"date": "2024-08-01T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-04T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-19T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von Ubuntu und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-08-22T22:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-25T22:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-28T22:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-10-17T22:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "90",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-16T23:00:00.000+00:00",
"number": "93",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-06T23:00:00.000+00:00",
"number": "94",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "95",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "96",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "96"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version",
"name": "virtual",
"product": {
"name": "Dell NetWorker virtual",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.11",
"product": {
"name": "Dell NetWorker \u003c19.11",
"product_id": "T035785"
}
},
{
"category": "product_version",
"name": "19.11",
"product": {
"name": "Dell NetWorker 19.11",
"product_id": "T035785-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.11"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "24.0.0",
"product": {
"name": "IBM Business Automation Workflow 24.0.0",
"product_id": "T036570",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "IBM Security Guardium 11.4",
"product_id": "1076561",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.4"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "1411051",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
},
{
"category": "product_version",
"name": "12",
"product": {
"name": "IBM Security Guardium 12.0",
"product_id": "T031092",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:12.0"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.3",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.3",
"product_id": "T037795"
}
},
{
"category": "product_version",
"name": "10.1.16.3",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.16.3",
"product_id": "T037795-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
"product_id": "T040030"
}
},
{
"category": "product_version",
"name": "10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.6.4",
"product_id": "T040030-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.9.5",
"product": {
"name": "IBM Storage Scale \u003c6.1.9.5",
"product_id": "T039851"
}
},
{
"category": "product_version",
"name": "6.1.9.5",
"product": {
"name": "IBM Storage Scale 6.1.9.5",
"product_id": "T039851-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:6.1.9.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.2.2.0",
"product": {
"name": "IBM Storage Scale \u003c6.2.2.0",
"product_id": "T039852"
}
},
{
"category": "product_version",
"name": "6.2.2.0",
"product": {
"name": "IBM Storage Scale 6.2.2.0",
"product_id": "T039852-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:6.2.2.0"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel",
"product": {
"name": "Insyde UEFI Firmware kernel",
"product_id": "T034716",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:kernel"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R2",
"product": {
"name": "Juniper Junos Space \u003c24.1R2",
"product_id": "T040074"
}
},
{
"category": "product_version",
"name": "24.1R2",
"product": {
"name": "Juniper Junos Space 24.1R2",
"product_id": "T040074-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r2"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T032006",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46904",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2021-46904"
},
{
"cve": "CVE-2021-46905",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2021-46905"
},
{
"cve": "CVE-2022-48626",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2022-48626"
},
{
"cve": "CVE-2023-52453",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52453"
},
{
"cve": "CVE-2023-52454",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52454"
},
{
"cve": "CVE-2023-52455",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52455"
},
{
"cve": "CVE-2023-52456",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52456"
},
{
"cve": "CVE-2023-52457",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52457"
},
{
"cve": "CVE-2023-52458",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52458"
},
{
"cve": "CVE-2023-52459",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52459"
},
{
"cve": "CVE-2023-52460",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52460"
},
{
"cve": "CVE-2023-52461",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52461"
},
{
"cve": "CVE-2023-52462",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52462"
},
{
"cve": "CVE-2023-52463",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52463"
},
{
"cve": "CVE-2023-52464",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52464"
},
{
"cve": "CVE-2023-52465",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52465"
},
{
"cve": "CVE-2023-52466",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52466"
},
{
"cve": "CVE-2023-52467",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52467"
},
{
"cve": "CVE-2023-52468",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52468"
},
{
"cve": "CVE-2023-52469",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52469"
},
{
"cve": "CVE-2023-52470",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52470"
},
{
"cve": "CVE-2023-52471",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52471"
},
{
"cve": "CVE-2023-52472",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52472"
},
{
"cve": "CVE-2023-52473",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52473"
},
{
"cve": "CVE-2024-26594",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26594"
},
{
"cve": "CVE-2024-26595",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26595"
},
{
"cve": "CVE-2024-26596",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-26597",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26597"
},
{
"cve": "CVE-2024-26598",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26598"
},
{
"cve": "CVE-2024-26599",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26599"
},
{
