Report Name: Linux Patch Wednesday March 2024Generated: 2024-03-21 12:35:29
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Linux Kernel | 0.9 | 3 | 29 | 36 | 68 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | ||
Chromium | 0.8 | 14 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | ||||
Node.js | 0.8 | 1 | 1 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | ||||
.NET and Visual Studio | 0.7 | 1 | 1 | .NET and Visual Studio | ||||
Apache Tomcat | 0.7 | 1 | 1 | Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies | ||||
Perl | 0.6 | 1 | 1 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | ||||
Puma | 0.6 | 1 | 1 | Puma is a Ruby/Rack web server built for parallelism | ||||
Python | 0.6 | 1 | 1 | Python is a high-level, general-purpose programming language | ||||
libxml2 | 0.6 | 1 | 1 | libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project | ||||
AccountsService | 0.5 | 1 | 1 | Product detected by a:accountsservice_project:accountsservice (exists in CPE dict) | ||||
Android | 0.5 | 1 | 1 | Product detected by o:google:android (exists in CPE dict) | ||||
Composer | 0.5 | 1 | 1 | Product detected by a:getcomposer:composer (exists in CPE dict) | ||||
FRRouting | 0.5 | 1 | 1 | Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD | ||||
Knot Resolver | 0.5 | 1 | 1 | Product detected by a:nic:knot_resolver (exists in CPE dict) | ||||
Luatex | 0.5 | 1 | 1 | Product detected by a:luatex_project:luatex (exists in CPE dict) | ||||
NCurse | 0.5 | 1 | 1 | Product detected by a:invisible-island:ncurse (exists in CPE dict) | ||||
Opensc | 0.5 | 1 | 1 | Product detected by a:opensc_project:opensc (exists in CPE dict) | ||||
Parsson | 0.5 | 1 | 1 | Product detected by a:eclipse:parsson (exists in CPE dict) | ||||
Squid | 0.5 | 1 | 1 | Product detected by a:squid-cache:squid (exists in CPE dict) | ||||
aiohttp | 0.5 | 5 | 5 | Product detected by a:aiohttp:aiohttp (exists in CPE dict) | ||||
ansible_automation_platform | 0.5 | 1 | 1 | Product detected by a:redhat:ansible_automation_platform (exists in CPE dict) | ||||
iNet Wireless Daemon | 0.5 | 1 | 1 | Product detected by a:intel:inet_wireless_daemon (exists in CPE dict) | ||||
keylime | 0.5 | 1 | 1 | Product detected by a:keylime:keylime (exists in CPE dict) | ||||
libexpat | 0.5 | 1 | 1 | Product detected by a:libexpat_project:libexpat (exists in CPE dict) | ||||
libgit2 | 0.5 | 1 | 1 | Product detected by a:libgit2:libgit2 (exists in CPE dict) | ||||
libuv | 0.5 | 1 | 1 | Product detected by a:libuv:libuv (exists in CPE dict) | ||||
linux_kernel | 0.5 | 1 | 1 | Product detected by o:linux:linux_kernel (exists in CPE dict) | ||||
openCryptoki | 0.5 | 1 | 1 | Product detected by a:opencryptoki_project:opencryptoki (exists in CPE dict) | ||||
relax-and-recover | 0.5 | 1 | 1 | Product detected by a:relax-and-recover:relax-and-recover (does NOT exist in CPE dict) | ||||
vim | 0.5 | 1 | 1 | Product detected by a:vim:vim (exists in CPE dict) | ||||
Unknown Product | 0 | 7 | 13 | 20 | Unknown Product |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 1 | 1 | ||||
Authentication Bypass | 0.98 | 1 | 1 | ||||
Command Injection | 0.97 | 6 | 2 | 8 | |||
Security Feature Bypass | 0.9 | 5 | 7 | 12 | |||
Elevation of Privilege | 0.85 | 2 | 1 | 3 | |||
Information Disclosure | 0.83 | 6 | 6 | ||||
Cross Site Scripting | 0.8 | 1 | 1 | ||||
Denial of Service | 0.7 | 3 | 14 | 3 | 20 | ||
Incorrect Calculation | 0.5 | 1 | 1 | ||||
Memory Corruption | 0.5 | 2 | 28 | 30 | |||
Spoofing | 0.4 | 1 | 1 | ||||
Unknown Vulnerability Type | 0 | 3 | 47 | 50 |
Source | U | C | H | M | L | A |
---|---|---|---|---|---|---|
debian | 15 | 63 | 51 | 129 | ||
ubuntu | 10 | 38 | 46 | 94 | ||
oraclelinux | 2 | 5 | 2 | 9 | ||
redhat | 3 | 11 | 2 | 16 | ||
redos | 5 | 5 | ||||
almalinux | 1 | 3 | 1 | 5 |
1. Command Injection - libuv (CVE-2024-24806) - High [589]
Description: libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.97 | 15 | Command Injection | |
0.5 | 14 | Product detected by a:libuv:libuv (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 7.3. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00111, EPSS Percentile is 0.43284 |
debian: CVE-2024-24806 was patched at 2024-03-10, unknown date
ubuntu: CVE-2024-24806 was patched at 2024-02-28
2. Denial of Service - Squid (CVE-2024-23638) - High [589]
