SSA-265688

Vulnerability from csaf_siemens - Published: 2024-04-09 00:00 - Updated: 2026-05-12 00:00
Summary
SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Notes
Summary: Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
CVE-2021-4090
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2021-38202
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2021-47002
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2021-47107
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-121 - Stack-based Buffer Overflow
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2021-47316
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2022-38096
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2022-43945
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-131 - Incorrect Calculation of Buffer Size
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2022-48827
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2022-48828
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2022-48829
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE-253 - Incorrect Check of Function Return Value
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-1652
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-5678
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-606 - Unchecked Input for Loop Condition
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-6121
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-6129
6.5 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-6237
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-6817
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-6931
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-6932
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-28746
6.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-45898
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-47233
4.3 (Medium)
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-50781
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-52447
3.9 (Low)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-52458
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-52614
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2023-52620
2.5 (Low)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-0727
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-2511
3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-5535
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-9143
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-22099
6.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-23307
4.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-190 - Integer Overflow or Wraparound
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-23848
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-24857
4.6 (Medium)
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-24858
4.6 (Medium)
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-24859
4.6 (Medium)
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-25739
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26629
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-393 - Return of Wrong Status Code
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26642
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26643
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26651
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26659
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26787
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26810
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26812
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26816
6.0 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26820
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26851
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26852
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26855
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26859
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26861
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26863
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26870
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26872
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26875
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26877
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26878
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26880
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26882
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26883
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26884
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26885
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26889
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26891
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26894
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26895
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26897
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26898
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26901
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26903
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26906
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26907
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26920
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26923
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26925
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26934
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26935
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26937
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-617 - Reachable Assertion
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26950
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26951
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26958
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26960
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26961
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26973
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-457 - Use of Uninitialized Variable
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26974
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26982
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26988
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-26993
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27004
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27013
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27020
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27024
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27025
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27038
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27047
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27052
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27053
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27059
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-369 - Divide By Zero
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27065
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1287 - Improper Validation of Specified Type of Input
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27072
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27076
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27077
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27078
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27395
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27396
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27397
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27419
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27431
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27436
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-27437
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-33621
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-1287 - Improper Validation of Specified Type of Input
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-33847
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-34027
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35789
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35805
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35807
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35811
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35813
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-129 - Improper Validation of Array Index
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35815
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-237 - Improper Handling of Structural Elements
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35823
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35828
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35845
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35849
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35877
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-237 - Improper Handling of Structural Elements
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35884
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35886
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35888
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-457 - Use of Uninitialized Variable
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35893
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35895
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35896
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35897
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1287 - Improper Validation of Specified Type of Input
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35898
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35899
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35900
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1287 - Improper Validation of Specified Type of Input
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35902
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35905
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 - Improper Validation of Array Index
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35910
5.8 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE-665 - Improper Initialization
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35915
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35922
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-369 - Divide By Zero
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35925
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-369 - Divide By Zero
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35930
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35933
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35934
2.5 (Low)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35935
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35936
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-237 - Improper Handling of Structural Elements
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35940
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35944
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35950
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35955
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35958
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35960
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35962
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1284 - Improper Validation of Specified Quantity in Input
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35965
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35966
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35967
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35969
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35973
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35976
6.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35978
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35982
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35983
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35984
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35988
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-131 - Incorrect Calculation of Buffer Size
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35990
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35996
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-655 - Insufficient Psychological Acceptability
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-35997
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36004
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-404 - Improper Resource Shutdown or Release
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36005
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36006
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36007
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36008
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36020
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36270
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36286
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1287 - Improper Validation of Specified Type of Input
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36288
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36484
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36489
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36894
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36899
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36902
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36904
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36905
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-369 - Divide By Zero
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36916
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36929
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-237 - Improper Handling of Structural Elements
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36939
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-391 - Unchecked Error Condition
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36940
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-415 - Double Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36959
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-668 - Exposure of Resource to Wrong Sphere
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36974
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-36978
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-37356
6.6 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38381
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38547
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38552
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38558
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38559
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38560
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38565
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38567
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38578
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38579
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38587
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-129 - Improper Validation of Array Index
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38589
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38596
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38598
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38599
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38612
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-459 - Incomplete Cleanup
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38615
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38619
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38635
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38659
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38662
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-38780
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39468
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39482
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39489
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39493
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39502
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39503
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-39509
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40905
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40912
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40916
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40934
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE-404 - Improper Resource Shutdown or Release
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40941
4.1 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40942
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40945
6.8 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE-393 - Return of Wrong Status Code
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40958
4.0 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40959
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40960
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40961
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40971
4.0 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40978
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40980
5.9 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40984
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40993
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-40995
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-41000
5.9 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-190 - Integer Overflow or Wraparound
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-41004
5.9 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-41005
4.9 (Medium)
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-41006
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE-404 - Improper Resource Shutdown or Release
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-41016
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-41996
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-295 - Improper Certificate Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42070
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42082
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42090
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-833 - Deadlock
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42093
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42094
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42096
5.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42097
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42114
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42259
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-131 - Incorrect Calculation of Buffer Size
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42265
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42272
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42276
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42281
5.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42283
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42292
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42302
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42304
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42305
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42306
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-42312
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43828
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43830
6.6 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43834
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43856
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43858
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 - Improper Validation of Array Index
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43871
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43879
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43882
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43889
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43890
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-43893
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44935
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44944
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44948
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44960
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44987
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44989
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-44990
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-45016
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-45018
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-456 - Missing Initialization of a Variable
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46679
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46743
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46744
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46745
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46750
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-413 - Improper Resource Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46759
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46783
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-229 - Improper Handling of Values
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46854
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-46865
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47660
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-413 - Improper Resource Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47684
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47685
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47692
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47696
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47697
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47699
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47701
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47705
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47706
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47707
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47709
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-825 - Expired Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47710
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47713
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-664 - Improper Control of a Resource Through its Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47718
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47723
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47735
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47737
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-47747
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49851
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-459 - Incomplete Cleanup
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49889
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49890
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49892
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-369 - Divide By Zero
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49894
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 - Improper Validation of Array Index
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49900
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49902
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49903
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49930
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49938
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-824 - Access of Uninitialized Pointer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49944
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49948
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49949
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49952
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49955
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-672 - Operation on a Resource after Expiration or Release
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49973
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49977
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-49997
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50001
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-755 - Improper Handling of Exceptional Conditions
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50006
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-833 - Deadlock
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50008
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50010
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50015
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-665 - Improper Initialization
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50033
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50035
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50039
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50040
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-390 - Detection of Error Condition Without Action
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50044
3.3 (Low)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50045
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50046
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50058
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50095
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50121
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50127
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50131
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50134
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50142
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50148
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-459 - Incomplete Cleanup
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50150
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50151
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50153
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50188
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50205
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-369 - Divide By Zero
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50210
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50251
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-131 - Incorrect Calculation of Buffer Size
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50262
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50299
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50301
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-50302
3.3 (Low)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-53042
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-662 - Improper Synchronization
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-53057
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-53059
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-460 - Improper Cleanup on Thrown Exception
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-53101
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-53124
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-56631
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-56672
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57901
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-664 - Improper Control of a Resource Through its Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57902
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57913
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57929
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-672 - Operation on a Resource after Expiration or Release
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57940
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57948
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57951
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57977
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57979
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57981
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-57986
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58005
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58009
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58014
6.0 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58016
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58017
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 - Integer Overflow or Wraparound
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58020
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58051
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58058
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58063
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58071
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58072
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2024-58085
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-3198
3.3 (Low)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-5244
5.3 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-5245
5.3 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-7425
7.8 (High)
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-7545
5.3 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-116 - Improper Encoding or Escaping of Output
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-7546
5.3 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-8224
3.3 (Low)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-9230
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21638
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21639
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21640
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21647
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21648
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-789 - Memory Allocation with Excessive Size Value
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21653
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21664
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21666
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21669
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21678
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21683
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21692
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 - Improper Validation of Array Index
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21694
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21704
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21711
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 - Integer Overflow or Wraparound
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21719
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21726
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21727
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21728
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21735
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21744
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21745
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21753
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21756
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21760
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21761
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21762
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21763
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21764
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21765
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21772
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21776
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21787
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21795
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21796
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21806
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21814
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21826
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21835
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21844
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21846
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21858
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21859
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 - Improper Locking
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21862
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 - Use of Uninitialized Resource
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-21865
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-68160
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-69418
4.0 (Medium)
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-325 - Missing Cryptographic Step
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-69419
7.4 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-69420
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2025-69421
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-22795
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-22796
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-28387
7.0 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-28388
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-28389
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-28390
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
CVE-2026-31431
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-669 - Incorrect Resource Transfer Between Spheres
Affected products
Product Identifier Version Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
 vers:all/*
Mitigation
Mitigation
None Available
References
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1.\n\nSiemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
      },
      {
        "category": "self",
        "summary": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-265688.json"
      }
    ],
    "title": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1",
    "tracking": {
      "current_release_date": "2026-05-12T00:00:00.000Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-265688",
      "initial_release_date": "2024-04-09T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-04-09T00:00:00.000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-05-14T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added CVE-2024-2511"
        },
        {
          "date": "2024-07-09T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2024-5535"
        },
        {
          "date": "2024-11-12T00:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added CVE-2024-9143"
        },
        {
          "date": "2025-03-11T00:00:00.000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added CVE-2024-36484, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36916, CVE-2024-36929, CVE-2024-36939, CVE-2024-36940, CVE-2024-36959, CVE-2024-44987, CVE-2024-44989, CVE-2024-44990, CVE-2024-45016, CVE-2024-45018, CVE-2024-46679, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46750, CVE-2024-46759, CVE-2024-46783, CVE-2024-47660, CVE-2024-50299, CVE-2024-50301, CVE-2024-53101"
        },
        {
          "date": "2025-04-08T00:00:00.000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added CVE-2024-50302 (incl. product-specific impact description) and multiple other CVEs"
        },
        {
          "date": "2025-06-10T00:00:00.000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added 63 CVEs"
        },
        {
          "date": "2025-07-08T00:00:00.000Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added 71 CVEs"
        },
        {
          "date": "2025-08-12T00:00:00.000Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added 147 CVEs"
        },
        {
          "date": "2025-09-09T00:00:00.000Z",
          "legacy_version": "1.9",
          "number": "10",
          "summary": "Added 51 CVEs"
        },
        {
          "date": "2025-10-14T00:00:00.000Z",
          "legacy_version": "2.0",
          "number": "11",
          "summary": "Added CVE-2025-9230, CVE-2023-50781, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727"
        },
        {
          "date": "2026-02-10T00:00:00.000Z",
          "legacy_version": "2.1",
          "number": "12",
          "summary": "Added CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796"
        },
        {
          "date": "2026-05-12T00:00:00.000Z",
          "legacy_version": "2.2",
          "number": "13",
          "summary": "Added CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31431. Removed  CVE-2024-0584, CVE-2024-47672 (rejected)."