"cve": "CVE-2024-26600",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26600"
},
{
"cve": "CVE-2024-26601",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26601"
},
{
"cve": "CVE-2024-26602",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26602"
},
{
"cve": "CVE-2024-26603",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26603"
},
{
"cve": "CVE-2024-26604",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26604"
},
{
"cve": "CVE-2024-26605",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26605"
}
]
}
wid-sec-w-2024-0475
Vulnerability from csaf_certbund
Published
2024-02-25 23:00
Modified
2025-01-13 23:00
Summary
Linux-Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0475 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0475.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0475 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0475"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022325-CVE-2023-52453-9f24%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022330-CVE-2023-52454-5cf0%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52455-a28f%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52456-f9dd%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52457-c7b9%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52458-d1cd%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022333-CVE-2023-52459-f653%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022333-CVE-2023-52460-a52b%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022334-CVE-2023-52461-a619%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022335-CVE-2023-52462-b663%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022335-CVE-2023-52463-6195%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022336-CVE-2023-52464-b17c%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26596-57cb%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26597-be75%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26598-24f4%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26599-cd65%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022405-CVE-2024-26600-44a2%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022411-CVE-2024-26601-b6ac%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022414-CVE-2024-26602-5e76%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022415-CVE-2024-26603-42c2%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022416-CVE-2024-26604-71a3%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022539-CVE-2023-52465-2e75%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022544-CVE-2023-52466-fea5%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022544-CVE-2023-52467-434b%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022545-CVE-2023-52468-59a2%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52469-5141%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52470-44d1%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022546-CVE-2023-52471-ab29%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022547-CVE-2023-52472-fa03%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022547-CVE-2023-52473-c3cc%40gregkh/"
},
{
"category": "external",
"summary": "VE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022555-CVE-2021-46904-d49f%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507%40gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-25",
"url": "http://lore.kernel.org/linux-cve-announce/2024022558-CVE-2022-48626-8a90%40gregkh/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-061 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-061.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1249 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1249"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1250 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6688-1 vom 2024-03-11",
"url": "https://ubuntu.com/security/notices/USN-6688-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0855-1 vom 2024-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018151.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0858-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018153.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1306 vom 2024-03-13",
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0900-1 vom 2024-03-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018167.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1332 vom 2024-03-14",
"url": "https://access.redhat.com/errata/RHSA-2024:1332"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0900-2 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018182.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0910-1 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018181.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-1 vom 2024-03-20",
"url": "https://ubuntu.com/security/notices/USN-6707-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1249 vom 2024-03-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-1249.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-2 vom 2024-03-21",
"url": "https://ubuntu.com/security/notices/USN-6707-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0977-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-3 vom 2024-03-26",
"url": "https://ubuntu.com/security/notices/USN-6707-3"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1533 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1533"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1532 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1532"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-040 vom 2024-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-040.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6707-4 vom 2024-03-28",
"url": "https://ubuntu.com/security/notices/USN-6707-4"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-052 vom 2024-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-052.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1653 vom 2024-04-03",
"url": "https://access.redhat.com/errata/RHSA-2024:1653"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6725-1 vom 2024-04-09",
"url": "https://ubuntu.com/security/notices/USN-6725-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6726-1 vom 2024-04-09",
"url": "https://ubuntu.com/security/notices/USN-6726-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6726-2 vom 2024-04-16",