Description: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:megamansec.github.io website | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:squid-cache:squid (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.8 | 10 | EPSS Probability is 0.00812, EPSS Percentile is 0.81378 |
debian: CVE-2024-23638 was patched at 2024-03-08, unknown date
3. Command Injection - Luatex (CVE-2023-32668) - High [566]
Description: LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:tug.org website | |
0.97 | 15 | Command Injection | |
0.5 | 14 | Product detected by a:luatex_project:luatex (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.25071 |
debian: CVE-2023-32668 was patched at unknown date
ubuntu: CVE-2023-32668 was patched at 2024-03-14
4. Command Injection - aiohttp (CVE-2023-37276) - High [566]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:hackerone.com website | |
0.97 | 15 | Command Injection | |
0.5 | 14 | Product detected by a:aiohttp:aiohttp (exists in CPE dict) | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.35083 |
debian: CVE-2023-37276 was patched at unknown date
redos: CVE-2023-37276 was patched at 2024-03-18
5. Denial of Service - Linux Kernel (CVE-2023-6560) - High [560]
Description: An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux io_uring __io_uaddr_map() Dangerous Multi-Page Handling Exploit, [packetstorm] io_uring __io_uaddr_map() Dangerous Multi-Page Handling) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
ubuntu: CVE-2023-6560 was patched at 2024-03-06, 2024-03-08, 2024-03-19
6. Command Injection - aiohttp (CVE-2023-47627) - High [554]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.97 | 15 | Command Injection | |
0.5 | 14 | Product detected by a:aiohttp:aiohttp (exists in CPE dict) | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.29308 |
debian: CVE-2023-47627 was patched at unknown date
redos: CVE-2023-47627 was patched at 2024-03-18
7. Security Feature Bypass - aiohttp (CVE-2023-49081) - High [553]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | Product detected by a:aiohttp:aiohttp (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 7.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.17361 |
debian: CVE-2023-49081 was patched at unknown date
redos: CVE-2023-49081 was patched at 2024-03-18
8. Command Injection - aiohttp (CVE-2023-49082) - High [542]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.97 | 15 | Command Injection | |
0.5 | 14 | Product detected by a:aiohttp:aiohttp (exists in CPE dict) | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.17361 |
debian: CVE-2023-49082 was patched at unknown date
redos: CVE-2023-49082 was patched at 2024-03-18
9. Denial of Service - libexpat (CVE-2023-52425) - High [529]
Description: libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:libexpat_project:libexpat (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.17774 |
debian: CVE-2023-52425 was patched at unknown date
ubuntu: CVE-2023-52425 was patched at 2024-03-14
10. Security Feature Bypass - Parsson (CVE-2023-4043) - High [529]
Description: In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:gitlab.eclipse.org website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | Product detected by a:eclipse:parsson (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.087 |
redhat: CVE-2023-4043 was patched at 2024-03-06
11. Security Feature Bypass - relax-and-recover (CVE-2024-23301) - High [529]
Description: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | Product detected by a:relax-and-recover:relax-and-recover (does NOT exist in CPE dict) | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-23301 was patched at unknown date
oraclelinux: CVE-2024-23301 was patched at 2024-03-06
redhat: CVE-2024-23301 was patched at 2024-03-05
almalinux: CVE-2024-23301 was patched at 2024-03-05
12. Memory Corruption - libxml2 (CVE-2024-25062) - High [498]
Description: An issue was discovered in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:gitlab.gnome.org website | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.14413 |
debian: CVE-2024-25062 was patched at unknown date
ubuntu: CVE-2024-25062 was patched at 2024-02-26, 2024-03-11
13. Security Feature Bypass - AccountsService (CVE-2012-6655) - High [494]
Description: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:bugzilla.suse.com website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | Product detected by a:accountsservice_project:accountsservice (exists in CPE dict) | |
