cvelistv5 - cve-2024-50073

cve-2024-50073

Vulnerability from cvelistv5

Published

2024-10-29 00:50

Modified

2024-12-19 09:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: <TASK> gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm] __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389 update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500 __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846 __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161 gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107 __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm] ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195 ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79 __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338 __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805 tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 Allocated by task 65: gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm] gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm] gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm] gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm] tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391 tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39 flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445 process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229 worker_thread+0x3dc/0x950 kernel/workqueue.c:3391 kthread+0x2a3/0x370 kernel/kthread.c:389 ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257 Freed by task 3367: kfree+0x126/0x420 mm/slub.c:4580 gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 [Analysis] gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux can be freed by multi threads through ioctl,which leads to the occurrence of uaf. Protect it by gsm tx lock.

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a	Patch

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50073",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T14:26:06.514773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T14:58:34.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bf171b5e86e41de4c1cf32fb7aefa275c3d7de49",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c29f192e0d44cc1cbaf698fa1ff198f63556691a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0eec592c6a7460ba795d7de29f3dc95cb5422e62",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9462f4ca56e7d2430fdb6dcc8498244acbfc4489",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:32:28.994Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49"
        },
        {
          "url": "https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62"
        },
        {
          "url": "https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489"
        }
      ],
      "title": "tty: n_gsm: Fix use-after-free in gsm_cleanup_mux",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50073",
    "datePublished": "2024-10-29T00:50:15.219Z",
    "dateReserved": "2024-10-21T19:36:19.940Z",
    "dateUpdated": "2024-12-19T09:32:28.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50073\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-29T01:15:04.463\",\"lastModified\":\"2024-12-11T15:15:11.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\\n\\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\\ndrivers/tty/n_gsm.c:3160 [n_gsm]\\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\\nDesktop Reference Platform, BIOS 6.00 11/12/2020\\nCall Trace:\\n \u003cTASK\u003e\\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\\n\\nAllocated by task 65:\\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\\n kthread+0x2a3/0x370 kernel/kthread.c:389\\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\\n\\nFreed by task 3367:\\n kfree+0x126/0x420 mm/slub.c:4580\\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\\n\\n[Analysis]\\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\\ncan be freed by multi threads through ioctl,which leads\\nto the occurrence of uaf. Protect it by gsm tx lock.