"url": "https://ubuntu.com/security/notices/USN-6726-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6725-2 vom 2024-04-16",
"url": "https://ubuntu.com/security/notices/USN-6725-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1320-1 vom 2024-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018372.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1321-1 vom 2024-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6726-3 vom 2024-04-17",
"url": "https://ubuntu.com/security/notices/USN-6726-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6740-1 vom 2024-04-19",
"url": "https://ubuntu.com/security/notices/USN-6740-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2008 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2006 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2004 vom 2024-04-25",
"url": "http://linux.oracle.com/errata/ELSA-2024-2004.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0103-1 vom 2024-04-30",
"url": "https://ubuntu.com/security/notices/LSN-0103-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2585 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2585"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2582 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2582"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5681 vom 2024-05-06",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5680 vom 2024-05-06",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00089.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6767-1 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6767-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6766-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6765-1 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6765-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
"url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024002 vom 2024-05-14",
"url": "https://www.insyde.com/security-pledge/SA-2024002"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6767-2 vom 2024-05-14",
"url": "https://ubuntu.com/security/notices/USN-6767-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018525.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15",
"url": "https://ubuntu.com/security/notices/USN-6766-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20",
"url": "https://ubuntu.com/security/notices/USN-6766-3"
},
{
"category": "external",
"summary": "F5 Security Advisory K000139682 vom 2024-05-20",
"url": "https://my.f5.com/manage/s/article/K000139682"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28",
"url": "https://ubuntu.com/security/notices/USN-6795-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6820-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6820-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156774 vom 2024-06-07",
"url": "https://www.ibm.com/support/pages/node/7156774"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6821-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6818-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-1 vom 2024-06-08",
"url": "https://ubuntu.com/security/notices/USN-6819-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-2 vom 2024-06-10",
"url": "https://ubuntu.com/security/notices/USN-6818-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-2 vom 2024-06-10",
"url": "https://ubuntu.com/security/notices/USN-6821-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6820-2 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/USN-6820-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3810 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-2 vom 2024-06-12",
"url": "https://ubuntu.com/security/notices/USN-6819-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-3 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/USN-6821-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/USN-6828-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3855 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3855"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3854 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3854"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0104-1 vom 2024-06-11",
"url": "https://ubuntu.com/security/notices/LSN-0104-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-3 vom 2024-06-12",
"url": "https://ubuntu.com/security/notices/USN-6819-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6821-4 vom 2024-06-14",
"url": "https://ubuntu.com/security/notices/USN-6821-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-3 vom 2024-06-14",
"url": "https://ubuntu.com/security/notices/USN-6818-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6818-4 vom 2024-06-19",
"url": "https://ubuntu.com/security/notices/USN-6818-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2135-1 vom 2024-06-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018783.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3841 vom 2024-06-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3842 vom 2024-06-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2190-1 vom 2024-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6819-4 vom 2024-06-26",
"url": "https://ubuntu.com/security/notices/USN-6819-4"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2525 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2525.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02",
"url": "https://access.redhat.com/errata/RHSA-2024:4211"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
"url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6871-1 vom 2024-07-04",
"url": "https://ubuntu.com/security/notices/USN-6871-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4352"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4415 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4415"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6892-1 vom 2024-07-10",
"url": "https://ubuntu.com/security/notices/USN-6892-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-1 vom 2024-07-12",
"url": "https://ubuntu.com/security/notices/USN-6895-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4352"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4211"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-2 vom 2024-07-16",
"url": "https://ubuntu.com/security/notices/USN-6895-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-3 vom 2024-07-19",