        }
      ],
      "status": "interim",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-4090",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-4090"
    },
    {
      "cve": "CVE-2021-38202",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-38202"
    },
    {
      "cve": "CVE-2021-47002",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "SUNRPC: null pointer dereference in svc_rqst_free(). When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scratch_page pointer will be dereferenced when calling put_page() in svc_rqst_free().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-47002"
    },
    {
      "cve": "CVE-2021-47107",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFSD: READDIR buffer overflow. If a client sends a READDIR count argument that is too small (say, zero), then the buffer size calculation in the new init_dirlist helper functions results in an underflow, allowing the XDR stream functions to write beyond the actual buffer. This calculation has always been suspect. NFSD has never sanity- checked the READDIR count argument, but the old entry encoders managed the problem correctly. With the commits below, entry encoding changed, exposing the underflow to the pointer arithmetic in xdr_reserve_space(). Modern NFS clients attempt to retrieve as much data as possible for each READDIR request.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-47107"
    },
    {
      "cve": "CVE-2021-47316",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfsd: NULL dereference in nfs3svc_encode_getaclres.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-47316"
    },
    {
      "cve": "CVE-2022-38096",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-38096"
    },
    {
      "cve": "CVE-2022-43945",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-43945"
    },
    {
      "cve": "CVE-2022-48827",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFSD: vulnerability caused by loff_t overflow on the server when a client reads near the maximum offset, causing the server to return an EINVAL error, which the client retries indefinitely, instead of handling out-of-range READ requests by returning a short result with an EOF flag.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-48827"
    },
    {
      "cve": "CVE-2022-48828",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFSD: Vulnerability caused by an underflow in ia_size due to a mismatch between signed and unsigned 64-bit file size values, which can cause issues when handling large file sizes from NFS clients.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-48828"
    },
    {
      "cve": "CVE-2022-48829",
      "cwe": {
        "id": "CWE-253",
        "name": "Incorrect Check of Function Return Value"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64_max, leading to unexpected behavior and potential data corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-48829"
    },
    {
      "cve": "CVE-2023-1652",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-1652"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-6121",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6121"
    },
    {
      "cve": "CVE-2023-6129",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.\r\n\r\nIf an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences.\r\n\r\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions.\r\n\r\nThe consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service.\r\n\r\nThe POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However\r\nwe are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2023-6237",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Checking excessively long invalid RSA public keys may take a long time. Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6237"
    },
    {
      "cve": "CVE-2023-6817",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6817"
    },
    {
      "cve": "CVE-2023-6931",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6931"
    },
    {
      "cve": "CVE-2023-6932",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6932"
    },
    {
      "cve": "CVE-2023-28746",
      "cwe": {
        "id": "CWE-1342",
        "name": "Information Exposure through Microarchitectural State after Transient Execution"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-28746"
    },
    {
      "cve": "CVE-2023-45898",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-45898"
    },
    {
      "cve": "CVE-2023-47233",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-47233"
    },
    {
      "cve": "CVE-2023-50781",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-50781"
    },
    {
      "cve": "CVE-2023-52447",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bpf: Defer the free of inner map when necessary when updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put(), if the ref-counter is the last one (which is true for most cases), the inner map will be freed by ops-\u003emap_free() in a kworker. But for now, most .map_free() callbacks don\u0027t use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period, so after the invocation of ops-\u003emap_free completes, the bpf program which is accessing the inner map may incur use-after-free vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-52447"
    },
    {
      "cve": "CVE-2023-52458",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: add check that partition length needs to be aligned with block size",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-52458"
    },
    {
      "cve": "CVE-2023-52614",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPM / devfreq: Fix buffer overflow in trans_stat_show",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-52614"
    },
    {
      "cve": "CVE-2023-52620",
      "cwe": {
        "id": "CWE-99",
        "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow timeout for anonymous sets\r\n\r\nNever used from userspace, disallow these parameters.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-52620"
    },
    {
      "cve": "CVE-2024-0727",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-2511",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-2511"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-9143",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Use of the low-level GF(2m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2m)) curves that can\u0027t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2024-22099",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-22099"
    },
    {
      "cve": "CVE-2024-23307",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-23307"
    },
    {
      "cve": "CVE-2024-23848",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-23848"
    },
    {
      "cve": "CVE-2024-24857",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-24857"
    },
    {
      "cve": "CVE-2024-24858",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-24858"
    },
    {
      "cve": "CVE-2024-24859",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-24859"
    },
    {
      "cve": "CVE-2024-25739",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-\u003eleb_size.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-25739"
    },
    {
      "cve": "CVE-2024-26629",
      "cwe": {
        "id": "CWE-393",
        "name": "Return of Wrong Status Code"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfsd: The test on so_count in nfsd4_release_lockowner() is potentially harmful. It can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26629"
    },
    {
      "cve": "CVE-2024-26642",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow anonymous set with timeout flag",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26642"
    },
    {
      "cve": "CVE-2024-26643",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26643"
    },
    {
      "cve": "CVE-2024-26651",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "sr9800: Local Denial of Service Vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26651"
    },
    {
      "cve": "CVE-2024-26659",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "xhci: isoc Babble and Buffer Overrun events are not handled properly.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26659"
    },
    {
      "cve": "CVE-2024-26787",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mmc: mmci: stm32: Fixed issue with overlapping mappings in the DMA API.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26787"
    },
    {
      "cve": "CVE-2024-26810",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Lock external INTx masking ops",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26810"
    },
    {
      "cve": "CVE-2024-26812",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Create persistent INTx handler",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26812"
    },
    {
      "cve": "CVE-2024-26816",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "x86, relocs: relocations in .notes section. When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the \"startup_xen\" entry point.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26816"
    },
    {
      "cve": "CVE-2024-26820",
      "cwe": {
        "id": "CWE-99",
        "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26820"
    },
    {
      "cve": "CVE-2024-26851",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26851"
    },
    {
      "cve": "CVE-2024-26852",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/ipv6: possible UAF in ip6_route_mpath_notify().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26852"
    },
    {
      "cve": "CVE-2024-26855",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26855"
    },
    {
      "cve": "CVE-2024-26859",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/bnx2x: Race condition leading to system crash during EEH error handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26859"
    },
    {
      "cve": "CVE-2024-26861",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wireguard: receive: data-race around receiving_counter.counter.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26861"
    },
    {
      "cve": "CVE-2024-26863",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26863"
    },
    {
      "cve": "CVE-2024-26870",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26870"
    },
    {
      "cve": "CVE-2024-26872",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RDMA/srpt: use-after-free Write in srpt_refresh_port().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26872"
    },
    {
      "cve": "CVE-2024-26875",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "media: pvrusb2: fix uaf in pvr2_context_set_notify.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26875"
    },
    {
      "cve": "CVE-2024-26877",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "crypto: xilinx - call finalize with bh disabled.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26877"
    },
    {
      "cve": "CVE-2024-26878",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26878"
    },
    {
      "cve": "CVE-2024-26880",
      "cwe": {
        "id": "CWE-99",
        "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26880"
    },
    {
      "cve": "CVE-2024-26882",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26882"
    },
    {
      "cve": "CVE-2024-26883",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bpf: Fix stackmap overflow check on 32-bit arches.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26883"
    },
    {
      "cve": "CVE-2024-26884",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bpf: Fix hashtab overflow check on 32-bit arches.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26884"
    },
    {
      "cve": "CVE-2024-26885",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\r\n\r\nThe devmap code allocates a number hash buckets equal to the next power\r\nof two of the max_entries value provided when creating the map. When\r\nrounding up to the next power of two, the 32-bit variable storing the\r\nnumber of buckets can overflow, and the code checks for overflow by\r\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\r\narches the rounding up itself can overflow mid-way through, because it\r\nends up doing a left-shift of 32 bits on an unsigned long value. If the\r\nsize of an unsigned long is four bytes, this is undefined behaviour, so\r\nthere is no guarantee that we\u0027ll end up with a nice and tidy 0-value at\r\nthe end.\r\n\r\nSyzbot managed to turn this into a crash on arm32 by creating a\r\nDEVMAP_HASH with max_entries \u003e 0x80000000 and then trying to update it.\r\nFix this by moving the overflow check to before the rounding up\r\noperation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26885"
    },
    {
      "cve": "CVE-2024-26889",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: hci_core: Fix possible buffer overflow.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26889"
    },
    {
      "cve": "CVE-2024-26891",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "iommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26891"
    },
    {
      "cve": "CVE-2024-26894",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26894"
    },
    {
      "cve": "CVE-2024-26895",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26895"
    },
    {
      "cve": "CVE-2024-26897",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26897"
    },
    {
      "cve": "CVE-2024-26898",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26898"
    },
    {
      "cve": "CVE-2024-26901",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26901"
    },
    {
      "cve": "CVE-2024-26903",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: rfcomm: Fixed null-ptr-deref in rfcomm_check_security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26903"
    },
    {
      "cve": "CVE-2024-26906",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26906"
    },
    {
      "cve": "CVE-2024-26907",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RDMA/mlx5: Fixed fortify source warning while accessing Eth segment.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26907"
    },
    {
      "cve": "CVE-2024-26920",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing/trigger: Fix to return error if failed to alloc snapshot",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26920"
    },
    {
      "cve": "CVE-2024-26923",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26923"
    },
    {
      "cve": "CVE-2024-26925",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26925"
    },
    {
      "cve": "CVE-2024-26934",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nUSB: core: Fix deadlock in usb_deauthorize_interface()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26934"
    },
    {
      "cve": "CVE-2024-26935",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: core: Fix unremoved procfs host directory regression",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26935"
    },
    {
      "cve": "CVE-2024-26937",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/i915/gt: Reset queue_priority_hint on parking",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26937"
    },
    {
      "cve": "CVE-2024-26950",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: access device through ctx instead of peer",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26950"
    },
    {
      "cve": "CVE-2024-26951",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: check for dangling peer via is_dead instead of empty list",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26951"
    },
    {
      "cve": "CVE-2024-26958",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfs: fix UAF in direct writes",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26958"
    },
    {
      "cve": "CVE-2024-26960",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm: swap: fix race between free_swap_and_cache() and swapoff()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26960"
    },
    {
      "cve": "CVE-2024-26961",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: fix llsec key resources release in mac802154_llsec_key_del",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26961"
    },
    {
      "cve": "CVE-2024-26973",
      "cwe": {
        "id": "CWE-457",
        "name": "Use of Uninitialized Variable"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26973"
    },
    {
      "cve": "CVE-2024-26974",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: qat - resolve race condition during AER recovery",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26974"
    },
    {
      "cve": "CVE-2024-26982",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\nSquashfs: check the inode number is not the invalid value of zero",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26982"
    },
    {
      "cve": "CVE-2024-26988",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ninit/main.c: Fix potential static_command_line memory overflow",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26988"
    },
    {
      "cve": "CVE-2024-26993",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26993"
    },
    {
      "cve": "CVE-2024-27004",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: Get runtime PM before walking tree during disable_unused",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27004"
    },
    {
      "cve": "CVE-2024-27013",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntun: limit printing rate when illegal packet received by tun dev\r\n\r\nvhost_worker will call tun call backs to receive packets. If too many\r\nillegal packets arrives, tun_do_read will keep dumping packet contents.\r\nWhen console is enabled, it will costs much more cpu time to dump\r\npacket and soft lockup will be detected.\r\n\r\nnet_ratelimit mechanism can be used to limit the dumping rate.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27013"
    },
    {
      "cve": "CVE-2024-27020",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in nft_expr_type_get().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27020"
    },
    {
      "cve": "CVE-2024-27024",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in the Linux kernel: net/rds: WARNING in rds_conn_connect_if_down If connection isn\u0027t established yet, get_mr() will fail, trigger connection after get_mr().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27024"
    },
    {
      "cve": "CVE-2024-27025",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in Linux kernel: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27025"
    },
    {
      "cve": "CVE-2024-27038",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in Linux kernel: clk: clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw-\u003ecore. Prior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based clk_lookups\") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27038"
    },
    {
      "cve": "CVE-2024-27047",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerablity in Linux kernel: net: phy: phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to \"unable to handle kernel NULL pointer dereference at virtual address 0\".",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27047"
    },
    {
      "cve": "CVE-2024-27052",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in Linux kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27052"
    },
    {
      "cve": "CVE-2024-27053",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in the Linux kernel: wifi: wilc1000: RCU usage in connect path",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27053"
    },
    {
      "cve": "CVE-2024-27059",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n\nThe isd200 sub-driver in usb-storage uses the HEADS and SECTORS values\nin the ATA ID information to calculate cylinder and head values when\ncreating a CDB for READ or WRITE commands.  The calculation involves\ndivision and modulus operations, which will cause a crash if either of\nthese values is 0.  While this never happens with a genuine device, it\ncould happen with a flawed or subversive emulation, as reported by the\nsyzbot fuzzer.\n\nProtect against this possibility by refusing to bind to the device if\neither the ATA_ID_HEADS or ATA_ID_SECTORS value in the device\u0027s ID\ninformation is 0.  This requires isd200_Initialization() to return a\nnegative error code when initialization fails; currently it always\nreturns 0 (even when there is an error).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27059"
    },
    {
