cve-2024-53142
Vulnerability from cvelistv5
Published
2024-12-06 09:37
Modified
2025-01-20 06:19
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar="A" # change to "\0" to properly zero terminate / pad magic="070701" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname="initramfs_test_fname_overrun" namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \ $magic $ino $mode $uid $gid $nlink $mtime $filesize \ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf "%.s${nilchar}" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a423bbbeaf9e3e20c4686501efd9b661fe834dbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/49d01e736c3045319e030d1e75fb983011abaca7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6983b8ac787b3add5571cda563574932a59a99bb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bb7ac96670ab1d8d681015f9d66e45dad579af4dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c509b1acbd867d9e09580fe059a924cb5825afb1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d3df9f26cff97beaa5643e551031795d5d5cddbe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e017671f534dd3f568db9e47b0583e853d2da9b5Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f892ddcf9f645380c358e73653cb0900f6bc9eb8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fb83b093f75806333b6f4ae29b158d2e0e3ec971Patch
Impacted products
Vendor Product Version
Linux Linux Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 Create a notification for this product.
   Linux Linux Version: 2.6.12
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "init/initramfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb7ac96670ab1d8d681015f9d66e45dad579af4d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c509b1acbd867d9e09580fe059a924cb5825afb1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d3df9f26cff97beaa5643e551031795d5d5cddbe",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6983b8ac787b3add5571cda563574932a59a99bb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f892ddcf9f645380c358e73653cb0900f6bc9eb8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1a423bbbeaf9e3e20c4686501efd9b661fe834db",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "49d01e736c3045319e030d1e75fb983011abaca7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fb83b093f75806333b6f4ae29b158d2e0e3ec971",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e017671f534dd3f568db9e47b0583e853d2da9b5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "init/initramfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninitramfs: avoid filename buffer overrun\n\nThe initramfs filename field is defined in\nDocumentation/driver-api/early-userspace/buffer-format.rst as:\n\n 37 cpio_file := ALGN(4) + cpio_header + filename + \"\\0\" + ALGN(4) + data\n...\n 55 ============= ================== =========================\n 56 Field name    Field size         Meaning\n 57 ============= ================== =========================\n...\n 70 c_namesize    8 bytes            Length of filename, including final \\0\n\nWhen extracting an initramfs cpio archive, the kernel\u0027s do_name() path\nhandler assumes a zero-terminated path at @collected, passing it\ndirectly to filp_open() / init_mkdir() / init_mknod().\n\nIf a specially crafted cpio entry carries a non-zero-terminated filename\nand is followed by uninitialized memory, then a file may be created with\ntrailing characters that represent the uninitialized memory. The ability\nto create an initramfs entry would imply already having full control of\nthe system, so the buffer overrun shouldn\u0027t be considered a security\nvulnerability.\n\nAppend the output of the following bash script to an existing initramfs\nand observe any created /initramfs_test_fname_overrunAA* path. E.g.\n  ./reproducer.sh | gzip \u003e\u003e /myinitramfs\n\nIt\u0027s easiest to observe non-zero uninitialized memory when the output is\ngzipped, as it\u0027ll overflow the heap allocated @out_buf in __gunzip(),\nrather than the initrd_start+initrd_size block.