"url": "https://ubuntu.com/security/notices/USN-6895-3"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4740 vom 2024-07-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4740"
},
{
"category": "external",
"summary": "F5 Security Advisory K000140297 vom 2023-07-26",
"url": "https://my.f5.com/manage/s/article/K000140297"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6919-1 vom 2024-07-26",
"url": "https://ubuntu.com/security/notices/USN-6919-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6926-1 vom 2024-07-29",
"url": "https://ubuntu.com/security/notices/USN-6926-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161794 vom 2024-07-29",
"url": "https://www.ibm.com/support/pages/node/7161794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4928 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4928"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4928 vom 2024-08-01",
"url": "https://errata.build.resf.org/RLSA-2024:4928"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
"url": "https://ubuntu.com/security/notices/USN-6938-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4928 vom 2024-08-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-4928.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6926-2 vom 2024-08-01",
"url": "https://ubuntu.com/security/notices/USN-6926-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6895-4 vom 2024-08-05",
"url": "https://ubuntu.com/security/notices/USN-6895-4"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5067 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:5067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5066 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:5066"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5102 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5101 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5101"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6926-3 vom 2024-08-09",
"url": "https://ubuntu.com/security/notices/USN-6926-3"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5101 vom 2024-08-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-5101.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5363 vom 2024-08-14",
"url": "https://access.redhat.com/errata/RHSA-2024:5363"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5363 vom 2024-08-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-5363.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2203-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019244.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1663-1 vom 2024-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MFQEXBT2XPZQJMUF7MN6ZVO5FXVY4NKK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1669-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019269.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5672 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5673 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5673"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6976-1 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6976-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6972-1 vom 2024-08-21",
"url": "https://ubuntu.com/security/notices/USN-6972-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:5102 vom 2024-08-21",
"url": "https://errata.build.resf.org/RLSA-2024:5102"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:5101 vom 2024-08-21",
"url": "https://errata.build.resf.org/RLSA-2024:5101"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6971-1 vom 2024-08-21",
"url": "https://ubuntu.com/security/notices/USN-6971-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6972-2 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6972-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6973-2 vom 2024-08-23",
"url": "https://ubuntu.com/security/notices/USN-6972-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6972-4 vom 2024-08-29",
"url": "https://ubuntu.com/security/notices/USN-6972-4"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7167662 vom 2024-09-05",
"url": "https://www.ibm.com/support/pages/node/7167662"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3190-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6567 vom 2024-09-11",
"url": "https://access.redhat.com/errata/RHSA-2024:6567"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6567 vom 2024-09-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-6567.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3209-1 vom 2024-09-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNWVZVIFSX7PLBJX3I3PDZ4MIBERTN2Y/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:6567 vom 2024-09-17",
"url": "https://errata.build.resf.org/RLSA-2024:6567"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7001 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:7001"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7169778 vom 2024-09-24",
"url": "https://www.ibm.com/support/pages/node/7169778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7000 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:7000"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7000 vom 2024-09-26",
"url": "https://linux.oracle.com/errata/ELSA-2024-7000.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:7001 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:7001"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7069-1 vom 2024-10-16",
"url": "https://ubuntu.com/security/notices/USN-7069-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8161 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8161"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7069-2 vom 2024-10-17",
"url": "https://ubuntu.com/security/notices/USN-7069-2"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173960 vom 2024-10-23",
"url": "https://www.ibm.com/support/pages/node/7173960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8318"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10771 vom 2024-12-04",
"url": "https://access.redhat.com/errata/RHSA-2024:10771"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4316-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S4I5Z6ALCJLHTP25U3HMJHEXN4DR2USM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4314-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SARXL66CQHD5VSFG5PUBNBVBPVFUN4KT/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7179045 vom 2024-12-16",