      "cve": "CVE-2024-27065",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27065"
    },
    {
      "cve": "CVE-2024-27072",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: usbtv: Remove useless locks in usbtv_video_free()\r\n\r\nRemove locks calls in usbtv_video_free() because\r\nare useless and may led to a deadlock as reported here:\r\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\r\nAlso remove usbtv_stop() call since it will be called when\r\nunregistering the device.\r\n\r\nBefore \u0027c838530d230b\u0027 this issue would only be noticed if you\r\ndisconnect while streaming and now it is noticeable even when\r\ndisconnecting while not streaming.\r\n\r\n\r\n[hverkuil: fix minor spelling mistake in log message]",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27072"
    },
    {
      "cve": "CVE-2024-27076",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in the Linux kernel: media: imx: csc/scaler: v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27076"
    },
    {
      "cve": "CVE-2024-27077",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in Linux kernel: media: v4l2-mem2mem: a memleak in v4l2_m2m_register_entity The entity-\u003ename (i.e. name) is allocated in v4l2_m2m_register_entity but isn\u0027t freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity-\u003ename.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27077"
    },
    {
      "cve": "CVE-2024-27078",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in Linux kernel: media: v4l2-tpg: some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27078"
    },
    {
      "cve": "CVE-2024-27395",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27395"
    },
    {
      "cve": "CVE-2024-27396",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27396"
    },
    {
      "cve": "CVE-2024-27397",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: use timestamp to check for set element timeout\r\n\r\nAdd a timestamp field at the beginning of the transaction, store it\r\nin the nftables per-netns area.\r\n\r\nUpdate set backend .insert, .deactivate and sync gc path to use the\r\ntimestamp, this avoids that an element expires while control plane\r\ntransaction is still unfinished.\r\n\r\n.lookup and .update, which are used from packet path, still use the\r\ncurrent time to check if the element has expired. And .get path and dump\r\nalso since this runs lockless under rcu read size lock. Then, there is\r\nasync gc which also needs to check the current time since it runs\r\nasynchronously from a workqueue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27397"
    },
    {
      "cve": "CVE-2024-27419",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netrom: data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27419"
    },
    {
      "cve": "CVE-2024-27431",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don\u0027t initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md-\u003erx_queue_index value for XDP programs running in a cpumap. This means we\u0027re basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27431"
    },
    {
      "cve": "CVE-2024-27436",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27436"
    },
    {
      "cve": "CVE-2024-27437",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag.  This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-27437"
    },
    {
      "cve": "CVE-2024-33621",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-\u003esk in ipvlan_process_v4 / 6_outbound.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-33621"
    },
    {
      "cve": "CVE-2024-33847",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "f2fs: compress: Released compress inode f2fs image may be corrupted. The reason is partial truncation assume compressed inode has reserved blocks, after partial truncation, valid block count may change w/o .i_blocks and .total_valid_block_count update, resulting in corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-33847"
    },
    {
      "cve": "CVE-2024-34027",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "f2fs: compress: filesystem metadata including blkaddr in dnode, inode fields and .total_valid_block_count may be corrupted after SPO case.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-34027"
    },
    {
      "cve": "CVE-2024-35789",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes\r\n\r\nWhen moving a station out of a VLAN and deleting the VLAN afterwards, the\r\nfast_rx entry still holds a pointer to the VLAN\u0027s netdev, which can cause\r\nuse-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx\r\nafter the VLAN change.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35789"
    },
    {
      "cve": "CVE-2024-35805",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm snapshot: fix lockup in dm_exception_table_exit\r\n\r\nThere was reported lockup when we exit a snapshot with many exceptions.\r\nFix this by adding \"cond_resched\" to the loop that frees the exceptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35805"
    },
    {
      "cve": "CVE-2024-35807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35807"
    },
    {
      "cve": "CVE-2024-35811",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35811"
    },
    {
      "cve": "CVE-2024-35813",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmmc: core: Avoid negative index with array access\r\n\r\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\r\nprev_idata = idatas[i - 1], but doesn\u0027t check that the iterator i is\r\ngreater than zero. Let\u0027s fix this by adding a check.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35813"
    },
    {
      "cve": "CVE-2024-35815",
      "cwe": {
        "id": "CWE-237",
        "name": "Improper Handling of Structural Elements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\r\n\r\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\r\nthat is not embedded inside struct aio_kiocb. With the current code,\r\ndepending on the compiler, the req-\u003eki_ctx read happens either before\r\nthe IOCB_AIO_RW test or after that test. Move the req-\u003eki_ctx read such\r\nthat it is guaranteed that the IOCB_AIO_RW test happens first.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35815"
    },
    {
      "cve": "CVE-2024-35823",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvt: fix unicode buffer corruption when deleting characters\r\n\r\nThis is the same issue that was fixed for the VGA text buffer in commit\r\n39cdb68c64d8 (\"vt: fix memory overlapping when deleting chars in the\r\nbuffer\"). The cure is also the same i.e. replace memcpy() with memmove()\r\ndue to the overlaping buffers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35823"
    },
    {
      "cve": "CVE-2024-35828",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35828"
    },
    {
      "cve": "CVE-2024-35845",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35845"
    },
    {
      "cve": "CVE-2024-35849",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35849"
    },
    {
      "cve": "CVE-2024-35877",
      "cwe": {
        "id": "CWE-237",
        "name": "Improper Handling of Structural Elements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/mm/pat: fix VM_PAT handling in COW mappings\r\n\r\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\r\nin fact, all PTEs) can be replaced during write faults to point at anon\r\nfolios.  Reliably recovering the correct PFN and cachemode using\r\nfollow_phys() from PTEs will not work in COW mappings.\r\n\r\nUsing follow_phys(), we might just get the address+protection of the anon\r\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\r\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\r\ntrack_pfn_copy(), not properly calling free_pfn_range().\r\n\r\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\r\nit with the wrong range, possibly leaking memory.\r\n\r\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\r\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\r\nif we run into that.\r\n\r\nWe will now properly handle untrack_pfn() with COW mappings, where we\r\ndon\u0027t need the cachemode.  We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\r\nthe first page was replaced by an anon folio, though: we\u0027d have to store\r\nthe cachemode in the VMA to make this work, likely growing the VMA size.\r\n\r\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\r\ncase: it would have failed in the past with swap/nonswap entries already,\r\nand it would have done the wrong thing with anon folios.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35877"
    },
    {
      "cve": "CVE-2024-35884",
      "cwe": {
        "id": "CWE-923",
        "name": "Improper Restriction of Communication Channel to Intended Endpoints"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudp: do not accept non-tunnel GSO skbs landing in a tunnel\r\n\r\nWhen rx-udp-gro-forwarding is enabled UDP packets might be GROed when\r\nbeing forwarded. If such packets might land in a tunnel this can cause\r\nvarious issues and udp_gro_receive makes sure this isn\u0027t the case by\r\nlooking for a matching socket. This is performed in\r\nudp4/6_gro_lookup_skb but only in the current netns. This is an issue\r\nwith tunneled packets when the endpoint is in another netns. In such\r\ncases the packets will be GROed at the UDP level, which leads to various\r\nissues later on. The same thing can happen with rx-gro-list.\r\n\r\nWe saw this with geneve packets being GROed at the UDP level. In such\r\ncase gso_size is set; later the packet goes through the geneve rx path,\r\nthe geneve header is pulled, the offset are adjusted and frag_list skbs\r\nare not adjusted with regard to geneve. When those skbs hit\r\nskb_fragment, it will misbehave. Different outcomes are possible\r\ndepending on what the GROed skbs look like; from corrupted packets to\r\nkernel crashes.\r\n\r\nOne example is a BUG_ON[1] triggered in skb_segment while processing the\r\nfrag_list. Because gso_size is wrong (geneve header was pulled)\r\nskb_segment thinks there is \"geneve header size\" of data in frag_list,\r\nalthough it\u0027s in fact the next packet. The BUG_ON itself has nothing to\r\ndo with the issue. This is only one of the potential issues.\r\n\r\nLooking up for a matching socket in udp_gro_receive is fragile: the\r\nlookup could be extended to all netns (not speaking about performances)\r\nbut nothing prevents those packets from being modified in between and we\r\ncould still not find a matching socket. It\u0027s OK to keep the current\r\nlogic there as it should cover most cases but we also need to make sure\r\nwe handle tunnel packets being GROed too early.\r\n\r\nThis is done by extending the checks in udp_unexpected_gso: GSO packets\r\nlacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must\r\nbe segmented.\r\n\r\n[1] kernel BUG at net/core/skbuff.c:4408!\r\n    RIP: 0010:skb_segment+0xd2a/0xf70\r\n    __udp_gso_segment+0xaa/0x560",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35884"
    },
    {
      "cve": "CVE-2024-35886",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: Fix infinite recursion in fib6_dump_done().\r\n\r\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\r\nnetlink socket destruction.\r\n\r\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\r\nthe response was generated.  The following recvmmsg() resumed the dump\r\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\r\nto the fault injection.\r\n\r\n  12:01:34 executing program 3:\r\n  r0 = socket$nl_route(0x10, 0x3, 0x0)\r\n  sendmsg$nl_route(r0, ... snip ...)\r\n  recvmmsg(r0, ... snip ...) (fail_nth: 8)\r\n\r\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\r\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3].  syzkaller stopped\r\nreceiving the response halfway through, and finally netlink_sock_destruct()\r\ncalled nlk_sk(sk)-\u003ecb.done().\r\n\r\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\r\nis still not NULL.  fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\r\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\r\nitself recursively and hitting the stack guard page.\r\n\r\nTo avoid the issue, let\u0027s set the destructor after kzalloc().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35886"
    },
    {
      "cve": "CVE-2024-35888",
      "cwe": {
        "id": "CWE-457",
        "name": "Use of Uninitialized Variable"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb-\u003ehead.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35888"
    },
    {
      "cve": "CVE-2024-35893",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: act_skbmod: prevent kernel-infoleak\r\n\r\nsyzbot found that tcf_skbmod_dump() was copying four bytes\r\nfrom kernel stack to user space.\r\n\r\nThe issue here is that \u0027struct tc_skbmod\u0027 has a four bytes hole.\r\n\r\nWe need to clear the structure before filling fields.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35893"
    },
    {
      "cve": "CVE-2024-35895",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(\u0026htab-\u003ebuckets[i].lock);\n                               local_irq_disable();\n                               lock(\u0026host-\u003elock);\n                               lock(\u0026htab-\u003ebuckets[i].lock);\n  \u003cInterrupt\u003e\n    lock(\u0026host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35895"
    },
    {
      "cve": "CVE-2024-35896",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: validate user input for expected length\r\n\r\nI got multiple syzbot reports showing old bugs exposed\r\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\r\nin cgroup/{s,g}etsockopt\")\r\n\r\nsetsockopt() @optlen argument should be taken into account\r\nbefore copying data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35896"
    },
    {
      "cve": "CVE-2024-35897",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\r\n\r\nHook unregistration is deferred to the commit phase, same occurs with\r\nhook updates triggered by the table dormant flag. When both commands are\r\ncombined, this results in deleting a basechain while leaving its hook\r\nstill registered in the core.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35897"
    },
    {
      "cve": "CVE-2024-35898",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\r\n\r\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\r\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\r\nAnd thhere is not any protection when iterate over nf_tables_flowtables\r\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\r\ndata-race of nf_tables_flowtables list entry.\r\n\r\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\r\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\r\nnft_flowtable_type_get() to protect the entire type query process.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35898"
    },
    {
      "cve": "CVE-2024-35899",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: flush pending destroy work before exit_net release\r\n\r\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\r\nwork before netlink notifier\") to address a race between exit_net and\r\nthe destroy workqueue.\r\n\r\nThe trace below shows an element to be released via destroy workqueue\r\nwhile exit_net path (triggered via module removal) has already released\r\nthe set that is used in such transaction.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35899"
    },
    {
      "cve": "CVE-2024-35900",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: reject new basechain after table flag update\r\n\r\nWhen dormant flag is toggled, hooks are disabled in the commit phase by\r\niterating over current chains in table (existing and new).\r\n\r\nThe following configuration allows for an inconsistent state:\r\n\r\n  add table x\r\n  add chain x y { type filter hook input priority 0; }\r\n  add table x { flags dormant; }\r\n  add chain x w { type filter hook input priority 1; }\r\n\r\nwhich triggers the following warning when trying to unregister chain w\r\nwhich is already unregistered.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35900"
    },
    {
      "cve": "CVE-2024-35902",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/rds: possible cp null dereference cp might be null, calling cp-\u003ecp_conn would produce null dereference. Cp is a parameter of __rds_rdma_map and is not reassigned.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35902"
    },
    {
      "cve": "CVE-2024-35905",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35905"
    },
    {
      "cve": "CVE-2024-35910",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to \u0027stop\u0027 the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held. This is the reason it uses sk_stop_timer(), aka del_timer(). This means that ongoing timers might finish much later. For user sockets, this is fine because each running timer holds a reference on the socket, and the user socket holds a reference on the netns. For kernel sockets, we risk that the netns is freed before timer can complete, because kernel sockets do not hold reference on the netns. This patch adds inet_csk_clear_xmit_timers_sync() function that using sk_stop_timer_sync() to make sure all timers are terminated before the kernel socket is released. Modules using kernel sockets close them in their netns exit() handler. Also add sock_not_owned_by_me() helper to get LOCKDEP support : inet_csk_clear_xmit_timers_sync() must not be called while socket lock is held. It is very possible we can revert in the future commit 3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\") which attempted to solve the issue in rds only. (net/smc/af_smc.c and net/mptcp/subflow.c have similar code) We probably can remove the check_net() tests from tcp_out_of_resources() and __tcp_close() in the future.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35910"
    },
    {
      "cve": "CVE-2024-35915",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35915"
    },
    {
      "cve": "CVE-2024-35922",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "fbmon: prevent division by zero in fb_videomode_from_videomode()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35922"
    },
    {
      "cve": "CVE-2024-35925",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "block: prevent division by zero in blk_rq_stat_sum()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35925"
    },
    {
      "cve": "CVE-2024-35930",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35930"
    },
    {
      "cve": "CVE-2024-35933",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: btintel: Fix null ptr deref in btintel_read_version",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35933"
    },
    {
      "cve": "CVE-2024-35934",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35934"
    },
    {
      "cve": "CVE-2024-35935",
      "cwe": {
        "id": "CWE-124",
        "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35935"
    },
    {
      "cve": "CVE-2024-35936",
      "cwe": {
        "id": "CWE-237",
        "name": "Improper Handling of Structural Elements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35936"
    },
    {
      "cve": "CVE-2024-35940",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "pstore/zone: Add a null pointer check to the psz_kmsg_read",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35940"
    },
    {
      "cve": "CVE-2024-35944",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35944"
    },
    {
      "cve": "CVE-2024-35950",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drm/client: Fully protect modes with dev-\u003emode_config.mutex",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35950"
    },
    {
      "cve": "CVE-2024-35955",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "kprobes: Fix possible use-after-free issue on kprobe registration",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35955"
    },
    {
      "cve": "CVE-2024-35958",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: ena: Fix incorrect descriptor free behavior",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35958"
    },
    {
      "cve": "CVE-2024-35960",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/mlx5: Properly link new fs rules into the tree",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35960"
    },
    {
      "cve": "CVE-2024-35962",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netfilter: complete validation of user input",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35962"
    },
    {