\n\n---- reproducer.sh ----\nnilchar=\"A\"\t# change to \"\\0\" to properly zero terminate / pad\nmagic=\"070701\"\nino=1\nmode=$(( 0100777 ))\nuid=0\ngid=0\nnlink=1\nmtime=1\nfilesize=0\ndevmajor=0\ndevminor=1\nrdevmajor=0\nrdevminor=0\ncsum=0\nfname=\"initramfs_test_fname_overrun\"\nnamelen=$(( ${#fname} + 1 ))\t# plus one to account for terminator\n\nprintf \"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\" \\\n\t$magic $ino $mode $uid $gid $nlink $mtime $filesize \\\n\t$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname\n\ntermpadlen=$(( 1 + ((4 - ((110 + $namelen) \u0026 3)) % 4) ))\nprintf \"%.s${nilchar}\" $(seq 1 $termpadlen)\n---- reproducer.sh ----\n\nSymlink filename fields handled in do_symlink() won\u0027t overrun past the\ndata segment, due to the explicit zero-termination of the symlink\ntarget.\n\nFix filename buffer overrun by aborting the initramfs FSM if any cpio\nentry doesn\u0027t carry a zero-terminator at the expected (name_len - 1)\noffset."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:19:40.153Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb7ac96670ab1d8d681015f9d66e45dad579af4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c509b1acbd867d9e09580fe059a924cb5825afb1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3df9f26cff97beaa5643e551031795d5d5cddbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/6983b8ac787b3add5571cda563574932a59a99bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f892ddcf9f645380c358e73653cb0900f6bc9eb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a423bbbeaf9e3e20c4686501efd9b661fe834db"
        },
        {
          "url": "https://git.kernel.org/stable/c/49d01e736c3045319e030d1e75fb983011abaca7"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb83b093f75806333b6f4ae29b158d2e0e3ec971"
        },
        {
          "url": "https://git.kernel.org/stable/c/e017671f534dd3f568db9e47b0583e853d2da9b5"
        }
      ],
      "title": "initramfs: avoid filename buffer overrun",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53142",
    "datePublished": "2024-12-06T09:37:03.035Z",
    "dateReserved": "2024-11-19T17:17:24.997Z",
    "dateUpdated": "2025-01-20T06:19:40.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53142\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-06T10:15:06.203\",\"lastModified\":\"2024-12-14T21:15:38.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ninitramfs: avoid filename buffer overrun\\n\\nThe initramfs filename field is defined in\\nDocumentation/driver-api/early-userspace/buffer-format.rst as:\\n\\n 37 cpio_file := ALGN(4) + cpio_header + filename + \\\"\\\\0\\\" + ALGN(4) + data\\n...\\n 55 ============= ================== =========================\\n 56 Field name    Field size         Meaning\\n 57 ============= ================== =========================\\n...\\n 70 c_namesize    8 bytes            Length of filename, including final \\\\0\\n\\nWhen extracting an initramfs cpio archive, the kernel\u0027s do_name() path\\nhandler assumes a zero-terminated path at @collected, passing it\\ndirectly to filp_open() / init_mkdir() / init_mknod().\\n\\nIf a specially crafted cpio entry carries a non-zero-terminated filename\\nand is followed by uninitialized memory, then a file may be created with\\ntrailing characters that represent the uninitialized memory. The ability\\nto create an initramfs entry would imply already having full control of\\nthe system, so the buffer overrun shouldn\u0027t be considered a security\\nvulnerability.\\n\\nAppend the output of the following bash script to an existing initramfs\\nand observe any created /initramfs_test_fname_overrunAA* path. E.g.\\n  ./reproducer.sh | gzip \u003e\u003e /myinitramfs\\n\\nIt\u0027s easiest to observe non-zero uninitialized memory when the output is\\ngzipped, as it\u0027ll overflow the heap allocated @out_buf in __gunzip(),\\nrather than the initrd_start+initrd_size block.\\n\\n---- reproducer.sh ----\\nnilchar=\\\"A\\\"\\t# change to \\\"\\\\0\\\" to properly zero terminate / pad\\nmagic=\\\"070701\\\"\\nino=1\\nmode=$(( 0100777 ))\\nuid=0\\ngid=0\\nnlink=1\\nmtime=1\\nfilesize=0\\ndevmajor=0\\ndevminor=1\\nrdevmajor=0\\nrdevminor=0\\ncsum=0\\nfname=\\\"initramfs_test_fname_overrun\\\"\\nnamelen=$(( ${#fname} + 1 ))\\t# plus one to account for terminator\\n\\nprintf \\\"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\\\" \\\\\\n\\t$magic $ino $mode $uid $gid $nlink $mtime $filesize \\\\\\n\\t$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname\\n\\ntermpadlen=$(( 1 + ((4 - ((110 + $namelen) \u0026 3)) % 4) ))\\nprintf \\\"%.s${nilchar}\\\" $(seq 1 $termpadlen)\\n---- reproducer.sh ----\\n\\nSymlink filename fields handled in do_symlink() won\u0027t overrun past the\\ndata segment, due to the explicit zero-termination of the symlink\\ntarget.