"url": "https://www.ibm.com/support/pages/node/7179045"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA92874 vom 2024-01-09",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9315 vom 2025-01-13",
"url": "https://oss.oracle.com/pipermail/el-errata/2025-January/017000.html"
}
],
"source_lang": "en-US",
"title": "Linux-Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifische Angriffe",
"tracking": {
"current_release_date": "2025-01-13T23:00:00.000+00:00",
"generator": {
"date": "2025-01-14T13:52:38.618+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0475",
"initial_release_date": "2024-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2024-03-21T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2024-04-02T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE, Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu und Dell aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Insyde aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Ubuntu und F5 aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-09T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Ubuntu und IBM aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Dell und Oracle Linux aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-07-14T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-07-28T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-29T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Ubuntu und IBM aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Ubuntu, IBM und Oracle Linux aufgenommen"
},
{
"date": "2024-08-01T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-04T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-19T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von Ubuntu und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-08-22T22:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-25T22:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-28T22:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-10-17T22:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "90",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-16T23:00:00.000+00:00",
"number": "93",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-06T23:00:00.000+00:00",
"number": "94",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "95",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "96",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "96"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version",
"name": "virtual",
"product": {
"name": "Dell NetWorker virtual",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.11",
"product": {
"name": "Dell NetWorker \u003c19.11",
"product_id": "T035785"
}
},
{
"category": "product_version",
"name": "19.11",
"product": {
"name": "Dell NetWorker 19.11",
"product_id": "T035785-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.11"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "24.0.0",
"product": {
"name": "IBM Business Automation Workflow 24.0.0",
"product_id": "T036570",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "IBM Security Guardium 11.4",
"product_id": "1076561",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.4"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "1411051",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
},
{
"category": "product_version",
"name": "12",
"product": {
"name": "IBM Security Guardium 12.0",
"product_id": "T031092",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:12.0"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.3",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.3",
"product_id": "T037795"
}
},
{
"category": "product_version",
"name": "10.1.16.3",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.16.3",
"product_id": "T037795-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
"product_id": "T040030"
}
},
{
"category": "product_version",
"name": "10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.6.4",
"product_id": "T040030-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.9.5",
"product": {
"name": "IBM Storage Scale \u003c6.1.9.5",
"product_id": "T039851"
}
},
{
"category": "product_version",
"name": "6.1.9.5",
"product": {
"name": "IBM Storage Scale 6.1.9.5",
"product_id": "T039851-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:6.1.9.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.2.2.0",
"product": {
"name": "IBM Storage Scale \u003c6.2.2.0",
"product_id": "T039852"
}
},
{
"category": "product_version",
"name": "6.2.2.0",
"product": {
"name": "IBM Storage Scale 6.2.2.0",
"product_id": "T039852-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:6.2.2.0"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel",
"product": {
"name": "Insyde UEFI Firmware kernel",
"product_id": "T034716",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:kernel"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R2",
"product": {
"name": "Juniper Junos Space \u003c24.1R2",
"product_id": "T040074"
}
},
{
"category": "product_version",
"name": "24.1R2",
"product": {
"name": "Juniper Junos Space 24.1R2",
"product_id": "T040074-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r2"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T032006",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46904",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2021-46904"
},
{
"cve": "CVE-2021-46905",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2021-46905"
},
{
"cve": "CVE-2022-48626",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2022-48626"
},
{
"cve": "CVE-2023-52453",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52453"
},
{
"cve": "CVE-2023-52454",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52454"
},
{
"cve": "CVE-2023-52455",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52455"
},
{
"cve": "CVE-2023-52456",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52456"
},
{
"cve": "CVE-2023-52457",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52457"
},
{
"cve": "CVE-2023-52458",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52458"
},
{
"cve": "CVE-2023-52459",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52459"
},
{
"cve": "CVE-2023-52460",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52460"
},
{
"cve": "CVE-2023-52461",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52461"
},
{
"cve": "CVE-2023-52462",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52462"
},
{
"cve": "CVE-2023-52463",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52463"