      "cve": "CVE-2024-35965",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: L2CAP: Fix not validating setsockopt user input\r\n\r\nCheck user input length before copying data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35965"
    },
    {
      "cve": "CVE-2024-35966",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: RFCOMM: Fix not validating setsockopt user input",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35966"
    },
    {
      "cve": "CVE-2024-35967",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: SCO: Fix not validating setsockopt user input",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35967"
    },
    {
      "cve": "CVE-2024-35969",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35969"
    },
    {
      "cve": "CVE-2024-35973",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "geneve: fix header validation in geneve_xmit_skb",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35973"
    },
    {
      "cve": "CVE-2024-35976",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "xsk: validate user input for XDP_UMEM|COMPLETION_FILL_RING",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35976"
    },
    {
      "cve": "CVE-2024-35978",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: Fix memory leak in hci_req_sync_complete()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35978"
    },
    {
      "cve": "CVE-2024-35982",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "batman-adv: Avoid infinite loop trying to resize local TT",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35982"
    },
    {
      "cve": "CVE-2024-35983",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35983"
    },
    {
      "cve": "CVE-2024-35984",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "i2c: smbus: fix NULL function pointer dereference",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35984"
    },
    {
      "cve": "CVE-2024-35988",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "summary",
          "text": "riscv: Fix TASK_SIZE on 64-bit NOMMU. On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G,\r\ncausing spurious failures in the userspace access routines.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35988"
    },
    {
      "cve": "CVE-2024-35990",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "dma: xilinx_dpdma: Fix locking",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35990"
    },
    {
      "cve": "CVE-2024-35996",
      "cwe": {
        "id": "CWE-655",
        "name": "Insufficient Psychological Acceptability"
      },
      "notes": [
        {
          "category": "summary",
          "text": "cpu: Re-enable CPU mitigations by default for !X86 architectures",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35996"
    },
    {
      "cve": "CVE-2024-35997",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-35997"
    },
    {
      "cve": "CVE-2024-36004",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "i40e: Do not use WQ_MEM_RECLAIM flag for workqueue",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36004"
    },
    {
      "cve": "CVE-2024-36005",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36005"
    },
    {
      "cve": "CVE-2024-36006",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix incorrect list API usage",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36006"
    },
    {
      "cve": "CVE-2024-36007",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\r\n\r\nAs previously explained, the rehash delayed work migrates filters from\r\none region to another. This is done by iterating over all chunks (all\r\nthe filters with the same priority) in the region and in each chunk\r\niterating over all the filters.\r\n\r\nWhen the work runs out of credits it stores the current chunk and entry\r\nas markers in the per-work context so that it would know where to resume\r\nthe migration from the next time the work is scheduled.\r\n\r\nUpon error, the chunk marker is reset to NULL, but without resetting the\r\nentry markers despite being relative to it. This can result in migration\r\nbeing resumed from an entry that does not belong to the chunk being\r\nmigrated. In turn, this will eventually lead to a chunk being iterated\r\nover as if it is an entry. Because of how the two structures happen to\r\nbe defined, this does not lead to KASAN splats, but to warnings such as.\r\n\r\nFix by creating a helper that resets all the markers and call it from\r\nall the places the currently only reset the chunk marker. For good\r\nmeasures also call it when starting a completely new rehash. Add a\r\nwarning to avoid future cases.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36007"
    },
    {
      "cve": "CVE-2024-36008",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv4: check for NULL idev in ip_route_use_hint()\r\n\r\nsyzbot was able to trigger a NULL deref in fib_validate_source()\r\nin an old tree.\r\n\r\nIt appears the bug exists in latest trees.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36008"
    },
    {
      "cve": "CVE-2024-36020",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni40e: fix vf may be used uninitialized in this function warning\r\n\r\nTo fix the regression introduced by commit 52424f974bc5, which causes\r\nservers hang in very hard to reproduce conditions with resets races.\r\nUsing two sources for the information is the root cause.\r\nIn this function before the fix bumping v didn\u0027t mean bumping vf\r\npointer. But the code used this variables interchangeably, so stale vf\r\ncould point to different/not intended vf.\r\n\r\nRemove redundant \"v\" variable and iterate via single VF pointer across\r\nwhole function instead to guarantee VF pointer validity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36020"
    },
    {
      "cve": "CVE-2024-36270",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36270"
    },
    {
      "cve": "CVE-2024-36286",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36286"
    },
    {
      "cve": "CVE-2024-36288",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token-\u003epages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f].",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36288"
    },
    {
      "cve": "CVE-2024-36484",
      "cwe": {
        "id": "CWE-99",
        "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36484"
    },
    {
      "cve": "CVE-2024-36489",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "tls: missing memory barrier in tls_init. In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36489"
    },
    {
      "cve": "CVE-2024-36894",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36894"
    },
    {
      "cve": "CVE-2024-36899",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\r\n\r\nThe use-after-free issue occurs as follows: when the GPIO chip device file\r\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\r\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\r\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\r\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\r\nread rwsem. Consequently, a race condition leads to the use-after-free of\r\nwatched_lines.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36899"
    },
    {
      "cve": "CVE-2024-36902",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Vulnerability in Linux kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36902"
    },
    {
      "cve": "CVE-2024-36904",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36904"
    },
    {
      "cve": "CVE-2024-36905",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36905"
    },
    {
      "cve": "CVE-2024-36916",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg-\u003edelay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027) CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: \u003cIRQ\u003e dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the \"delay = 0\" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36916"
    },
    {
      "cve": "CVE-2024-36929",
      "cwe": {
        "id": "CWE-237",
        "name": "Improper Handling of Structural Elements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36929"
    },
    {
      "cve": "CVE-2024-36939",
      "cwe": {
        "id": "CWE-391",
        "name": "Unchecked Error Condition"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 (\"Linux-2.6.12-rc2\"). Recently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs in net namespaces\") converted the procfs to per-netns and made the problem more visible. Even when rpc_proc_register() fails, nfs_net_init() could succeed, and thus nfs_net_exit() will be called while destroying the netns. Then, remove_proc_entry() will be called for non-existing proc directory and trigger the warning below. Let\u0027s handle the error of rpc_proc_register() properly in nfs_net_init(). [0]: name \u0027nfs\u0027 WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Modules linked in: CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8 FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: \u003cTASK\u003e rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310 nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438 ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170 setup_net+0x46c/0x660 net/core/net_namespace.c:372 copy_net_ns+0x244/0x590 net/core/net_namespace.c:505 create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228 ksys_unshare+0x342/0x760 kernel/fork.c:3322 __do_sys_unshare kernel/fork.c:3393 [inline] __se_sys_unshare kernel/fork.c:3391 [inline] __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x7f30d0febe5d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600 RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000 \u003c/TASK\u003e",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36939"
    },
    {
      "cve": "CVE-2024-36940",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The \"pctldev\" struct is allocated in devm_pinctrl_register_and_init(). It\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36940"
    },
    {
      "cve": "CVE-2024-36959",
      "cwe": {
        "id": "CWE-668",
        "name": "Exposure of Resource to Wrong Sphere"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36959"
    },
    {
      "cve": "CVE-2024-36974",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP. If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev-\u003enum_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36974"
    },
    {
      "cve": "CVE-2024-36978",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: sched: sch_multiq: possible OOB write in multiq_tune() q-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic after kmalloc. So the old q-\u003ebands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36978"
    },
    {
      "cve": "CVE-2024-37356",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-37356"
    },
    {
      "cve": "CVE-2024-38381",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev-\u003erx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38381"
    },
    {
      "cve": "CVE-2024-38547",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "media: atomisp: ssh_css: null-pointer dereference in load_video_binaries.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38547"
    },
    {
      "cve": "CVE-2024-38552",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index \u0027i\u0027 exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the transfer function points. If \u0027i\u0027 is out of bounds, an error message is logged and the function returns false to indicate an error.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38552"
    },
    {
      "cve": "CVE-2024-38558",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38558"
    },
    {
      "cve": "CVE-2024-38559",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38559"
    },
    {
      "cve": "CVE-2024-38560",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38560"
    },
    {
      "cve": "CVE-2024-38565",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their according types intact. Sadly, this patch has not been tested on real hardware.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38565"
    },
    {
      "cve": "CVE-2024-38567",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint, since it can switch types between bulk and interrupt, other endpoints are trusted implicitly. Similar warning is triggered in a couple of other syzbot issues [2].",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38567"
    },
    {
      "cve": "CVE-2024-38578",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ecryptfs: Fix buffer size for tag 66 packet The \u0027TAG 66 Packet Format\u0027 description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38578"
    },
    {
      "cve": "CVE-2024-38579",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38579"
    },
    {
      "cve": "CVE-2024-38587",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nspeakup: Fix sizeof() vs ARRAY_SIZE() bug\r\n\r\nThe \"buf\" pointer is an array of u16 values.  This code should be\r\nusing ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),\r\notherwise it can the still got out of bounds.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38587"
    },
    {
      "cve": "CVE-2024-38589",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38589"
    },
    {
      "cve": "CVE-2024-38596",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38596"
    },
    {
      "cve": "CVE-2024-38598",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38598"
    },
    {
      "cve": "CVE-2024-38599",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren\u0027t split into parts and spread across multiple eraseblocks, which means that a xattr node must not occupy more than one eraseblock. If the requested xattr value is too large, the xattr node can spill onto the next eraseblock, overwriting the nodes and causing errors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38599"
    },
    {
      "cve": "CVE-2024-38612",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn\u0027t called. This issue exist since commit 46738b1317e1 (\"ipv6: sr: add option to control lwtunnel support\"), and commit 5559cea2d5aa (\"ipv6: sr: fix possible use-after-free and null-ptr-deref\") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38612"
    },
    {
      "cve": "CVE-2024-38615",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "cpufreq: exit() callback is optional The exit() callback is optional and shouldn\u0027t be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn\u0027t present.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38615"
    },
    {
      "cve": "CVE-2024-38619",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "usb-storage: alauda: Check whether the media is initialized. The member \"uzonesize\" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38619"
    },
    {
      "cve": "CVE-2024-38635",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "soundwire: cadence: invalid PDI offset.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38635"
    },
    {
      "cve": "CVE-2024-38659",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38659"
    },
    {
      "cve": "CVE-2024-38662",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bpf: Allow delete from sockmap/sockhash only if update is allowed. We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don\u0027t intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38662"
    },
    {
      "cve": "CVE-2024-38780",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-38780"
    },
    {
      "cve": "CVE-2024-39468",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "smb: client: Deadlock in smb2_find_smb_tcon().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39468"
    },
    {
      "cve": "CVE-2024-39482",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bcache: Variable length array abuse in btree_iter.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39482"
    },
    {
      "cve": "CVE-2024-39489",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it\u0027s going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39489"
    },
    {
      "cve": "CVE-2024-39493",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call.  Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39493"
    },
    {
      "cve": "CVE-2024-39502",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ionic: use after netif_napi_del(). When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues\u0027 napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue\u0027 napi. Unused queues\u0027 napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn\u0027t distinguish whether the napi was unregistered or not because netif_napi_del() doesn\u0027t reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39502"
    },
    {
      "cve": "CVE-2024-39503",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netfilter: ipset: race between namespace cleanup and gc in the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39503"
    },
    {
      "cve": "CVE-2024-39509",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "HID: core: remove unnecessary WARN_ON() in implement(). There is a warning in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value \u0026= m; ... WARN_ON may be considered superfluous.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-39509"
    },
    {
      "cve": "CVE-2024-40905",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipv6: possible race in __fib6_drop_pcpu_from().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40905"
    },
    {
      "cve": "CVE-2024-40912",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: mac80211: deadlock in ieee80211_sta_ps_deliver_wakeup().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40912"
    },
    {
      "cve": "CVE-2024-40916",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40916"
    },
    {
      "cve": "CVE-2024-40934",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40934"
    },
    {
      "cve": "CVE-2024-40941",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation. In case the firmware sends a notification that claims it has more data than it has, it will read past that was allocated for the notification.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40941"
    },
    {
      "cve": "CVE-2024-40942",
      "cwe": {
        "id": "CWE-402",
        "name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40942"
    },
    {
      "cve": "CVE-2024-40945",
      "cwe": {
        "id": "CWE-393",
        "name": "Return of Wrong Status Code"
      },
      "notes": [
        {
          "category": "summary",
          "text": "iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn\u0027t cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40945"
    },
    {
      "cve": "CVE-2024-40958",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40958"
    },
    {
      "cve": "CVE-2024-40959",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40959"
    },
    {
      "cve": "CVE-2024-40960",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40960"
    },
    {
      "cve": "CVE-2024-40961",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40961"
    },
    {
      "cve": "CVE-2024-40971",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40971"
    },
    {
      "cve": "CVE-2024-40978",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "scsi: qedi: crash while reading debugfs attribute. The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40978"
    },
    {
      "cve": "CVE-2024-40980",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40980"
    },
    {
      "cve": "CVE-2024-40984",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40984"
    },
    {
      "cve": "CVE-2024-40993",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netfilter: ipset: suspicious rcu_dereference_protected().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40993"
    },
    {
      "cve": "CVE-2024-40995",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/sched: act_api: possible infinite loop in tcf_idr_check_alloc().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-40995"
    },
    {
      "cve": "CVE-2024-41000",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-41000"
    },
    {
      "cve": "CVE-2024-41004",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-41004"
    },
    {
      "cve": "CVE-2024-41005",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netpoll: race condition in netpoll_owner_active KCSAN detected a race condition in netpoll.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-41005"
    },
    {