\\n\\nFix filename buffer overrun by aborting the initramfs FSM if any cpio\\nentry doesn\u0027t carry a zero-terminator at the expected (name_len - 1)\\noffset.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: initramfs: evitar el desbordamiento del b\u00fafer del nombre de archivo El campo de nombre de archivo de initramfs se define en Documentation/driver-api/early-userspace/buffer-format.rst como: 37 cpio_file := ALGN(4) + cpio_header + filename + \\\"\\\\0\\\" + ALGN(4) + data ... 55 ============== =================== ========================== 56 Nombre de campo Tama\u00f1o del campo Significado 57 ============= =================== ========================== ... 70 c_namesize 8 bytes Longitud del nombre de archivo, final \\\\0 Al extraer un archivo cpio de initramfs, el manejador de ruta do_name() del n\u00facleo asume una ruta terminada en cero en @collected, pas\u00e1ndola directamente a filp_open() / init_mkdir() / init_mknod(). Si una entrada cpio especialmente dise\u00f1ada lleva un nombre de archivo que no termina en cero y es seguida por memoria no inicializada, entonces se puede crear un archivo con caracteres finales que representan la memoria no inicializada. La capacidad de crear una entrada initramfs implicar\u00eda ya tener control total del sistema, por lo que el desbordamiento del b\u00fafer no deber\u00eda considerarse una vulnerabilidad de seguridad. Adjunte la salida del siguiente script bash a un initramfs existente y observe cualquier ruta /initramfs_test_fname_overrunAA* creada. Por ejemplo, ./reproducer.sh | Es m\u00e1s f\u00e1cil observar memoria no inicializada distinta de cero cuando se comprime la salida, ya que desbordar\u00e1 el mont\u00f3n asignado @out_buf en __gunzip(), en lugar del bloque initrd_start+initrd_size. ---- reproducter.sh ---- nilchar=\\\"A\\\" # cambia a \\\"\\\\0\\\" para terminar correctamente en cero / rellenar magic=\\\"070701\\\" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname=\\\"initramfs_test_fname_overrun\\\" namelen=$(( ${#fname} + 1 )) # m\u00e1s uno para tener en cuenta el terminador printf \\\"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\\\" \\\\ $magic $ino $mode $uid $gid $nlink $mtime $filesize \\\\ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) \u0026amp; 3)) % 4) )) printf \\\"%.s${nilchar}\\\" $(seq 1 $termpadlen) ---- reproducer.sh ---- Los campos de nombre de archivo de enlace simb\u00f3lico manejados en do_symlink() no se desbordar\u00e1n m\u00e1s all\u00e1 del segmento de datos, debido a la terminaci\u00f3n expl\u00edcita en cero del objetivo del enlace simb\u00f3lico. Corrija el desbordamiento del b\u00fafer de nombre de archivo abortando el FSM initramfs si alguna entrada cpio no lleva un terminador en cero en el desplazamiento esperado (name_len - 1).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.12\",\"versionEndExcluding\":\"4.19.325\",\"matchCriteriaId\":\"FAEB49A0-3B16-46DF-AA21-AD4136295A41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"6.6.64\",\"matchCriteriaId\":\"D42B3E7C-85DF-4DBF-A6EC-E45F69FF2DCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.11\",\"matchCriteriaId\":\"21434379-192D-472F-9B54-D45E3650E893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.12\",\"versionEndExcluding\":\"6.12.2\",\"matchCriteriaId\":\"D8882B1B-2ABC-4838-AC1D-DBDBB5764776\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1a423bbbeaf9e3e20c4686501efd9b661fe834db\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/49d01e736c3045319e030d1e75fb983011abaca7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6983b8ac787b3add5571cda563574932a59a99bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bb7ac96670ab1d8d681015f9d66e45dad579af4d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c509b1acbd867d9e09580fe059a924cb5825afb1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d3df9f26cff97beaa5643e551031795d5d5cddbe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e017671f534dd3f568db9e47b0583e853d2da9b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f892ddcf9f645380c358e73653cb0900f6bc9eb8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb83b093f75806333b6f4ae29b158d2e0e3ec971\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.