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: Fix use-after-free en gsm_cleanup_mux ERROR: KASAN: slab-use-after-free en gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88815fe99c00 por la tarea poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc No contaminado 6.11.0+ #56 Nombre del hardware: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/11/2020 Seguimiento de llamadas:  gsm_cleanup_mux+0x77b/0x7b0 controladores/tty/n_gsm.c:3160 [n_gsm] __pfx_gsm_cleanup_mux+0x10/0x10 controladores/tty/n_gsm.c:3124 [n_gsm] __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389 update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500 __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846 __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161 gsmld_ioctl+0x395/0x1450 controladores/tty/n_gsm.c:3408 [n_gsm] _raw_spin_lock_irqsave+0x92/0xf0 arquitectura/x86/include/asm/atomic.h:107 __pfx_gsmld_ioctl+0x10/0x10 controladores/tty/n_gsm.c:3822 [n_gsm] ktime_get+0x5e/0x140 n\u00facleo/tiempo/tiempo de mantenimiento.c:195 ldsem_down_read+0x94/0x4e0 arquitectura/x86/include/asm/atomic64_64.h:79 __pfx_ldsem_down_read+0x10/0x10 controladores/tty/tty_ldsem.c:338 __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805 tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 Asignado por la tarea 65: gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm] gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm] gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm] gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm] tty_ldisc_receive_buf+0x101/0x1e0 controladores/tty/tty_buffer.c:391 puerto_tty_default_receive_buf+0x61/0xa0 controladores/tty/tty_port.c:39 vaciado_a_ldisc+0x1b0/0x750 controladores/tty/tty_buffer.c:445 proceso_trabajos_programados+0x2b0/0x10d0 kernel/workqueue.c:3229 subproceso_trabajador+0x3dc/0x950 kernel/workqueue.c:3391 kthread+0x2a3/0x370 kernel/kthread.c:389 ret_de_la_bifurcaci\u00f3n+0x2d/0x70 arch/x86/kernel/process.c:147 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257 Liberado por la tarea 3367: kfree+0x126/0x420 mm/slub.c:4580 gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 [An\u00e1lisis] gsm_msg en tx_ctrl_list o tx_data_list de gsm_mux puede ser liberado por m\u00faltiples subprocesos a trav\u00e9s de ioctl, lo que lleva a la aparici\u00f3n de uaf. Prot\u00e9jalo con cerradura gsm tx.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.114\",\"matchCriteriaId\":\"CCCFB10D-CB4C-4D7A-BACF-D4AE755765D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.58\",\"matchCriteriaId\":\"6B9489BC-825E-4EEE-8D93-F93C801988C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.5\",\"matchCriteriaId\":\"6E62D61A-F704-44DB-A311-17B7534DA7BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50073\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-11T14:26:06.514773Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-11T14:26:07.764Z\"}}], \"cna\": {\"title\": \"tty: n_gsm: Fix use-after-free in gsm_cleanup_mux\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f4\", \"lessThan\": \"bf171b5e86e4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f4\", \"lessThan\": \"c29f192e0d44\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f4\", \"lessThan\": \"0eec592c6a74\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f4\", \"lessThan\": \"9462f4ca56e7\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/tty/n_gsm.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"6.1.114\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.58\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/tty/n_gsm.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49\"}, {\"url\": \"https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a\"}, {\"url\": \"https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62\"}, {\"url\": \"https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489\"}], \"x_generator\": {\"engine\": \"bippy-8e903de6a542\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\\n\\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\\ndrivers/tty/n_gsm.c:3160 [n_gsm]\\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\\nDesktop Reference Platform, BIOS 6.00 11/12/2020\\nCall Trace:\\n \u003cTASK\u003e\\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\\n\\nAllocated by task 65:\\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\\n kthread+0x2a3/0x370 kernel/kthread.c:389\\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\\n\\nFreed by task 3367:\\n kfree+0x126/0x420 mm/slub.c:4580\\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\\n\\n[Analysis]\\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\\ncan be freed by multi threads through ioctl,which leads\\nto the occurrence of uaf. Protect it by gsm tx lock.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-11-19T01:15:48.384Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-50073\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-11T14:58:34.728Z\", \"dateReserved\": \"2024-10-21T19:36:19.940Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-29T00:50:15.219Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2024-3289

