CVE-2024-56664
Vulnerability from cvelistv5
Published
2024-12-27 15:06
Modified
2025-01-20 06:25
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The bu ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b015f19fedd2e12283a8450dd0aefce49ec57015Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b79a0d1e9a374d1b376933a354c4fcd01fce0365
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bf2318e288f636a882eea39f7e1015623629f168Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ed1fc5d76b81a4d681211333c026202cad4d5649Patch
Impacted products
Vendor Product Version
Linux Linux Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
 Create a notification for this product.
   Linux Linux Version: 4.20
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b79a0d1e9a374d1b376933a354c4fcd01fce0365",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "b015f19fedd2e12283a8450dd0aefce49ec57015",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "bf2318e288f636a882eea39f7e1015623629f168",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "ed1fc5d76b81a4d681211333c026202cad4d5649",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n  sock_map_close()\n    lock_sock(sk)               (s0!)\n    sock_map_remove_links(sk)\n      link = sk_psock_link_pop()\n      sock_map_unlink(sk, link)\n        sock_map_delete_from_link\n                                        // replace map[0] with s1\n                                        map_update_elem(map, 0, s1)\n                                          sock_map_update_elem\n                                (s1!)       lock_sock(sk)\n                                            sock_map_update_common\n                                              psock = sk_psock(sk)\n                                              spin_lock(\u0026stab-\u003elock)\n                                              osk = stab-\u003esks[idx]\n                                              sock_map_add_link(..., \u0026stab-\u003esks[idx])\n                                              sock_map_unref(osk, \u0026stab-\u003esks[idx])\n                                                psock = sk_psock(osk)\n                                                sk_psock_put(sk, psock)\n                                                  if (refcount_dec_and_test(\u0026psock))\n                                                    sk_psock_drop(sk, psock)\n                                              spin_unlock(\u0026stab-\u003elock)\n                                            unlock_sock(sk)\n          __sock_map_delete\n            spin_lock(\u0026stab-\u003elock)\n            sk = *psk                        // s1 replaced s0; sk == s1\n            if (!sk_test || sk_test == sk)   // sk_test (s0) != sk (s1); no branch\n              sk = xchg(psk, NULL)\n            if (sk)\n              sock_map_unref(sk, psk)        // unref s1; sks[idx] will dangle\n                psock = sk_psock(sk)\n                sk_psock_put(sk, psock)\n                  if (refcount_dec_and_test())\n                    sk_psock_drop(sk, psock)\n            spin_unlock(\u0026stab-\u003elock)\n    release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:25:20.125Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b79a0d1e9a374d1b376933a354c4fcd01fce0365"
        },
        {
          "url": "https://git.kernel.org/stable/c/b015f19fedd2e12283a8450dd0aefce49ec57015"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf2318e288f636a882eea39f7e1015623629f168"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed1fc5d76b81a4d681211333c026202cad4d5649"
        }
      ],
      "title": "bpf, sockmap: Fix race between element replace and close()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56664",
    "datePublished": "2024-12-27T15:06:26.276Z",
    "dateReserved": "2024-12-27T15:00:39.844Z",
    "dateUpdated": "2025-01-20T06:25:20.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56664\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T15:15:26.297\",\"lastModified\":\"2025-01-17T14:15:32.227\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf, sockmap: Fix race between element replace and close()\\n\\nElement replace (with a socket different from the one stored) may race\\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\\nunconditionally unrefs the (wrong) element:\\n\\n// set map[0] = s0\\nmap_update_elem(map, 0, s0)\\n\\n// drop fd of s0\\nclose(s0)\\n  sock_map_close()\\n    lock_sock(sk)               (s0!)\\n    sock_map_remove_links(sk)\\n      link = sk_psock_link_pop()\\n      sock_map_unlink(sk, link)\\n        sock_map_delete_from_link\\n                                        // replace map[0] with s1\\n                                        map_update_elem(map, 0, s1)\\n                                          sock_map_update_elem\\n                                (s1!)       