      "cve": "CVE-2024-41006",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "netrom: a memory leak in nr_heartbeat_expiry().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-41006"
    },
    {
      "cve": "CVE-2024-41016",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\r\n\r\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space requested. It\u0027s better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-41016"
    },
    {
      "cve": "CVE-2024-41996",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-41996"
    },
    {
      "cve": "CVE-2024-42070",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42070"
    },
    {
      "cve": "CVE-2024-42082",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "xdp: unused WARN() in __xdp_reg_mem_model().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42082"
    },
    {
      "cve": "CVE-2024-42090",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "notes": [
        {
          "category": "summary",
          "text": "pinctrl: deadlock in create_pinctrl() when handling -EPROBE_DEFER. In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42090"
    },
    {
      "cve": "CVE-2024-42093",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/dpaa2: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42093"
    },
    {
      "cve": "CVE-2024-42094",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/iucv: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42094"
    },
    {
      "cve": "CVE-2024-42096",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42096"
    },
    {
      "cve": "CVE-2024-42097",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A missed validation vulnerability in the Linux Kernel\u0027s MIDI sequencer and router support functionality could allow a local user to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42097"
    },
    {
      "cve": "CVE-2024-42114",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42114"
    },
    {
      "cve": "CVE-2024-42259",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\r\n\r\nCalculating the size of the mapped area as the lesser value\r\nbetween the requested size and the actual size does not consider\r\nthe partial mapping offset. This can cause page fault access.\r\n\r\nFix the calculation of the starting and ending addresses, the\r\ntotal size is now deduced from the difference between the end and\r\nstart addresses.\r\n\r\nAdditionally, the calculations have been rewritten in a clearer\r\nand more understandable form.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42259"
    },
    {
      "cve": "CVE-2024-42265",
      "cwe": {
        "id": "CWE-99",
        "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nprotect the fetch of -\u003efd[fd] in do_dup2() from mispredictions\r\n\r\nboth callers have verified that fd is not greater than -\u003emax_fds;\r\nhowever, misprediction might end up with\r\n        tofree = fdt-\u003efd[fd];\r\nbeing speculatively executed.  That\u0027s wrong for the same reasons\r\nwhy it\u0027s wrong in close_fd()/file_close_fd_locked(); the same\r\nsolution applies - array_index_nospec(fd, fdt-\u003emax_fds) could differ\r\nfrom fd only in case of speculative execution on mispredicted path.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42265"
    },
    {
      "cve": "CVE-2024-42272",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "sched: act_ct: take care of padding in struct zones_ht_key.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42272"
    },
    {
      "cve": "CVE-2024-42276",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnvme-pci: add missing condition check for existence of mapped data\r\n\r\nnvme_map_data() is called when request has physical segments, hence\r\nthe nvme_unmap_data() should have same condition to avoid dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42276"
    },
    {
      "cve": "CVE-2024-42281",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix a segment issue when downgrading gso_size\r\n\r\nLinearize the skb when downgrading gso_size because it may trigger a\r\nBUG_ON() later when the skb is segmented as described in [1,2].",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42281"
    },
    {
      "cve": "CVE-2024-42283",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42283"
    },
    {
      "cve": "CVE-2024-42292",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nkobject_uevent: Fix OOB access within zap_modalias_env()\r\n\r\nzap_modalias_env() wrongly calculates size of memory block to move, so\r\nwill cause OOB memory access issue if variable MODALIAS is not the last\r\none within its @env parameter, fixed by correcting size to memmove.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42292"
    },
    {
      "cve": "CVE-2024-42302",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42302"
    },
    {
      "cve": "CVE-2024-42304",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: make sure the first directory block is not a hole",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42304"
    },
    {
      "cve": "CVE-2024-42305",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: check dot and dotdot of dx_root before making dir indexed",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42305"
    },
    {
      "cve": "CVE-2024-42306",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudf: Avoid using corrupted block bitmap buffer",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42306"
    },
    {
      "cve": "CVE-2024-42312",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsysctl: always initialize i_uid/i_gid\r\n\r\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\r\ncan safely skip setting them.\r\n\r\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\r\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\r\nset_ownership() was not implemented. It also missed adjusting\r\nnet_ctl_set_ownership() to use the same default values in case the\r\ncomputation of a better value failed.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-42312"
    },
    {
      "cve": "CVE-2024-43828",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the \u0027es\u0027 variable.\n\nBecause \u0027es\u0027 contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43828"
    },
    {
      "cve": "CVE-2024-43830",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nleds: trigger: Unregister sysfs attributes before calling deactivate()\r\n\r\nTriggers which have trigger specific sysfs attributes typically store\r\nrelated data in trigger-data allocated by the activate() callback and\r\nfreed by the deactivate() callback.\r\n\r\nCalling device_remove_groups() after calling deactivate() leaves a window\r\nwhere the sysfs attributes show/store functions could be called after\r\ndeactivation and then operate on the just freed trigger-data.\r\n\r\nMove the device_remove_groups() call to before deactivate() to close\r\nthis race window.\r\n\r\nThis also makes the deactivation path properly do things in reverse order\r\nof the activation path which calls the activate() callback before calling\r\ndevice_add_groups().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43830"
    },
    {
      "cve": "CVE-2024-43834",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nxdp: fix invalid wait context of page_pool_destroy()\r\n\r\nIf the driver uses a page pool, it creates a page pool with\r\npage_pool_create().\r\nThe reference count of page pool is 1 as default.\r\nA page pool will be destroyed only when a reference count reaches 0.\r\npage_pool_destroy() is used to destroy page pool, it decreases a\r\nreference count.\r\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\r\nmem_allocator_disconnect().\r\nThis function internally acquires mutex_lock().\r\n\r\nIf the driver uses XDP, it registers a memory model with\r\nxdp_rxq_info_reg_mem_model().\r\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\r\nreference count if a memory model is a page pool.\r\nNow the reference count is 2.\r\n\r\nTo destroy a page pool, the driver should call both page_pool_destroy()\r\nand xdp_unreg_mem_model().\r\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\r\nOnly page_pool_destroy() decreases a reference count.\r\n\r\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\r\nwill face an invalid wait context warning.\r\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\r\nrcu_read_lock().\r\nThe page_pool_destroy() internally acquires mutex_lock().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43834"
    },
    {
      "cve": "CVE-2024-43856",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43856"
    },
    {
      "cve": "CVE-2024-43858",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43858"
    },
    {
      "cve": "CVE-2024-43871",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43871"
    },
    {
      "cve": "CVE-2024-43879",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: cfg80211: Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to warning.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43879"
    },
    {
      "cve": "CVE-2024-43882",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "exec: the execution may gain unintended privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43882"
    },
    {
      "cve": "CVE-2024-43889",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "padata: vulnerability due to a possible divide-by-zero error in padata_mt_helper() during bootup, caused by an uninitialized chunk_size being zero.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43889"
    },
    {
      "cve": "CVE-2024-43890",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "tracing: vulnerability due to an overflow in get_free_elt(), which could lead to infinite loops and CPU hangs when the tracing map becomes full.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43890"
    },
    {
      "cve": "CVE-2024-43893",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "serial: core: vulnerability due to a missing check for uartclk being zero, leading to a potential divide-by-zero error when calling ioctl TIOCSSERIAL with an invalid baud_base.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-43893"
    },
    {
      "cve": "CVE-2024-44935",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "sctp: Fix null-ptr-deref in reuseport_add_sock(). A Null Pointer Dereference in reuseport_add_sock() while accessing sk2-\u003esk_reuseport_cb . The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2-\u003esk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44935"
    },
    {
      "cve": "CVE-2024-44944",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44944"
    },
    {
      "cve": "CVE-2024-44948",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/mtrr: Check if fixed MTRRs exist before saving them\r\n\r\nMTRRs have an obsolete fixed variant for fine grained caching control\r\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\r\na separate capability bit in the MTRR capability MSR.\r\n\r\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\r\nwent unnoticed that mtrr_save_state() does not check the capability bit\r\nbefore accessing the fixed MTRR MSRs.\r\n\r\nThough on a CPU that does not support the fixed MTRR capability this\r\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\r\nhandled gracefully, but results in a WARN_ON().\r\n\r\nAdd the missing capability check to prevent this.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44948"
    },
    {
      "cve": "CVE-2024-44960",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn\u0027t properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44960"
    },
    {
      "cve": "CVE-2024-44987",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44987"
    },
    {
      "cve": "CVE-2024-44989",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44989"
    },
    {
      "cve": "CVE-2024-44990",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-44990"
    },
    {
      "cve": "CVE-2024-45016",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-45016"
    },
    {
      "cve": "CVE-2024-45018",
      "cwe": {
        "id": "CWE-456",
        "name": "Missing Initialization of a Variable"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-45018"
    },
    {
      "cve": "CVE-2024-46679",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46679"
    },
    {
      "cve": "CVE-2024-46743",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46743"
    },
    {
      "cve": "CVE-2024-46744",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46744"
    },
    {
      "cve": "CVE-2024-46745",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46745"
    },
    {
      "cve": "CVE-2024-46750",
      "cwe": {
        "id": "CWE-413",
        "name": "Improper Resource Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46750"
    },
    {
      "cve": "CVE-2024-46759",
      "cwe": {
        "id": "CWE-124",
        "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46759"
    },
    {
      "cve": "CVE-2024-46783",
      "cwe": {
        "id": "CWE-229",
        "name": "Improper Handling of Values"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46783"
    },
    {
      "cve": "CVE-2024-46854",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: dpaa: Pad packets to ETH_ZLEN\r\n\r\nWhen sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running\r\n\r\n\t$ ping -s 11 destination",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46854"
    },
    {
      "cve": "CVE-2024-46865",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfou: fix initialization of grc\r\nThe grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-46865"
    },
    {
      "cve": "CVE-2024-47660",
      "cwe": {
        "id": "CWE-413",
        "name": "Improper Resource Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode-\u003ei_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47660"
    },
    {
      "cve": "CVE-2024-47684",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: check skb is non-NULL in tcp_rto_delta_us()\r\n\r\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\r\nkernel that are running ceph and recently hit a null ptr dereference in\r\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\r\nsaw it getting hit from the RACK case as well. Here are examples of the oops\r\nmessages we saw in each of those cases:\r\n\r\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\r\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\r\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\r\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\r\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\r\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\r\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\r\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\r\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\r\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\r\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\r\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\r\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\r\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\r\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\r\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\r\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\r\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\r\nJul 26 15:05:02 rx [11061395.919488]\r\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\r\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\r\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\r\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\r\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\r\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\r\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\r\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\r\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\r\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\r\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\r\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\r\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\r\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\r\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\r\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\r\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\r\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\r\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\r\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\r\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\r\n---truncated---",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47684"
    },
    {
      "cve": "CVE-2024-47685",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\r\n\r\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th-\u003eres1)\r\n\r\nUse skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put()\r\n\r\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n  nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n  nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n  nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n  expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n  nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n  nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n  nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n  nf_hook include/linux/netfilter.h:269 [inline]\r\n  NF_HOOK include/linux/netfilter.h:312 [inline]\r\n  ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\r\n  __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\r\n  process_backlog+0x4ad/0xa50 net/core/dev.c:6108\r\n  __napi_poll+0xe7/0x980 net/core/dev.c:6772\r\n  napi_poll net/core/dev.c:6841 [inline]\r\n  net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\r\n  handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\r\n  __do_softirq+0x14/0x1a kernel/softirq.c:588\r\n  do_softirq+0x9a/0x100 kernel/softirq.c:455\r\n  __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\r\n  local_bh_enable include/linux/bottom_half.h:33 [inline]\r\n  rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\r\n  __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\r\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\r\n  neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\r\n  neigh_output include/net/neighbour.h:542 [inline]\r\n  ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\r\n  __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\r\n  ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\r\n  NF_HOOK_COND include/linux/netfilter.h:303 [inline]\r\n  ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\r\n  dst_output include/net/dst.h:450 [inline]\r\n  NF_HOOK include/linux/netfilter.h:314 [inline]\r\n  ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\r\n  inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\r\n  __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\r\n  tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\r\n  tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\r\n  tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\r\n  __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\r\n  inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\r\n  __sys_connect_file net/socket.c:2061 [inline]\r\n  __sys_connect+0x606/0x690 net/socket.c:2078\r\n  __do_sys_connect net/socket.c:2088 [inline]\r\n  __se_sys_connect net/socket.c:2085 [inline]\r\n  __x64_sys_connect+0x91/0xe0 net/socket.c:2085\r\n  x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\r\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was stored to memory at:\r\n  nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\r\n  nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n  nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n  expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n  nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n  nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n  nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n  nf_hook include/linux/netfilter.h:269 [inline]\r\n  NF_HOOK include/linux/netfilter.h:312 [inline]\r\n  ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n  __netif_receive_skb_one_core\r\n---truncated---",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47685"
    },
    {