0.3 | 10 | CVSS Base Score is 3.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2012-6655 was patched at unknown date
ubuntu: CVE-2012-6655 was patched at 2024-03-11
14. Security Feature Bypass - aiohttp (CVE-2023-47641) - High [494]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:github.com website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | Product detected by a:aiohttp:aiohttp (exists in CPE dict) | |
0.3 | 10 | CVSS Base Score is 3.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.14413 |
debian: CVE-2023-47641 was patched at unknown date
redos: CVE-2023-47641 was patched at 2024-03-18
15. Memory Corruption - vim (CVE-2024-22667) - High [482]
Description: Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:gist.githubusercontent.com website | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:vim:vim (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-22667 was patched at unknown date
ubuntu: CVE-2024-22667 was patched at 2024-03-18
16. Command Injection - Puma (CVE-2023-40175) - High [427]
Description: Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.6 | 14 | Puma is a Ruby/Rack web server built for parallelism | |
0.7 | 10 | CVSS Base Score is 7.3. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00251, EPSS Percentile is 0.64346 |
debian: CVE-2023-40175 was patched at unknown date
ubuntu: CVE-2023-40175 was patched at 2024-03-07
17. Elevation of Privilege - Linux Kernel (CVE-2024-0582) - High [408]
Description: A memory leak flaw was found in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
ubuntu: CVE-2024-0582 was patched at 2024-02-23, 2024-02-28, 2024-02-29
18. Elevation of Privilege - Linux Kernel (CVE-2024-1085) - High [408]
Description: A use-after-free vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-1085 was patched at unknown date
ubuntu: CVE-2024-1085 was patched at 2024-03-11, 2024-03-20
oraclelinux: CVE-2024-1085 was patched at 2024-03-11
redhat: CVE-2024-1085 was patched at 2024-02-28
19. Information Disclosure - Linux Kernel (CVE-2023-39197) - Medium [393]
Description: An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.4 | 10 | CVSS Base Score is 4.0. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00108, EPSS Percentile is 0.42507 |
debian: CVE-2023-39197 was patched at unknown date
ubuntu: CVE-2023-39197 was patched at 2024-03-18
20. Authentication Bypass - iNet Wireless Daemon (CVE-2023-52161) - Medium [389]
Description: The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.5 | 14 | Product detected by a:intel:inet_wireless_daemon (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.27869 |
debian: CVE-2023-52161 was patched at 2024-02-25, unknown date
21. Denial of Service - libgit2 (CVE-2024-24575) - Medium [386]
Description: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:libgit2:libgit2 (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.7 | 10 | EPSS Probability is 0.00413, EPSS Percentile is 0.7349 |
debian: CVE-2024-24575 was patched at unknown date
ubuntu: CVE-2024-24575 was patched at 2024-03-05
22. Remote Code Execution - Composer (CVE-2024-24821) - Medium [380]
Description: Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:getcomposer:composer (exists in CPE dict) | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-24821 was patched at 2024-02-26, unknown date
23. Information Disclosure - ansible_automation_platform (CVE-2023-50782) - Medium [374]
Description: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Product detected by a:redhat:ansible_automation_platform (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00098, EPSS Percentile is 0.39695 |
debian: CVE-2023-50782 was patched at unknown date
ubuntu: CVE-2023-50782 was patched at 2024-03-04, 2024-03-14
24. Denial of Service - Node.js (CVE-2024-22019) - Medium [365]
Description: A vulnerability in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-22019 was patched at unknown date
redhat: CVE-2024-22019 was patched at 2024-03-18, 2024-03-19, 2024-03-20
25. Denial of Service - Linux Kernel (CVE-2022-0480) - Medium [358]
Description: A flaw was found in the filelock_init in fs/locks.c function in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12419 |
debian: CVE-2022-0480 was patched at unknown date
redhat: CVE-2022-0480 was patched at 2024-03-12, 2024-03-13