Vulnerability from csaf_certbund

Published

2024-10-28 23:00

Modified

2025-01-09 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3289 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3289.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3289 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3289"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50068",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102930-CVE-2024-50068-2e3c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50069",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102933-CVE-2024-50069-fe0a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50070",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102934-CVE-2024-50070-1cc7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50071",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102934-CVE-2024-50071-6dd6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50072",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102934-CVE-2024-50072-14b5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50073",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102935-CVE-2024-50073-307b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50074",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102935-CVE-2024-50074-d44d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50075",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102935-CVE-2024-50075-81b7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50076",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50076-43f7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50077",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50077-2940@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50078",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50078-cfe9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50079",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50079-47af@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50080",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50080-72ba@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50081",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50081-f8d6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50082",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50082-c5b1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50083",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50083-539c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50084",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50084-daf1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50085",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50085-7800@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50086",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50086-8134@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50087",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50087-dd58@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50088",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50088-848b@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3986-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CIC23R3UQSPF2K4P2CX54TPCX5T7KWQG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3985-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KB6DG7QR5KXDQRV57H4IY2TB2LW42K4S/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3984-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L52VEDNTEHWEPR56WZN4KZNMEUYGCJX6/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14500-1 vom 2024-11-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2NO44GTYBSPPWKFDREFWHITK4XKTNVLP/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5818 vom 2024-11-24",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12868 vom 2024-12-09",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12868.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10944 vom 2024-12-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:10944"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10943 vom 2024-12-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:10943"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-10943 vom 2024-12-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-10943.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4316-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S4I5Z6ALCJLHTP25U3HMJHEXN4DR2USM/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4314-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SARXL66CQHD5VSFG5PUBNBVBPVFUN4KT/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4315-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LQPWDP54GSTHYCV4CTCOE67D2ANVPPUW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12884 vom 2024-12-17",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12884.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4364-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4367-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020025.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12887 vom 2024-12-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12887.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020028.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:10944 vom 2024-12-19",
        "url": "https://errata.build.resf.org/RLSA-2024:10944"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WFOJHFFEHK42VPQ6XLZWB77H5OEJ3FF4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WFOJHFFEHK42VPQ6XLZWB77H5OEJ3FF4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4387-1 vom 2024-12-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020032.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4008 vom 2025-01-03",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0035-1 vom 2025-01-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020070.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-077 vom 2025-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-077.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-060 vom 2025-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-060.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-09T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-10T09:17:42.019+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3289",
      "initial_release_date": "2024-10-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-17T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2024-11-24T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-12-09T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-12T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-15T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux, SUSE und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-02T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "16"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T008144",
              "product_identification_helper": {
                "cpe": "cpe:/a:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-50068",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50068"
    },
    {
      "cve": "CVE-2024-50069",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50069"
    },
    {
      "cve": "CVE-2024-50070",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50070"
    },
    {
      "cve": "CVE-2024-50071",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50071"
    },
    {
      "cve": "CVE-2024-50072",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50072"
    },
    {
      "cve": "CVE-2024-50073",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50073"
    },
    {
      "cve": "CVE-2024-50074",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50074"
    },
    {
      "cve": "CVE-2024-50075",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50075"
    },
    {
      "cve": "CVE-2024-50076",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50076"
    },
    {
      "cve": "CVE-2024-50077",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50077"
    },
    {
      "cve": "CVE-2024-50078",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50078"
    },
    {
      "cve": "CVE-2024-50079",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50079"
    },
    {
      "cve": "CVE-2024-50080",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50080"
    },
    {
      "cve": "CVE-2024-50081",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50081"
    },
    {
      "cve": "CVE-2024-50082",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50082"
    },
    {
      "cve": "CVE-2024-50083",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50083"
    },
    {
      "cve": "CVE-2024-50084",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50084"
    },
    {
      "cve": "CVE-2024-50085",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50085"
    },
    {
      "cve": "CVE-2024-50086",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50086"
    },
    {
      "cve": "CVE-2024-50087",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50087"
    },
    {
      "cve": "CVE-2024-50088",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50088"
    }
  ]
}