},
{
"cve": "CVE-2023-52464",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52464"
},
{
"cve": "CVE-2023-52465",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52465"
},
{
"cve": "CVE-2023-52466",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52466"
},
{
"cve": "CVE-2023-52467",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52467"
},
{
"cve": "CVE-2023-52468",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52468"
},
{
"cve": "CVE-2023-52469",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52469"
},
{
"cve": "CVE-2023-52470",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52470"
},
{
"cve": "CVE-2023-52471",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52471"
},
{
"cve": "CVE-2023-52472",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52472"
},
{
"cve": "CVE-2023-52473",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2023-52473"
},
{
"cve": "CVE-2024-26594",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26594"
},
{
"cve": "CVE-2024-26595",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26595"
},
{
"cve": "CVE-2024-26596",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-26597",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26597"
},
{
"cve": "CVE-2024-26598",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26598"
},
{
"cve": "CVE-2024-26599",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26599"
},
{
"cve": "CVE-2024-26600",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26600"
},
{
"cve": "CVE-2024-26601",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26601"
},
{
"cve": "CVE-2024-26602",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26602"
},
{
"cve": "CVE-2024-26603",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26603"
},
{
"cve": "CVE-2024-26604",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26604"
},
{
"cve": "CVE-2024-26605",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie ksmbd, arm64 von KVM oder mlxsw, unter anderem aufgrund verschiedener Probleme wie einer NULL-Zeiger-Dereferenz, einem Out-of-Bounds-Zugriff oder einem Use-after-free-Problem. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032006",
"67646",
"T034583",
"T004914",
"T038741",
"T039852",
"T037795",
"T039851",
"T040030",
"T040074",
"T021415",
"T031092",
"T024663",
"T001663",
"398363",
"T034716",
"1076561",
"T032255",
"T035785",
"T014381",
"T036570",
"2951",
"T002207",
"T000126",
"1411051"
]
},
"release_date": "2024-02-25T23:00:00.000+00:00",
"title": "CVE-2024-26605"
}
]
}
fkie_cve-2024-26597
Vulnerability from fkie_nvd
Published
2024-02-23 15:15
Modified
2024-11-21 09:02
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:
==================================================================
BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x172/0x475 mm/kasan/report.c:395
kasan_report+0xbb/0x1c0 mm/kasan/report.c:495
validate_nla lib/nlattr.c:386 [inline]
__nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
__nla_parse+0x3e/0x50 lib/nlattr.c:697
nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]
__rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594
rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091
netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0x154/0x190 net/socket.c:734
____sys_sendmsg+0x6df/0x840 net/socket.c:2482
___sys_sendmsg+0x110/0x1b0 net/socket.c:2536
__sys_sendmsg+0xf3/0x1c0 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
</TASK>
The buggy address belongs to the variable:
rmnet_policy+0x30/0xe0
The buggy address belongs to the physical page:
page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243
flags: 0x200000000001000(reserved|node=0|zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
^
ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of `nla_parse_nested_deprecated`, the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF96CE9E-911A-4E4D-94D2-786495A44003",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "6.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qualcomm: rmnet: fix global oob in rmnet_policy La variable rmnet_link_ops asigna un maxtype *m\u00e1s grande* que conduce a una lectura global fuera de los l\u00edmites al analizar los atributos de netlink. Vea el seguimiento del error a continuaci\u00f3n: =============================================== ===================== ERROR: KASAN: global-fuera de los l\u00edmites en validar_nla lib/nlattr.c:386 [en l\u00ednea] ERROR: KASAN: global- fuera de los l\u00edmites en __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Lectura de tama\u00f1o 1 en addr ffffffff92c438d0 por tarea syz-executor.6/84207 CPU: 0 PID: 84207 Comm: syz-executor.6 Contaminado: GN 6.1.0 #3 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl +0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [en l\u00ednea] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c :495 validar_nla lib/nlattr.c:386 [en l\u00ednea] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [en l\u00ednea] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/ enlace de red /af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [en l\u00ednea] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/ socket.c:714 [en l\u00ednea] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3 /0x1c0 neto /socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 C\u00f3digo: 2 8 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ffff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf21 9ff80 RCX: 00007fdcf2072359 RDX: 00000000000000000 RSI: 0000000020000200 RDI: 00000000000000003 RBP: 00007fdcf20bd493 R08: 000000000000000000 R09: 0000000000000000 R10: 00000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R 15: 0000000000022000 La direcci\u00f3n con errores pertenece a la variable: rmnet_policy+0x30/0xe0 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:0000000065bdeb3c refcount:1 mapcount:0 mapeo:0000000000000000 \u00edndice:0x0 pfn:0x155243 banderas: 0x200000000001000(reservado|nodo=0|zona=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n del error: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9 \u0026gt;ffffffff92c438 80: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 Seg\u00fan seg\u00fan el comentario de `nla_parse_nested_deprecated`, el tipo m\u00e1ximo debe ser len (matriz de destino) - 1. Por lo tanto, use `IFLA_RMNET_MAX` aqu\u00ed."