26. Denial of Service - Linux Kernel (CVE-2022-48619) - Medium [358]
Description: An issue was discovered in drivers/input/input.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2022-48619 was patched at unknown date
oraclelinux: CVE-2022-48619 was patched at 2024-03-01
27. Denial of Service - Linux Kernel (CVE-2024-26591) - Medium [358]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-26591 was patched at unknown date
ubuntu: CVE-2024-26591 was patched at 2024-03-11
28. Information Disclosure - Linux Kernel (CVE-2024-0340) - Medium [357]
Description: A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.4 | 10 | CVSS Base Score is 4.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-0340 was patched at unknown date
ubuntu: CVE-2024-0340 was patched at 2024-03-06, 2024-03-08, 2024-03-11, 2024-03-13, 2024-03-19, 2024-03-20
29. Denial of Service - .NET and Visual Studio (CVE-2024-21392) - Medium [348]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | .NET and Visual Studio | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.14413 |
ubuntu: CVE-2024-21392 was patched at 2024-03-12
oraclelinux: CVE-2024-21392 was patched at 2024-03-14, 2024-03-15
redhat: CVE-2024-21392 was patched at 2024-03-13
almalinux: CVE-2024-21392 was patched at 2024-03-13
30. Denial of Service - Linux Kernel (CVE-2024-24855) - Medium [346]
Description: A race condition was found in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 5.0. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-24855 was patched at unknown date
ubuntu: CVE-2024-24855 was patched at 2024-03-18, 2024-03-19, 2024-03-20
31. Denial of Service - Linux Kernel (CVE-2024-24860) - Medium [346]
Description: A race condition was found in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 4.6. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10906 |
debian: CVE-2024-24860 was patched at unknown date
ubuntu: CVE-2024-24860 was patched at 2024-03-11
32. Memory Corruption - Linux Kernel (CVE-2023-52438) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52438 was patched at unknown date
ubuntu: CVE-2023-52438 was patched at 2024-03-11
33. Memory Corruption - Linux Kernel (CVE-2023-52439) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52439 was patched at unknown date
ubuntu: CVE-2023-52439 was patched at 2024-03-11
34. Memory Corruption - Linux Kernel (CVE-2023-52444) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52444 was patched at unknown date
ubuntu: CVE-2023-52444 was patched at 2024-03-11
35. Memory Corruption - Linux Kernel (CVE-2023-52445) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52445 was patched at unknown date
ubuntu: CVE-2023-52445 was patched at 2024-03-11
36. Memory Corruption - Linux Kernel (CVE-2023-52447) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52447 was patched at unknown date
ubuntu: CVE-2023-52447 was patched at 2024-03-11
37. Memory Corruption - Linux Kernel (CVE-2024-26588) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-26588 was patched at unknown date
ubuntu: CVE-2024-26588 was patched at 2024-03-11
38. Memory Corruption - Linux Kernel (CVE-2024-26589) - Medium [346]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-26589 was patched at unknown date
ubuntu: CVE-2024-26589 was patched at 2024-03-11
39. Information Disclosure - Opensc (CVE-2023-5992) - Medium [338]
Description: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Product detected by a:opensc_project:opensc (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 5.6. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00075, EPSS Percentile is 0.30534 |
debian: CVE-2023-5992 was patched at unknown date
oraclelinux: CVE-2023-5992 was patched at 2024-02-26
redhat: CVE-2023-5992 was patched at 2024-02-26
almalinux: CVE-2023-5992 was patched at 2024-02-26
40. Memory Corruption - Linux Kernel (CVE-2024-0775) - Medium [334]
Description: A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 6.7. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-0775 was patched at unknown date
ubuntu: CVE-2024-0775 was patched at 2024-03-18
oraclelinux: CVE-2024-0775 was patched at 2024-03-01
41. Information Disclosure - openCryptoki (CVE-2024-0914) - Medium [326]
Description: A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Product detected by a:opencryptoki_project:opencryptoki (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.23788 |