WID-SEC-W-2024-3289

Vulnerability from csaf_certbund

Published

2024-10-28 23:00

Modified

2025-01-09 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3289 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3289.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3289 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3289"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50068",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102930-CVE-2024-50068-2e3c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50069",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102933-CVE-2024-50069-fe0a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50070",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102934-CVE-2024-50070-1cc7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50071",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102934-CVE-2024-50071-6dd6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50072",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102934-CVE-2024-50072-14b5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50073",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102935-CVE-2024-50073-307b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50074",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102935-CVE-2024-50074-d44d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50075",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102935-CVE-2024-50075-81b7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50076",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50076-43f7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50077",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50077-2940@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50078",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50078-cfe9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50079",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50079-47af@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50080",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102936-CVE-2024-50080-72ba@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50081",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50081-f8d6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50082",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50082-c5b1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50083",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50083-539c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50084",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102937-CVE-2024-50084-daf1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50085",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50085-7800@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50086",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50086-8134@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50087",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50087-dd58@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-50088",
        "url": "https://lore.kernel.org/linux-cve-announce/2024102938-CVE-2024-50088-848b@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3986-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CIC23R3UQSPF2K4P2CX54TPCX5T7KWQG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3985-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KB6DG7QR5KXDQRV57H4IY2TB2LW42K4S/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3984-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L52VEDNTEHWEPR56WZN4KZNMEUYGCJX6/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14500-1 vom 2024-11-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2NO44GTYBSPPWKFDREFWHITK4XKTNVLP/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5818 vom 2024-11-24",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12868 vom 2024-12-09",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12868.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10944 vom 2024-12-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:10944"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10943 vom 2024-12-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:10943"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-10943 vom 2024-12-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-10943.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4316-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S4I5Z6ALCJLHTP25U3HMJHEXN4DR2USM/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4314-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SARXL66CQHD5VSFG5PUBNBVBPVFUN4KT/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4315-1 vom 2024-12-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LQPWDP54GSTHYCV4CTCOE67D2ANVPPUW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12884 vom 2024-12-17",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12884.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4364-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4367-1 vom 2024-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020025.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12887 vom 2024-12-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12887.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020028.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:10944 vom 2024-12-19",
        "url": "https://errata.build.resf.org/RLSA-2024:10944"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WFOJHFFEHK42VPQ6XLZWB77H5OEJ3FF4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4376-1 vom 2024-12-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WFOJHFFEHK42VPQ6XLZWB77H5OEJ3FF4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4387-1 vom 2024-12-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020032.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4008 vom 2025-01-03",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0035-1 vom 2025-01-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020070.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-077 vom 2025-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-077.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-060 vom 2025-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-060.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-09T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-10T09:17:42.019+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3289",
      "initial_release_date": "2024-10-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-17T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2024-11-24T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-12-09T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-12T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-15T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux, SUSE und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-02T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "16"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T008144",
              "product_identification_helper": {
                "cpe": "cpe:/a:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-50068",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50068"
    },
    {
      "cve": "CVE-2024-50069",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50069"
    },
    {
      "cve": "CVE-2024-50070",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50070"
    },
    {
      "cve": "CVE-2024-50071",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50071"
    },
    {
      "cve": "CVE-2024-50072",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50072"
    },
    {
      "cve": "CVE-2024-50073",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50073"
    },
    {
      "cve": "CVE-2024-50074",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50074"
    },
    {
      "cve": "CVE-2024-50075",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50075"
    },
    {
      "cve": "CVE-2024-50076",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50076"
    },
    {
      "cve": "CVE-2024-50077",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50077"
    },
    {
      "cve": "CVE-2024-50078",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50078"
    },
    {
      "cve": "CVE-2024-50079",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50079"
    },
    {
      "cve": "CVE-2024-50080",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50080"
    },
    {
      "cve": "CVE-2024-50081",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50081"
    },
    {
      "cve": "CVE-2024-50082",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50082"
    },
    {
      "cve": "CVE-2024-50083",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50083"
    },
    {
      "cve": "CVE-2024-50084",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50084"
    },
    {
      "cve": "CVE-2024-50085",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50085"
    },
    {
      "cve": "CVE-2024-50086",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50086"
    },
    {
      "cve": "CVE-2024-50087",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50087"
    },
    {
      "cve": "CVE-2024-50088",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in mehreren Komponenten und Subsystemen wie Bluetooth, btrfs oder ksmbd und anderen wegen mehrerer sicherheitsrelevanter Probleme wie einem user-after-free, einem Memory Leak oder einem Array out-of-bounds access und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "T008144"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-50088"
    }
  ]
}