      "cve": "CVE-2024-47692",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: return -EINVAL when namelen is 0\r\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR.\r\nWhen we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered.\r\n\r\n[ T1205] ==================================================================\r\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\r\n[ T1205]\r\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\r\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\r\n[ T1205] Call Trace:\r\n[ T1205]  dump_stack+0x9a/0xd0\r\n[ T1205]  ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205]  __kasan_report.cold+0x34/0x84\r\n[ T1205]  ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205]  kasan_report+0x3a/0x50\r\n[ T1205]  nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205]  ? nfsd4_release_lockowner+0x410/0x410\r\n[ T1205]  cld_pipe_downcall+0x5ca/0x760\r\n[ T1205]  ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\r\n[ T1205]  ? down_write_killable_nested+0x170/0x170\r\n[ T1205]  ? avc_policy_seqno+0x28/0x40\r\n[ T1205]  ? selinux_file_permission+0x1b4/0x1e0\r\n[ T1205]  rpc_pipe_write+0x84/0xb0\r\n[ T1205]  vfs_write+0x143/0x520\r\n[ T1205]  ksys_write+0xc9/0x170\r\n[ T1205]  ? __ia32_sys_read+0x50/0x50\r\n[ T1205]  ? ktime_get_coarse_real_ts64+0xfe/0x110\r\n[ T1205]  ? ktime_get_coarse_real_ts64+0xa2/0x110\r\n[ T1205]  do_syscall_64+0x33/0x40\r\n[ T1205]  entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n[ T1205] RIP: 0033:0x7fdbdb761bc7\r\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\r\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\r\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\r\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\r\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\r\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\r\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\r\n[ T1205] ==================================================================",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47692"
    },
    {
      "cve": "CVE-2024-47696",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\r\n\r\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\"), the function flush_workqueue is invoked to flush the work queue iwcm_wq.\r\n\r\nBut at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\r\n\r\nBecause the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn\u0027t have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47696"
    },
    {
      "cve": "CVE-2024-47697",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\r\n\r\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access.\r\n\r\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access.\r\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47697"
    },
    {
      "cve": "CVE-2024-47699",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\r\n\r\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\r\n\r\nThis series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot.\r\n\r\n\r\nThis patch (of 3):\r\n\r\nIf a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if the number of child nodes of the b-tree root is 0, a NULL pointer dereference occurs in nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\r\n\r\nThis is because, when the number of child nodes of the b-tree root is 0, nilfs_btree_do_lookup() does not set the block buffer head in any of path[x].bp_bh, leaving it as the initial value of NULL, but if the level of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(), which accesses the buffer memory of path[x].bp_bh, is called.\r\n\r\nFix this issue by adding a check to nilfs_btree_root_broken(), which performs sanity checks when reading the root node from the device, to detect this inconsistency.\r\n\r\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause early on.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47699"
    },
    {
      "cve": "CVE-2024-47701",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47701"
    },
    {
      "cve": "CVE-2024-47705",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: fix potential invalid pointer dereference in blk_add_partition\r\n\r\nThe blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer.\r\n\r\nThis commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47705"
    },
    {
      "cve": "CVE-2024-47706",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\r\n\r\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\r\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\r\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\r\nstate, and set bfqq2-\u003ebic to BIC1.\r\n\r\nAllocated by task 20776:\r\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\r\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\r\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\r\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\r\n slab_post_alloc_hook mm/slab.h:763 [inline]\r\n slab_alloc_node mm/slub.c:3458 [inline]\r\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\r\n ioc_create_icq block/blk-ioc.c:370 [inline]\r\n---truncated---",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47706"
    },
    {
      "cve": "CVE-2024-47707",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipv6: A NULL dereference vulnerability may occur in rt6_uncached_list_flush_dev() due to the necessary check being removed by a previous commit.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47707"
    },
    {
      "cve": "CVE-2024-47709",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "can: bcm: A warning is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47709"
    },
    {
      "cve": "CVE-2024-47710",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "sock_map: vulnerability result of adding a cond_resched() in sock_hash_free() to prevent CPU soft lockups when destroying maps with a large number of buckets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47710"
    },
    {
      "cve": "CVE-2024-47713",
      "cwe": {
        "id": "CWE-664",
        "name": "Improper Control of a Resource Through its Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: mac80211: vulnerability caused by implementing a two-phase skb reclamation in ieee80211_do_stop() to avoid warnings and potential issues caused by calling __dev_queue_xmit() with interrupts disabled.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47713"
    },
    {
      "cve": "CVE-2024-47718",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: rtw88: vulnerability may lead to a use-after-free (UAF) error if firmware loading is not properly synchronized during USB initialization and disconnection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47718"
    },
    {
      "cve": "CVE-2024-47723",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\r\n\r\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount().\r\n\r\nAnd in dbNextAG(), a check for the case where agpref is greater than bmp-\u003edb_numag should be added, so an out-of-bounds exception should be prevented.\r\n\r\nAdditionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47723"
    },
    {
      "cve": "CVE-2024-47735",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RDMA/hns: missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47735"
    },
    {
      "cve": "CVE-2024-47737",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47737"
    },
    {
      "cve": "CVE-2024-47747",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition. In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-47747"
    },
    {
      "cve": "CVE-2024-49851",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49851"
    },
    {
      "cve": "CVE-2024-49889",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid use-after-free in ext4_ext_show_leaf()\r\n\r\nIn ext4_find_extent(), path may be freed by error or be reallocated, so\r\nusing a previously saved *ppath may have been freed and thus may trigger\r\nuse-after-free, as follows:\r\n\r\next4_split_extent\r\n  path = *ppath;\r\n  ext4_split_extent_at(ppath)\r\n  path = ext4_find_extent(ppath)\r\n  ext4_split_extent_at(ppath)\r\n    // ext4_find_extent fails to free path\r\n    // but zeroout succeeds\r\n  ext4_ext_show_leaf(inode, path)\r\n    eh = path[depth].p_hdr\r\n    // path use-after-free !!!\r\n\r\nSimilar to ext4_split_extent_at(), we use *ppath directly as an input to\r\next4_ext_show_leaf(). Fix a spelling error by the way.\r\n\r\nSame problem in ext4_ext_handle_unwritten_extents(). Since \u0027path\u0027 is only\r\nused in ext4_ext_show_leaf(), remove \u0027path\u0027 and use *ppath directly.\r\n\r\nThis issue is triggered only when EXT_DEBUG is defined and therefore does\r\nnot affect functionality.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49889"
    },
    {
      "cve": "CVE-2024-49890",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/pm: ensure the fw_info is not null before using it\r\n\r\nThis resolves the dereference null return value warning reported by Coverity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49890"
    },
    {
      "cve": "CVE-2024-49892",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\r\n\r\nVariables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y \u0026 bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0.\r\n\r\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49892"
    },
    {
      "cve": "CVE-2024-49894",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\r\n\r\nFixes index out of bounds issue in\r\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\r\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\r\npoints (TRANSFER_FUNC_POINTS).\r\n\r\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\r\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\r\nfalse to indicate an error.\r\n\r\nReported by smatch:\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49894"
    },
    {
      "cve": "CVE-2024-49900",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uninit-value access of new_ea in ea_buffer\r\n\r\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\r\n\r\n=====================================================\r\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\r\n\r\n...\r\n\r\nUninit was stored to memory at:\r\n ea_put fs/jfs/xattr.c:639 [inline]\r\n\r\n...\r\n\r\nLocal variable ea_buf created at:\r\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\r\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\r\n\r\n=====================================================\r\n\r\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\r\n\r\nFix this by using memset to empty its content at the beginning\r\nin ea_get().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49900"
    },
    {
      "cve": "CVE-2024-49902",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "jfs: vulnerability caused by assigning msm_gpu-\u003epdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49902"
    },
    {
      "cve": "CVE-2024-49903",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uaf in dbFreeBits\r\n\r\n[syzbot reported]\r\n==================================================================\r\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\r\n\r\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\r\nCall Trace:\r\n \u003cTASK\u003e\r\n __dump_stack lib/dump_stack.c:93 [inline]\r\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\r\n print_address_description mm/kasan/report.c:377 [inline]\r\n print_report+0x169/0x550 mm/kasan/report.c:488\r\n kasan_report+0x143/0x180 mm/kasan/report.c:601\r\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\r\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\r\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\r\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\r\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\r\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\r\n vfs_ioctl fs/ioctl.c:51 [inline]\r\n __do_sys_ioctl fs/ioctl.c:907 [inline]\r\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n\r\nFreed by task 5218:\r\n kasan_save_stack mm/kasan/common.c:47 [inline]\r\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\r\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\r\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\r\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\r\n kasan_slab_free include/linux/kasan.h:184 [inline]\r\n slab_free_hook mm/slub.c:2252 [inline]\r\n slab_free mm/slub.c:4473 [inline]\r\n kfree+0x149/0x360 mm/slub.c:4594\r\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\r\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\r\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\r\n reconfigure_super+0x445/0x880 fs/super.c:1083\r\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\r\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\r\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\r\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\n[Analysis]\r\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race condition when accessing bmap, which leads to the occurrence of uaf.\r\n\r\nUse the lock s_umount to synchronize them, in order to avoid uaf caused by race condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49903"
    },
    {
      "cve": "CVE-2024-49930",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49930"
    },
    {
      "cve": "CVE-2024-49938",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\r\n\r\nSyzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call.\r\n\r\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49938"
    },
    {
      "cve": "CVE-2024-49944",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start. In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49944"
    },
    {
      "cve": "CVE-2024-49948",
      "cwe": {
        "id": "CWE-124",
        "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49948"
    },
    {
      "cve": "CVE-2024-49949",
      "cwe": {
        "id": "CWE-124",
        "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49949"
    },
    {
      "cve": "CVE-2024-49952",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49952"
    },
    {
      "cve": "CVE-2024-49955",
      "cwe": {
        "id": "CWE-672",
        "name": "Operation on a Resource after Expiration or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nACPI: battery: Fix possible crash when unregistering a battery hook\r\n\r\nWhen a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered.\r\nHowever the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.\r\n\r\nFix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49955"
    },
    {
      "cve": "CVE-2024-49973",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "r8169: RTL8125 added fields to the tally counter, this change could cause the chip to perform Direct Memory Access on these new fields, potentially writing to unallocated memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49973"
    },
    {
      "cve": "CVE-2024-49977",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: stmmac: port_transmit_rate_kbps could be set to a value of 0, which is then passed to the \"div_s64\" function when tc-cbs is disabled. This leads to a zero-division error.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49977"
    },
    {
      "cve": "CVE-2024-49997",
      "cwe": {
        "id": "CWE-226",
        "name": "Sensitive Information in Resource Not Removed Before Reuse"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-49997"
    },
    {
      "cve": "CVE-2024-50001",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/mlx5: Fix error path in multi-packet WQE transmit\r\n\r\nRemove the erroneous unmap in case no DMA mapping was established\r\n\r\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can\u0027t allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq\u0027s FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.\r\n\r\nThe erroneous behavior was seen in a stress-test environment that created memory pressure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50001"
    },
    {
      "cve": "CVE-2024-50006",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50006"
    },
    {
      "cve": "CVE-2024-50008",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: mwifiex: memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50008"
    },
    {
      "cve": "CVE-2024-50010",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nexec: don\u0027t WARN for racy path_noexec check\r\n\r\nBoth i_mode and noexec checks wrapped in WARN_ON stem from an artifact\r\nof the previous implementation. They used to legitimately check for the\r\ncondition, but that got moved up in two commits:\r\n633fb6ac3980 (\"exec: move S_ISREG() check earlier\")\r\n0fd338b2d2cd (\"exec: move path_noexec() check earlier\")\r\n\r\nInstead of being removed said checks are WARN_ON\u0027ed instead, which has some debug value.\r\n\r\nHowever, the spurious path_noexec check is racy, resulting in unwarranted warnings should someone race with setting the noexec flag.\r\n\r\nOne can note there is more to perm-checking whether execve is allowed and none of the conditions are guaranteed to still hold after they were tested for.\r\n\r\nAdditionally this does not validate whether the code path did any perm checking to begin with -- it will pass if the inode happens to be regular.\r\n\r\nKeep the redundant path_noexec() check even though it\u0027s mindless nonsense checking for guarantee that isn\u0027t given so drop the WARN.\r\n\r\nReword the commentary and do small tidy ups while here.\r\n\r\n[brauner: keep redundant path_noexec() check]",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50010"
    },
    {
      "cve": "CVE-2024-50015",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ext4: dax: Overflowing extents beyond inode size when partially writing.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50015"
    },
    {
      "cve": "CVE-2024-50033",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nslip: make slhc_remember() more robust against malicious packets\r\n\r\nsyzbot found that slhc_remember() was missing checks against\r\nmalicious packets [1].\r\n\r\nslhc_remember() only checked the size of the packet was at least 20,\r\nwhich is not good enough.\r\n\r\nWe need to make sure the packet includes the IPv4 and TCP header\r\nthat are supposed to be carried.\r\n\r\nAdd iph and th pointers to make the code more readable.\r\n\r\n[1]\r\n\r\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n  slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n  ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\r\n  ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\r\n  ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\r\n  ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\r\n  pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n  sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n  __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n  release_sock+0x6b/0x250 net/core/sock.c:3626\r\n  pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n  sock_sendmsg_nosec net/socket.c:729 [inline]\r\n  __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n  ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n  __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n  __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n  __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n  __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n  x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n  slab_post_alloc_hook mm/slub.c:4091 [inline]\r\n  slab_alloc_node mm/slub.c:4134 [inline]\r\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\r\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n  alloc_skb include/linux/skbuff.h:1322 [inline]\r\n  sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n  pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n  sock_sendmsg_nosec net/socket.c:729 [inline]\r\n  __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n  ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n  __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n  __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n  __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n  __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n  x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50033"
    },
    {