}
],
"id": "CVE-2024-26597",
"lastModified": "2024-11-21T09:02:37.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-23T15:15:09.557",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2024-26597
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
In the Linux kernel, the following vulnerability has been resolved:
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:
==================================================================
BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x172/0x475 mm/kasan/report.c:395
kasan_report+0xbb/0x1c0 mm/kasan/report.c:495
validate_nla lib/nlattr.c:386 [inline]
__nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
__nla_parse+0x3e/0x50 lib/nlattr.c:697
nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]
__rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594
rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091
netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0x154/0x190 net/socket.c:734
____sys_sendmsg+0x6df/0x840 net/socket.c:2482
___sys_sendmsg+0x110/0x1b0 net/socket.c:2536
__sys_sendmsg+0xf3/0x1c0 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
</TASK>
The buggy address belongs to the variable:
rmnet_policy+0x30/0xe0
The buggy address belongs to the physical page:
page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243
flags: 0x200000000001000(reserved|node=0|zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
^
ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of `nla_parse_nested_deprecated`, the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-26597"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.",
"id": "GSD-2024-26597",
"modified": "2024-02-20T06:02:29.077283Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@kernel.org",
"ID": "CVE-2024-26597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "14452ca3b5ce",
"version_value": "093dab655808"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here."
}
]
},
"generator": {
"engine": "bippy-8df59b4913de"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"name": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"name": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"name": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"name": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"name": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"name": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"name": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF96CE9E-911A-4E4D-94D2-786495A44003",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "6.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qualcomm: rmnet: fix global oob in rmnet_policy La variable rmnet_link_ops asigna un maxtype *m\u00e1s grande* que conduce a una lectura global fuera de los l\u00edmites al analizar los atributos de netlink. Vea el seguimiento del error a continuaci\u00f3n: =============================================== ===================== ERROR: KASAN: global-fuera de los l\u00edmites en validar_nla lib/nlattr.c:386 [en l\u00ednea] ERROR: KASAN: global- fuera de los l\u00edmites en __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Lectura de tama\u00f1o 1 en addr ffffffff92c438d0 por tarea syz-executor.6/84207 CPU: 0 PID: 84207 Comm: syz-executor.6 Contaminado: GN 6.1.0 #3 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl +0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [en l\u00ednea] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c :495 validar_nla lib/nlattr.c:386 [en l\u00ednea] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [en l\u00ednea] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/ enlace de red /af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [en l\u00ednea] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/ socket.c:714 [en l\u00ednea] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3 /0x1c0 neto /socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 C\u00f3digo: 2 8 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ffff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf21 9ff80 RCX: 00007fdcf2072359 RDX: 00000000000000000 RSI: 0000000020000200 RDI: 00000000000000003 RBP: 00007fdcf20bd493 R08: 000000000000000000 R09: 0000000000000000 R10: 00000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R 15: 0000000000022000 La direcci\u00f3n con errores pertenece a la variable: rmnet_policy+0x30/0xe0 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:0000000065bdeb3c refcount:1 mapcount:0 mapeo:0000000000000000 \u00edndice:0x0 pfn:0x155243 banderas: 0x200000000001000(reservado|nodo=0|zona=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n del error: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9 \u0026gt;ffffffff92c438 80: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 Seg\u00fan seg\u00fan el comentario de `nla_parse_nested_deprecated`, el tipo m\u00e1ximo debe ser len (matriz de destino) - 1. Por lo tanto, use `IFLA_RMNET_MAX` aqu\u00ed."
}
],
"id": "CVE-2024-26597",
"lastModified": "2024-04-17T19:46:28.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-23T15:15:09.557",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.