fkie_cve-2024-50073

Vulnerability from fkie_nvd

Published

2024-10-29 01:15

Modified

2024-12-11 15:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.12
linux	linux_kernel	6.12
linux	linux_kernel	6.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCFB10D-CB4C-4D7A-BACF-D4AE755765D9",
              "versionEndExcluding": "6.1.114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8",
              "versionEndExcluding": "6.6.58",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC",
              "versionEndExcluding": "6.11.5",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: Fix use-after-free en gsm_cleanup_mux ERROR: KASAN: slab-use-after-free en gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88815fe99c00 por la tarea poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc No contaminado 6.11.0+ #56 Nombre del hardware: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/11/2020 Seguimiento de llamadas:  gsm_cleanup_mux+0x77b/0x7b0 controladores/tty/n_gsm.c:3160 [n_gsm] __pfx_gsm_cleanup_mux+0x10/0x10 controladores/tty/n_gsm.c:3124 [n_gsm] __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389 update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500 __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846 __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161 gsmld_ioctl+0x395/0x1450 controladores/tty/n_gsm.c:3408 [n_gsm] _raw_spin_lock_irqsave+0x92/0xf0 arquitectura/x86/include/asm/atomic.h:107 __pfx_gsmld_ioctl+0x10/0x10 controladores/tty/n_gsm.c:3822 [n_gsm] ktime_get+0x5e/0x140 n\u00facleo/tiempo/tiempo de mantenimiento.c:195 ldsem_down_read+0x94/0x4e0 arquitectura/x86/include/asm/atomic64_64.h:79 __pfx_ldsem_down_read+0x10/0x10 controladores/tty/tty_ldsem.c:338 __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805 tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 Asignado por la tarea 65: gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm] gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm] gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm] gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm] tty_ldisc_receive_buf+0x101/0x1e0 controladores/tty/tty_buffer.c:391 puerto_tty_default_receive_buf+0x61/0xa0 controladores/tty/tty_port.c:39 vaciado_a_ldisc+0x1b0/0x750 controladores/tty/tty_buffer.c:445 proceso_trabajos_programados+0x2b0/0x10d0 kernel/workqueue.c:3229 subproceso_trabajador+0x3dc/0x950 kernel/workqueue.c:3391 kthread+0x2a3/0x370 kernel/kthread.c:389 ret_de_la_bifurcaci\u00f3n+0x2d/0x70 arch/x86/kernel/process.c:147 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257 Liberado por la tarea 3367: kfree+0x126/0x420 mm/slub.c:4580 gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 [An\u00e1lisis] gsm_msg en tx_ctrl_list o tx_data_list de gsm_mux puede ser liberado por m\u00faltiples subprocesos a trav\u00e9s de ioctl, lo que lleva a la aparici\u00f3n de uaf. Prot\u00e9jalo con cerradura gsm tx."
    }
  ],
  "id": "CVE-2024-50073",
  "lastModified": "2024-12-11T15:15:11.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-29T01:15:04.463",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ghsa-76p7-w946-wvch

Vulnerability from github

Published

2024-10-29 03:31

Modified

2024-11-01 18:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

tty: n_gsm: Fix use-after-free in gsm_cleanup_mux

BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm] __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389 update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500 __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846 __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161 gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107 __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm] ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195 ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79 __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338 __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805 tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818

Allocated by task 65: gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm] gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm] gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm] gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm] tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391 tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39 flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445 process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229 worker_thread+0x3dc/0x950 kernel/workqueue.c:3391 kthread+0x2a3/0x370 kernel/kthread.c:389 ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257

Freed by task 3367: kfree+0x126/0x420 mm/slub.c:4580 gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818

[Analysis] gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux can be freed by multi threads through ioctl,which leads to the occurrence of uaf. Protect it by gsm tx lock.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-50073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T01:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
  "id": "GHSA-76p7-w946-wvch",
  "modified": "2024-11-01T18:31:32Z",
  "published": "2024-10-29T03:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50073"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-50073

Vulnerability from cvelistv5

wid-sec-w-2024-3289

Vulnerability from csaf_certbund

WID-SEC-W-2024-3289

Vulnerability from csaf_certbund

fkie_cve-2024-50073

Vulnerability from fkie_nvd

ghsa-76p7-w946-wvch

Vulnerability from github

Tags

Sightings

Nomenclature