      "cve": "CVE-2024-50035",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nppp: fix ppp_async_encode() illegal access\r\n\r\nsyzbot reported an issue in ppp_async_encode() [1]\r\n\r\nIn this case, pppoe_sendmsg() is called with a zero size.\r\nThen ppp_async_encode() is called with an empty skb.\r\n\r\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n  ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n  ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n  ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\r\n  ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\r\n  ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\r\n  pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n  sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n  __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n  release_sock+0x6b/0x250 net/core/sock.c:3626\r\n  pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n  sock_sendmsg_nosec net/socket.c:729 [inline]\r\n  __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n  ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n  __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n  __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n  __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n  __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n  x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n  slab_post_alloc_hook mm/slub.c:4092 [inline]\r\n  slab_alloc_node mm/slub.c:4135 [inline]\r\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\r\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n  alloc_skb include/linux/skbuff.h:1322 [inline]\r\n  sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n  pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n  sock_sendmsg_nosec net/socket.c:729 [inline]\r\n  __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n  ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n  __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n  __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n  __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n  __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n  x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50035"
    },
    {
      "cve": "CVE-2024-50039",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: accept TCA_STAB only for root qdisc\r\n\r\nMost qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers.\r\n\r\nUnfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1]\r\n\r\nWe can\u0027t support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50039"
    },
    {
      "cve": "CVE-2024-50040",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50040"
    },
    {
      "cve": "CVE-2024-50044",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\r\n\r\nrfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50044"
    },
    {
      "cve": "CVE-2024-50045",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50045"
    },
    {
      "cve": "CVE-2024-50046",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\r\n\r\nOn the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server.\r\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50046"
    },
    {
      "cve": "CVE-2024-50058",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\r\n\r\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected \"uart_port_dtr_rts(uport, false);\" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports.\r\n\r\nOr it cannot be NULL at this point at all for some reason :P.\r\n\r\nUntil the above is investigated, stay on the safe side and move this dereference to the if too.\r\n\r\nI got this inconsistency from Coverity under CID 1585130. Thanks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50058"
    },
    {
      "cve": "CVE-2024-50095",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/mad: Improve handling of timed out WRs of mad agent\r\n\r\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler.\r\n\r\nThis leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes\r\n\r\n\r\nSimplified timeout handler by creating local list of timed out WRs and invoke send handler post creating the list. The new method acquires/releases lock once to fetch the list and hence helps to reduce locking contetiong when processing higher no. of WRs",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50095"
    },
    {
      "cve": "CVE-2024-50121",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfsd: problematic nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net. In the normal case, when we excute `echo 0 \u003e /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50121"
    },
    {
      "cve": "CVE-2024-50127",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: sched: fix use-after-free in taprio_change()\r\n\r\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched switch / removal caused by \u0027advance_sched()\u0027, and critical section protected by \u0027q-current_entry_lock\u0027 is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer \u0027rcu_replace_pointer()\u0027 ver \u0027rcu_assign_pointer()\u0027 to update \u0027admin\u0027 immediately before an attempt to schedule freeing.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50127"
    },
    {
      "cve": "CVE-2024-50131",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing: Consider the NULL character when validating the event length\r\n\r\nstrlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character.\r\n\r\nThis commit checks this condition and returns failure for it.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50131"
    },
    {
      "cve": "CVE-2024-50134",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\r\n\r\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a \"memcpy: detected field-spanning write error\".\r\n\r\nNote as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large.\r\nChanging this is not the goal of this patch, so this behavior is kept.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50134"
    },
    {
      "cve": "CVE-2024-50142",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\r\n\r\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:Validate address prefix lengths in the xfrm selector.\")\r\n\r\nsyzbot created an SA with\r\n    usersa.sel.family = AF_UNSPEC\r\n    usersa.sel.prefixlen_s = 128\r\n    usersa.family = AF_INET\r\n\r\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put limits on prefixlen_{s,d}. But then copy_from_user_state sets x-\u003esel.family to usersa.family (AF_INET). Do the same conversion inverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s howprefixlen is going to be used later on.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50142"
    },
    {
      "cve": "CVE-2024-50148",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: bnep: fix wild-memory-access in proto_unregister\r\n\r\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init() will cleanup all resource. Then when remove bnep module will call bnep_sock_cleanup() to cleanup sock\u0027s resource.\r\nTo solve above issue just return bnep_sock_init()\u0027s return value in bnep_exit().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50148"
    },
    {
      "cve": "CVE-2024-50150",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: typec: altmode should keep reference to parent\r\n\r\nThe altmode device release refers to its parent device, but without keeping\r\na reference to it.\r\n\r\nWhen registering the altmode, get a reference to the parent and put it in\r\nthe release function.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50150"
    },
    {
      "cve": "CVE-2024-50151",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsmb: client: fix OOBs when building SMB2_IOCTL request\r\n\r\nWhen using encryption, either enforced by the server or when using\r\n\u0027seal\u0027 mount option, the client will squash all compound request buffers\r\ndown for encryption into a single iov in smb2_set_next_command().\r\n\r\nSMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the\r\nSMB2_IOCTL request in the first iov, and if the user passes an input\r\nbuffer that is greater than 328 bytes, smb2_set_next_command() will\r\nend up writing off the end of @rqst-\u003eiov[0].iov_base as shown below:\r\n\r\n  mount.cifs //srv/share /mnt -o ...,seal\r\n  ln -s $(perl -e \"print(\u0027a\u0027)for 1..1024\") /mnt/link\r\n\r\n  BUG: KASAN: slab-out-of-bounds in\r\n  smb2_set_next_command.cold+0x1d6/0x24c [cifs]\r\n  Write of size 4116 at addr ffff8881148fcab8 by task ln/859",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50151"
    },
    {
      "cve": "CVE-2024-50153",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\r\n\r\nThere is a null-ptr-deref issue reported by KASAN:\r\n\r\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\r\n...\r\n kasan_report+0xb9/0xf0\r\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\r\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\r\n target_core_init_configfs+0x205/0x420 [target_core_mod]\r\n do_one_initcall+0xdd/0x4e0\r\n...\r\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\r\n\r\nIn target_alloc_device(), if allocing memory for dev queues fails, then\r\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\r\nis not initialized at that time, which will lead to a null pointer\r\nreference problem.\r\n\r\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50153"
    },
    {
      "cve": "CVE-2024-50188",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: phy: dp83869: fix memory corruption when enabling fiber. When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 \u0026lt;\u0026lt; 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50188"
    },
    {
      "cve": "CVE-2024-50205",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\r\n\r\nThe step variable is initialized to zero. It is changed in the loop,\r\nbut if it\u0027s not changed it will remain zero. Add a variable check\r\nbefore the division.\r\n\r\nThe observed behavior was introduced by commit 826b5de90c0b\r\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\r\nand it is difficult to show that any of the interval parameters will\r\nsatisfy the snd_interval_test() condition with data from the\r\namdtp_rate_table[] table.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50205"
    },
    {
      "cve": "CVE-2024-50210",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\r\n\r\nIf get_clock_desc() succeeds, it calls fget() for the clockid\u0027s fd,\r\nand get the clk-\u003erwsem read lock, so the error path should release\r\nthe lock to make the lock balance and fput the clockid\u0027s fd to make\r\nthe refcount balance and release the fd related resource.\r\n\r\nHowever the below commit left the error path locked behind resulting in\r\nunbalanced locking. Check timespec64_valid_strict() before\r\nget_clock_desc() to fix it, because the \"ts\" is not changed\r\nafter that.\r\n\r\n[pabeni@redhat.com: fixed commit message typo]",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50210"
    },
    {
      "cve": "CVE-2024-50251",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50251"
    },
    {
      "cve": "CVE-2024-50262",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix out-of-bounds write in trie_get_next_key()\n\ntrie_get_next_key() allocates a node stack with size trie-\u003emax_prefixlen,\nwhile it writes (trie-\u003emax_prefixlen + 1) nodes to the stack when it has\nfull paths from the root to leaves. For example, consider a trie with\nmax_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...\n0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with\n.prefixlen = 8 make 9 nodes be written on the node stack with size 8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50262"
    },
    {
      "cve": "CVE-2024-50299",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: properly validate chunk size in sctp_sf_ootb()\n\nA size validation fix similar to that in Commit 50619dbf8db7 (\"sctp: add\nsize validation when walking chunks\") is also required in sctp_sf_ootb()\nto address a crash reported by syzbot:\n\n  BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n  sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n  sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166\n  sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407\n  sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n  sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243\n  sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159\n  ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205\n  ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50299"
    },
    {
      "cve": "CVE-2024-50301",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n   pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n   slots in a node(below tag ascend_to_node), if the slot pointer is meta\n   and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n   descend_to_node. However, there is an exception. If node is the root,\n   and one of the slots points to a shortcut, it will be treated as a\n   keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n   However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n   ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n   has keys with hashes that are not similar (e.g. slot 0) and it splits\n   NODE A without using a shortcut. When NODE A is filled with keys that\n   all hashes are xxe6, the keys are similar, NODE A will split with a\n   shortcut. Finally, it forms the tree as shown below, where slot 6 points\n   to a shortcut.\n\n                      NODE A\n              +------\u003e+---+\n      ROOT    |       | 0 | xxe6\n      +---+   |       +---+\n xxxx | 0 | shortcut  :   : xxe6\n      +---+   |       +---+\n xxe6 :   :   |       |   | xxe6\n      +---+   |       +---+\n      | 6 |---+       :   : xxe6\n      +---+           +---+\n xxe6 :   :           | f | xxe6\n      +---+           +---+\n xxe6 | f |\n      +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n   it may be mistakenly transferred to a key*, leading to a read\n   out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50301"
    },
    {
      "cve": "CVE-2024-50302",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
          "title": "Summary"
        },
        {
          "category": "summary",
          "text": "The information disclosure is limited to HID driver report data. Successful exploitation requires the installation of malicious code on the device.",
          "title": "For SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50302"
    },
    {
      "cve": "CVE-2024-53042",
      "cwe": {
        "id": "CWE-662",
        "name": "Improper Synchronization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\r\n\r\nThere are code paths from which the function is called without holding\r\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\r\n\r\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\r\nthe RCU read lock before calling\r\nl3mdev_master_upper_ifindex_by_index_rcu().\r\n\r\n[1]\r\nWARNING: suspicious RCU usage\r\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\r\n-----------------------------\r\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\r\n\r\nother info that might help us debug this:\r\n\r\nrcu_scheduler_active = 2, debug_locks = 1\r\n1 lock held by ip/361:\r\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-53042"
    },
    {
      "cve": "CVE-2024-53057",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-53057"
    },
    {
      "cve": "CVE-2024-53059",
      "cwe": {
        "id": "CWE-460",
        "name": "Improper Cleanup on Thrown Exception"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\n\n1. The size of the response packet is not validated.\n2. The response buffer is not freed.\n\nResolve these issues by switching to iwl_mvm_send_cmd_status(),\nwhich handles both size validation and frees the buffer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-53059"
    },
    {
      "cve": "CVE-2024-53101",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-53101"
    },
    {
      "cve": "CVE-2024-53124",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: fix data-races around sk sk_forward_alloc.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-53124"
    },
    {
      "cve": "CVE-2024-56631",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\nscsi: sg: Fix slab-use-after-free read in sg_release()\r\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\r\n\r\nThe fix has been tested and validated by syzbot. This patch closes the\r\nbug reported at the following syzkaller link and ensures proper\r\nsequencing of resource cleanup and mutex operations, eliminating the\r\nrisk of use-after-free errors in sg_release().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-56631"
    },
    {
      "cve": "CVE-2024-56672",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix UAF in blkcg_unpin_online()\r\n\r\nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To\r\nwalk up, it uses blkcg_parent(blkcg) but it was calling that after\r\nblkcg_destroy_blkgs(blkcg) which could free the blkcg",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-56672"
    },
    {
      "cve": "CVE-2024-57901",
      "cwe": {
        "id": "CWE-664",
        "name": "Improper Control of a Resource Through its Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK\n\nBlamed commit forgot MSG_PEEK case, allowing a crash [1] as found\nby syzbot.\n\nRework vlan_get_protocol_dgram() to not touch skb at all,\nso that it can be used from many cpus on the same skb.\n\nAdd a const qualifier to skb argument.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:\u003cNULL\u003e\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc900038d7638 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60\nR10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140\nR13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011\nFS:  00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  skb_push+0xe5/0x100 net/core/skbuff.c:2636\n  vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585\n  packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552\n  sock_recvmsg_nosec net/socket.c:1033 [inline]\n  sock_recvmsg+0x22f/0x280 net/socket.c:1055\n  ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803\n  ___sys_recvmsg net/socket.c:2845 [inline]\n  do_recvmmsg+0x426/0xab0 net/socket.c:2940\n  __sys_recvmmsg net/socket.c:3014 [inline]\n  __do_sys_recvmmsg net/socket.c:3037 [inline]\n  __se_sys_recvmmsg net/socket.c:3030 [inline]\n  __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57901"
    },
    {
      "cve": "CVE-2024-57902",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_packet: fix vlan_get_tci() vs MSG_PEEK\n\nBlamed commit forgot MSG_PEEK case, allowing a crash [1] as found\nby syzbot.\n\nRework vlan_get_tci() to not touch skb at all,\nso that it can be used from many cpus on the same skb.\n\nAdd a const qualifier to skb argument.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:\u003cNULL\u003e\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 5880 Comm: syz-executor172 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0b 8d 48 c7 c6 9e 6c 26 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 3a 5a 79 f7 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc90003baf5b8 EFLAGS: 00010286\nRAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8565c1eec37aa000\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88802616fb50 R08: ffffffff817f0a4c R09: 1ffff92000775e50\nR10: dffffc0000000000 R11: fffff52000775e51 R12: 0000000000000140\nR13: ffff88807a1d5800 R14: ffff88807a1d5810 R15: 0000000000000014\nFS:  00007fa03261f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffd65753000 CR3: 0000000031720000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  skb_push+0xe5/0x100 net/core/skbuff.c:2636\n  vlan_get_tci+0x272/0x550 net/packet/af_packet.c:565\n  packet_recvmsg+0x13c9/0x1ef0 net/packet/af_packet.c:3616\n  sock_recvmsg_nosec net/socket.c:1044 [inline]\n  sock_recvmsg+0x22f/0x280 net/socket.c:1066\n  ____sys_recvmsg+0x1c6/0x480 net/socket.c:2814\n  ___sys_recvmsg net/socket.c:2856 [inline]\n  do_recvmmsg+0x426/0xab0 net/socket.c:2951\n  __sys_recvmmsg net/socket.c:3025 [inline]\n  __do_sys_recvmmsg net/socket.c:3048 [inline]\n  __se_sys_recvmmsg net/socket.c:3041 [inline]\n  __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3041\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57902"
    },
    {
      "cve": "CVE-2024-57913",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57913"
    },
    {
      "cve": "CVE-2024-57929",
      "cwe": {
        "id": "CWE-672",
        "name": "Operation on a Resource after Expiration or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm array: fix releasing a faulty array block twice in dm_array_cursor_end\r\n\r\nWhen dm_bm_read_lock() fails due to locking or checksum errors, it\r\nreleases the faulty block implicitly while leaving an invalid output\r\npointer behind. The caller of dm_bm_read_lock() should not operate on\r\nthis invalid dm_block pointer, or it will lead to undefined result.\r\nFor example, the dm_array_cursor incorrectly caches the invalid pointer\r\non reading a faulty array block, causing a double release in\r\ndm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57929"
    },