lock_sock(sk)\\n                                            sock_map_update_common\\n                                              psock = sk_psock(sk)\\n                                              spin_lock(\u0026stab-\u003elock)\\n                                              osk = stab-\u003esks[idx]\\n                                              sock_map_add_link(..., \u0026stab-\u003esks[idx])\\n                                              sock_map_unref(osk, \u0026stab-\u003esks[idx])\\n                                                psock = sk_psock(osk)\\n                                                sk_psock_put(sk, psock)\\n                                                  if (refcount_dec_and_test(\u0026psock))\\n                                                    sk_psock_drop(sk, psock)\\n                                              spin_unlock(\u0026stab-\u003elock)\\n                                            unlock_sock(sk)\\n          __sock_map_delete\\n            spin_lock(\u0026stab-\u003elock)\\n            sk = *psk                        // s1 replaced s0; sk == s1\\n            if (!sk_test || sk_test == sk)   // sk_test (s0) != sk (s1); no branch\\n              sk = xchg(psk, NULL)\\n            if (sk)\\n              sock_map_unref(sk, psk)        // unref s1; sks[idx] will dangle\\n                psock = sk_psock(sk)\\n                sk_psock_put(sk, psock)\\n                  if (refcount_dec_and_test())\\n                    sk_psock_drop(sk, psock)\\n            spin_unlock(\u0026stab-\u003elock)\\n    release_sock(sk)\\n\\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\\nsock_map_free(). This results in some refcount_t warnings along with\\na KASAN splat [1].\\n\\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\\nmay have been replaced.\\n\\n[1]:\\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\\n\\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\\nWorkqueue: events_unbound bpf_map_free_deferred\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x68/0x90\\n print_report+0x174/0x4f6\\n kasan_report+0xb9/0x190\\n kasan_check_range+0x10f/0x1e0\\n sock_map_free+0x10e/0x330\\n bpf_map_free_deferred+0x173/0x320\\n process_one_work+0x846/0x1420\\n worker_thread+0x5b3/0xf80\\n kthread+0x29e/0x360\\n ret_from_fork+0x2d/0x70\\n ret_from_fork_asm+0x1a/0x30\\n \u003c/TASK\u003e\\n\\nAllocated by task 1202:\\n kasan_save_stack+0x1e/0x40\\n kasan_save_track+0x10/0x30\\n __kasan_slab_alloc+0x85/0x90\\n kmem_cache_alloc_noprof+0x131/0x450\\n sk_prot_alloc+0x5b/0x220\\n sk_alloc+0x2c/0x870\\n unix_create1+0x88/0x8a0\\n unix_create+0xc5/0x180\\n __sock_create+0x241/0x650\\n __sys_socketpair+0x1ce/0x420\\n __x64_sys_socketpair+0x92/0x100\\n do_syscall_64+0x93/0x180\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nFreed by task 46:\\n kasan_save_stack+0x1e/0x40\\n kasan_save_track+0x10/0x30\\n kasan_save_free_info+0x37/0x60\\n __kasan_slab_free+0x4b/0x70\\n kmem_cache_free+0x1a1/0x590\\n __sk_destruct+0x388/0x5a0\\n sk_psock_destroy+0x73e/0xa50\\n process_one_work+0x846/0x1420\\n worker_thread+0x5b3/0xf80\\n kthread+0x29e/0x360\\n ret_from_fork+0x2d/0x70\\n ret_from_fork_asm+0x1a/0x30\\n\\nThe bu\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Se corrige la competencia entre el reemplazo de elementos y close(). El reemplazo de elementos (con un socket diferente del almacenado) puede competir con el enlace de close() del socket, haciendo estallar y desvinculando el enlace. __sock_map_delete() anula la referencia incondicional del elemento (incorrecto): // establece map[0] = s0 map_update_elem(map, 0, s0) // elimina fd de s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // reemplaza map[0] con s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(\u0026amp;stab-\u0026gt;lock) osk = stab-\u0026gt;sks[idx] sock_map_add_link(..., \u0026amp;stab-\u0026gt;sks[idx]) sock_map_unref(osk, \u0026amp;stab-\u0026gt;sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) si (conteo_de_referencias_y_pruebas(\u0026amp;psock)) sk_psock_drop(sk, psock) desbloqueo_spin(\u0026amp;stab-\u0026gt;bloqueo) desbloqueo_sock(sk) __sock_map_delete bloqueo_spin(\u0026amp;stab-\u0026gt;bloqueo) sk = *psk // s1 reemplaz\u00f3 a s0; sk == s1 si (!sk_prueba || sk_prueba == sk) // sk_prueba (s0) != sk (s1); sin rama sk = xchg(psk, NULL) si (sk) sock_map_unref(sk, psk) // desreferenciar s1; sks[idx] dejar\u00e1 colgado psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(\u0026amp;stab-\u0026gt;lock) release_sock(sk) Luego close(map) pone en cola bpf_map_free_deferred, que finalmente llama a sock_map_free(). Esto da como resultado algunas advertencias refcount_t junto con un splat KASAN [1]. Corrija __sock_map_delete(), no permita sock_map_unref() en elementos que pueden haber sido reemplazados. [1]: ERROR: KASAN: slab-use-after-free en sock_map_free+0x10e/0x330 Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff88811f5b9100 por la tarea kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 No contaminado 6.12.0+ #125 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Cola de trabajo: events_unbound bpf_map_free_deferred Rastreo de llamadas:  dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 Asignado por la tarea 1202: pila de guardado kasan+0x1e/0x40 seguimiento de guardado kasan+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Liberado por la tarea 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 La librer\u00eda ---truncada---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"},{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"6.6.67\",\"matchCriteriaId\":\"54ED2956-6164-49A7-8D04-741D1A16289C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.6\",\"matchCriteriaId\":\"0CB1A9BB-F95E-43DD-A2FD-147912FD91E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A073481-106D-4B15-B4C7-FB0213B8E1D4\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/b015f19fedd2e12283a8450dd0aefce49ec57015\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b79a0d1e9a374d1b376933a354c4fcd01fce0365\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bf2318e288f636a882eea39f7e1015623629f168\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ed1fc5d76b81a4d681211333c026202cad4d5649\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.