    {
      "cve": "CVE-2024-57940",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, dentry will not be incremented, causing condition dentry \u003c max_dentries unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57940"
    },
    {
      "cve": "CVE-2024-57948",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: check local interfaces before deleting sdata list\r\n\r\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\r\n\r\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\r\nhardware device from the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57948"
    },
    {
      "cve": "CVE-2024-57951",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhrtimers: Handle CPU state correctly on hotplug\n\nConsider a scenario where a CPU transitions from CPUHP_ONLINE to halfway\nthrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to\nCPUHP_ONLINE:\n\nSince hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set\nto 1 throughout. However, during a CPU unplug operation, the tick and the\nclockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online\nstate, for instance CFS incorrectly assumes that the hrtick is already\nactive, and the chance of the clockevent device to transition to oneshot\nmode is also lost forever for the CPU, unless it goes back to a lower state\nthan CPUHP_HRTIMERS_PREPARE once.\n\nThis round-trip reveals another issue; cpu_base.online is not set to 1\nafter the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer().\n\nAside of that, the bulk of the per CPU state is not reset either, which\nmeans there are dangling pointers in the worst case.\n\nAddress this by adding a corresponding startup() callback, which resets the\nstale per CPU state and sets the online flag.\n\n[ tglx: Make the new callback unconditionally available, remove the online\n  \tmodification in the prepare() callback and clear the remaining\n  \tstate in the starting callback instead of the prepare callback ]",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57951"
    },
    {
      "cve": "CVE-2024-57977",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57977"
    },
    {
      "cve": "CVE-2024-57979",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "pps: Fix a use-after-free",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57979"
    },
    {
      "cve": "CVE-2024-57981",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "usb: xhci: NULL pointer dereference on certain command aborts. If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is advanced to the first TRB of the next segment. If no further commands are queued, xhci_handle_stopped_cmd_ring() sees the ring pointers unequal and assumes that there is a pending command, so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57981"
    },
    {
      "cve": "CVE-2024-57986",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-57986"
    },
    {
      "cve": "CVE-2024-58005",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "tpm: Change to kvalloc() in eventlog/acpi.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58005"
    },
    {
      "cve": "CVE-2024-58009",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58009"
    },
    {
      "cve": "CVE-2024-58014",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58014"
    },
    {
      "cve": "CVE-2024-58016",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "safesetid: check size of policy writes",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58016"
    },
    {
      "cve": "CVE-2024-58017",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58017"
    },
    {
      "cve": "CVE-2024-58020",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "HID: multitouch: Add NULL check in mt_input_configured",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58020"
    },
    {
      "cve": "CVE-2024-58051",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipmi: ipmb: Add check devm_kasprintf() returned value",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58051"
    },
    {
      "cve": "CVE-2024-58058",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ubifs: skip dumping tnc tree when zroot is null",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58058"
    },
    {
      "cve": "CVE-2024-58063",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: rtlwifi: fix memory leaks and invalid access at probe error path",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58063"
    },
    {
      "cve": "CVE-2024-58071",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "team: prevent adding a device which is already a team device lower",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58071"
    },
    {
      "cve": "CVE-2024-58072",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: rtlwifi: remove unused check_buddy_priv",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58072"
    },
    {
      "cve": "CVE-2024-58085",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "tomoyo: don\u0027t emit warning in tomoyo_write_control()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-58085"
    },
    {
      "cve": "CVE-2025-3198",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-3198"
    },
    {
      "cve": "CVE-2025-5244",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-5244"
    },
    {
      "cve": "CVE-2025-5245",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-5245"
    },
    {
      "cve": "CVE-2025-7425",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-7425"
    },
    {
      "cve": "CVE-2025-7545",
      "cwe": {
        "id": "CWE-116",
        "name": "Improper Encoding or Escaping of Output"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-7545"
    },
    {
      "cve": "CVE-2025-7546",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-7546"
    },
    {
      "cve": "CVE-2025-8224",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-8224"
    },
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-9230"
    },
    {
      "cve": "CVE-2025-21638",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21638"
    },
    {
      "cve": "CVE-2025-21639",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21639"
    },
    {
      "cve": "CVE-2025-21640",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21640"
    },
    {
      "cve": "CVE-2025-21647",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\nsched: sch_cake: add bounds checks to host bulk flow fairness counts",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21647"
    },
    {
      "cve": "CVE-2025-21648",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\r\n\r\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\r\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\r\nresizing hashtable because __GFP_NOWARN is unset. See:\r\n\r\n  0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\r\n\r\nNote: hashtable resize is only possible from init_netns.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21648"
    },
    {
      "cve": "CVE-2025-21653",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21653"
    },
    {
      "cve": "CVE-2025-21664",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "dm thin: make get_first_thin use rcu-safe list first function",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21664"
    },
    {
      "cve": "CVE-2025-21666",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "vsock: prevent null-ptr-deref in vsock_has_data|has_space",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21666"
    },
    {
      "cve": "CVE-2025-21669",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "vsock/virtio: discard packets if the transport changes",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21669"
    },
    {
      "cve": "CVE-2025-21678",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "gtp: Destroy device along with udp socket\u0027s netns dismantle",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21678"
    },
    {
      "cve": "CVE-2025-21683",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bpf: Fix bpf_sk_select_reuseport() memory leak",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21683"
    },
    {
      "cve": "CVE-2025-21692",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [   18.852298] ------------[ cut here ]------------\n [   18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [   18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [   18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [   18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [   18.856532] Call Trace:\n [   18.857441]  \u003cTASK\u003e\n [   18.858227]  dump_stack_lvl+0xc2/0xf0\n [   18.859607]  dump_stack+0x10/0x20\n [   18.860908]  __ubsan_handle_out_of_bounds+0xa7/0xf0\n [   18.864022]  ets_class_change+0x3d6/0x3f0\n [   18.864322]  tc_ctl_tclass+0x251/0x910\n [   18.864587]  ? lock_acquire+0x5e/0x140\n [   18.865113]  ? __mutex_lock+0x9c/0xe70\n [   18.866009]  ? __mutex_lock+0xa34/0xe70\n [   18.866401]  rtnetlink_rcv_msg+0x170/0x6f0\n [   18.866806]  ? __lock_acquire+0x578/0xc10\n [   18.867184]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [   18.867503]  netlink_rcv_skb+0x59/0x110\n [   18.867776]  rtnetlink_rcv+0x15/0x30\n [   18.868159]  netlink_unicast+0x1c3/0x2b0\n [   18.868440]  netlink_sendmsg+0x239/0x4b0\n [   18.868721]  ____sys_sendmsg+0x3e2/0x410\n [   18.869012]  ___sys_sendmsg+0x88/0xe0\n [   18.869276]  ? rseq_ip_fixup+0x198/0x260\n [   18.869563]  ? rseq_update_cpu_node_id+0x10a/0x190\n [   18.869900]  ? trace_hardirqs_off+0x5a/0xd0\n [   18.870196]  ? syscall_exit_to_user_mode+0xcc/0x220\n [   18.870547]  ? do_syscall_64+0x93/0x150\n [   18.870821]  ? __memcg_slab_free_hook+0x69/0x290\n [   18.871157]  __sys_sendmsg+0x69/0xd0\n [   18.871416]  __x64_sys_sendmsg+0x1d/0x30\n [   18.871699]  x64_sys_call+0x9e2/0x2670\n [   18.871979]  do_syscall_64+0x87/0x150\n [   18.873280]  ? do_syscall_64+0x93/0x150\n [   18.874742]  ? lock_release+0x7b/0x160\n [   18.876157]  ? do_user_addr_fault+0x5ce/0x8f0\n [   18.877833]  ? irqentry_exit_to_user_mode+0xc2/0x210\n [   18.879608]  ? irqentry_exit+0x77/0xb0\n [   18.879808]  ? clear_bhb_loop+0x15/0x70\n [   18.880023]  ? clear_bhb_loop+0x15/0x70\n [   18.880223]  ? clear_bhb_loop+0x15/0x70\n [   18.880426]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [   18.880683] RIP: 0033:0x44a957\n [   18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [   18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [   18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [   18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [   18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [   18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [   18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [   18.888395]  \u003c/TASK\u003e\n [   18.888610] ---[ end trace ]---",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21692"
    },
    {
      "cve": "CVE-2025-21694",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: fix softlockup in __read_vmcore (part 2)\n\nSince commit 5cbcb62dddf5 (\"fs/proc: fix softlockup in __read_vmcore\") the\nnumber of softlockups in __read_vmcore at kdump time have gone down, but\nthey still happen sometimes.\n\nIn a memory constrained environment like the kdump image, a softlockup is\nnot just a harmless message, but it can interfere with things like RCU\nfreeing memory, causing the crashdump to get stuck.\n\nThe second loop in __read_vmcore has a lot more opportunities for natural\nsleep points, like scheduling out while waiting for a data write to\nhappen, but apparently that is not always enough.\n\nAdd a cond_resched() to the second loop in __read_vmcore to (hopefully)\nget rid of the softlockups.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21694"
    },
    {
      "cve": "CVE-2025-21704",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "usb: cdc-acm: Check control transfer buffer size before access",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21704"
    },
    {
      "cve": "CVE-2025-21711",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/rose: prevent integer overflows in rose_setsockopt()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21711"
    },
    {
      "cve": "CVE-2025-21719",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipmr: do not call mr_mfc_uses_dev() for unres entries",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21719"
    },
    {
      "cve": "CVE-2025-21726",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "padata: avoid UAF for reorder_work",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21726"
    },
    {
      "cve": "CVE-2025-21727",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "padata: fix UAF in padata_reorder",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21727"
    },
    {
      "cve": "CVE-2025-21728",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21728"
    },
    {
      "cve": "CVE-2025-21735",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFC: nci: Add bounds checking in nci_hci_create_pipe()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21735"
    },
    {
      "cve": "CVE-2025-21744",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21744"
    },
    {
      "cve": "CVE-2025-21745",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21745"
    },
    {
      "cve": "CVE-2025-21753",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "btrfs: fix use-after-free when attempting to join an aborted transaction",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21753"
    },
    {
      "cve": "CVE-2025-21756",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21756"
    },
    {
      "cve": "CVE-2025-21760",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ndisc: extend RCU protection in ndisc_send_skb()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21760"
    },
    {
      "cve": "CVE-2025-21761",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "openvswitch: use RCU protection in ovs_vport_cmd_fill_info()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21761"
    },
    {
      "cve": "CVE-2025-21762",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21762"
    },
    {
      "cve": "CVE-2025-21763",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "neighbour: use RCU protection in __neigh_notify()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21763"
    },
    {
      "cve": "CVE-2025-21764",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ndisc: use RCU protection in ndisc_alloc_skb()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21764"
    },
    {
      "cve": "CVE-2025-21765",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21765"
    },
    {
      "cve": "CVE-2025-21772",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "partitions: mac: fix handling of bogus partition table",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21772"
    },
    {
      "cve": "CVE-2025-21776",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "USB: hub: Ignore non-compliant devices with too many configs or interfaces. A test program can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21776"
    },
    {
      "cve": "CVE-2025-21787",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "team: better TEAM_OPTION_TYPE_STRING validation",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21787"
    },
    {
      "cve": "CVE-2025-21795",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21795"
    },
    {
      "cve": "CVE-2025-21796",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21796"
    },
    {
      "cve": "CVE-2025-21806",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net: let net.core.dev_weight always be non-zero. The following problem was encountered during stability test: (NULL net_device).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21806"
    },
    {
      "cve": "CVE-2025-21814",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ptp: Ensure info-\u003eenable callback is always set",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21814"
    },
    {
      "cve": "CVE-2025-21826",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject mismatching sum of field_len with set key length\n\nThe field length description provides the length of each separated key\nfield in the concatenation, each field gets rounded up to 32-bits to\ncalculate the pipapo rule width from pipapo_init(). The set key length\nprovides the total size of the key aligned to 32-bits.\n\nRegister-based arithmetics still allows for combining mismatching set\nkey length and field length description, eg. set key length 10 and field\ndescription [ 5, 4 ] leading to pipapo width of 12.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21826"
    },
    {
      "cve": "CVE-2025-21835",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "usb: gadget: f_midi: fix MIDI Streaming descriptor lengths",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21835"
    },
    {
      "cve": "CVE-2025-21844",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "smb: client: Add check for next_buffer in receive_encrypted_standard()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21844"
    },
    {
      "cve": "CVE-2025-21846",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "acct: perform last write from workqueue",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21846"
    },
    {
      "cve": "CVE-2025-21858",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "geneve: Fix use-after-free in geneve_find_dev()",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21858"
    },
    {
      "cve": "CVE-2025-21859",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "USB: gadget: f_midi: f_midi_complete to call queue_work",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21859"
    },
    {
      "cve": "CVE-2025-21862",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21862"
    },
    {
      "cve": "CVE-2025-21865",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-21865"
    },
    {
      "cve": "CVE-2025-68160",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-68160"
    },
    {
      "cve": "CVE-2025-69418",
      "cwe": {
        "id": "CWE-325",
        "name": "Missing Cryptographic Step"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-69418"
    },
    {
      "cve": "CVE-2025-69419",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-69419"
    },
    {
      "cve": "CVE-2025-69420",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-69420"
    },
    {
      "cve": "CVE-2025-69421",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\r\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\r\n\r\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\r\nDenial of Service for an application processing PKCS#12 files.\r\n\r\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\r\nparameter is NULL before dereferencing it. When called from\r\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\r\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\r\nand cannot be escalated to achieve code execution or memory disclosure.\r\n\r\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\r\nto an application that processes it. For that reason the issue was assessed as\r\nLow severity according to our Security Policy.\r\n\r\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\r\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\r\n\r\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-69421"
    },
    {
      "cve": "CVE-2026-22795",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-22795"
    },
    {
      "cve": "CVE-2026-22796",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-22796"
    },
    {
      "cve": "CVE-2026-28387",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\ncertificate usages.  These SMTP (or other similar) clients are not vulnerable\nto this issue.  Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-28387"
    },
    {
      "cve": "CVE-2026-28388",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-28388"
    },
    {
      "cve": "CVE-2026-28389",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-28389"
    },
    {
      "cve": "CVE-2026-28390",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-28390"
    },
    {
      "cve": "CVE-2026-31431",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.",
          "title": "Summary"
        },
        {
          "category": "summary",
          "text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
          "title": "For SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Only build and run applications from trusted sources.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-31431"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.