debian: CVE-2024-0914 was patched at unknown date
oraclelinux: CVE-2024-0914 was patched at 2024-03-08
redhat: CVE-2024-0914 was patched at 2024-03-07, 2024-03-19
almalinux: CVE-2024-0914 was patched at 2024-03-07
42. Incorrect Calculation - Linux Kernel (CVE-2024-23849) - Medium [322]
Description: In rds_recv_track_latency in net/rds/af_rds.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2024-23849 was patched at unknown date
ubuntu: CVE-2024-23849 was patched at 2024-03-11
43. Memory Corruption - Linux Kernel (CVE-2023-23000) - Medium [322]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-23000 was patched at unknown date
ubuntu: CVE-2023-23000 was patched at 2024-03-18, 2024-03-19, 2024-03-20
44. Memory Corruption - Linux Kernel (CVE-2023-52443) - Medium [322]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52443 was patched at unknown date
ubuntu: CVE-2023-52443 was patched at 2024-03-11
45. Memory Corruption - Linux Kernel (CVE-2023-52448) - Medium [322]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52448 was patched at unknown date
ubuntu: CVE-2023-52448 was patched at 2024-03-11
46. Memory Corruption - Linux Kernel (CVE-2023-52449) - Medium [322]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52449 was patched at unknown date
ubuntu: CVE-2023-52449 was patched at 2024-03-11
47. Elevation of Privilege - Android (CVE-2022-20567) - Medium [318]
Description: In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.5 | 14 | Product detected by o:google:android (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 6.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2022-20567 was patched at unknown date
ubuntu: CVE-2022-20567 was patched at 2024-03-18
48. Security Feature Bypass - Chromium (CVE-2024-1671) - Medium [305]
Description: Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1671 was patched at 2024-02-23, unknown date
49. Security Feature Bypass - Chromium (CVE-2024-1672) - Medium [305]
Description: Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1672 was patched at 2024-02-23, unknown date
50. Security Feature Bypass - Chromium (CVE-2024-1674) - Medium [305]
Description: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1674 was patched at 2024-02-23, unknown date
51. Security Feature Bypass - Chromium (CVE-2024-1675) - Medium [305]
Description: Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1675 was patched at 2024-02-23, unknown date
52. Memory Corruption - Python (CVE-2024-26130) - Medium [296]
Description: cryptography is a package designed to expose cryptographic primitives and recipes to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-26130 was patched at unknown date
ubuntu: CVE-2024-26130 was patched at 2024-03-04
53. Memory Corruption - linux_kernel (CVE-2023-46838) - Medium [291]
Description: Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by o:linux:linux_kernel (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.16358 |
debian: CVE-2023-46838 was patched at unknown date
ubuntu: CVE-2023-46838 was patched at 2024-03-11, 2024-03-18
54. Security Feature Bypass - Apache Tomcat (CVE-2024-24549) - Medium [289]
Description: Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-24549 was patched at unknown date
redhat: CVE-2024-24549 was patched at 2024-03-18
55. Denial of Service - Linux Kernel (CVE-2023-52456) - Medium [286]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52456 was patched at unknown date
ubuntu: CVE-2023-52456 was patched at 2024-03-11
56. Information Disclosure - Perl (CVE-2022-48623) - Medium [260]
Description: The Cpanel::JSON::XS package before 4.33 for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2022-48623 was patched at unknown date
ubuntu: CVE-2022-48623 was patched at 2024-02-28
57. Unknown Vulnerability Type - Linux Kernel (CVE-2023-22995) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-22995 was patched at unknown date
ubuntu: CVE-2023-22995 was patched at 2024-03-06, 2024-03-08, 2024-03-11, 2024-03-13, 2024-03-19, 2024-03-20
58. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52451) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: pr_debug("Failed to hot-remove memory at %llx\\n", lmb->base_addr); This was found by inspection and confirmed with KASAN: pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234 ================================================================== BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658 Read of size 8 at addr c000000364e97fd0 by task bash/949 dump_stack_lvl+0xa4/0xfc (unreliable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog+0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Allocated by task 1: kasan_save_stack+0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one_initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c The buggy address belongs to the object at c000000364e80000 which belongs to the cache kmalloc-128k of size 131072 The buggy address is located 0 bytes to the right of allocated 98256-byte region [c000000364e80000, c000000364e97fd0) ================================================================== pseries-hotplug-mem: Failed to hot-remove memory at 0 Log failed lookups with a separate message and dereference the cursor only when it points to a valid entry.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/memhp: Fix access beyond end of drmem array\n\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n&drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\n\n pr_debug("Failed to hot-remove memory at %llx\\n",\n lmb->base_addr);\n\nThis was found by inspection and confirmed with KASAN:\n\n pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\n Read of size 8 at addr c000000364e97fd0 by task bash/949\n\n dump_stack_lvl+0xa4/0xfc (unreliable)\n print_report+0x214/0x63c\n kasan_report+0x140/0x2e0\n __asan_load8+0xa8/0xe0\n dlpar_memory+0x298/0x1658\n handle_dlpar_errorlog+0x130/0x1d0\n dlpar_store+0x18c/0x3e0\n kobj_attr_store+0x68/0xa0\n sysfs_kf_write+0xc4/0x110\n kernfs_fop_write_iter+0x26c/0x390\n vfs_write+0x2d4/0x4e0\n ksys_write+0xac/0x1a0\n system_call_exception+0x268/0x530\n system_call_vectored_common+0x15c/0x2ec\n\n Allocated by task 1:\n kasan_save_stack+0x48/0x80\n kasan_set_track+0x34/0x50\n kasan_save_alloc_info+0x34/0x50\n __kasan_kmalloc+0xd0/0x120\n __kmalloc+0x8c/0x320\n kmalloc_array.constprop.0+0x48/0x5c\n drmem_init+0x2a0/0x41c\n do_one_initcall+0xe0/0x5c0\n kernel_init_freeable+0x4ec/0x5a0\n kernel_init+0x30/0x1e0\n ret_from_kernel_user_thread+0x14/0x1c\n\n The buggy address belongs to the object at c000000364e80000\n which belongs to the cache kmalloc-128k of size 131072\n The buggy address is located 0 bytes to the right of\n allocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n\n ==================================================================\n pseries-hotplug-mem: Failed to hot-remove memory at 0\n\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05355 |
debian: CVE-2023-52451 was patched at unknown date
ubuntu: CVE-2023-52451 was patched at 2024-03-11
59. Security Feature Bypass - Unknown Product (CVE-2024-2182) - Medium [255]
Description: {'nvd_cve_data_all': 'A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0 | 14 | Unknown Product | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.14476 |
debian: CVE-2024-2182 was patched at unknown date
ubuntu: CVE-2024-2182 was patched at 2024-03-12
redhat: CVE-2024-2182 was patched at 2024-03-19
60. Memory Corruption - Linux Kernel (CVE-2023-52457) - Medium [251]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52457 was patched at unknown date
ubuntu: CVE-2023-52457 was patched at 2024-03-11
61. Memory Corruption - Linux Kernel (CVE-2023-52469) - Medium [251]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52469 was patched at unknown date
ubuntu: CVE-2023-52469 was patched at 2024-03-11
62. Memory Corruption - Linux Kernel (CVE-2023-52594) - Medium [251]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52594 was patched at unknown date
ubuntu: CVE-2023-52594 was patched at 2024-03-11
63. Memory Corruption - Linux Kernel (CVE-2024-26597) - Medium [251]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2024-26597 was patched at unknown date
ubuntu: CVE-2024-26597 was patched at 2024-03-11
64. Memory Corruption - Linux Kernel (CVE-2024-26625) - Medium [251]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2024-26625 was patched at unknown date
ubuntu: CVE-2024-26625 was patched at 2024-03-11
65. Denial of Service - Unknown Product (CVE-2024-25111) - Medium [244]
Description: {'nvd_cve_data_all': 'Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.9 | 10 | CVSS Base Score is 8.6. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-25111 was patched at unknown date
redhat: CVE-2024-25111 was patched at 2024-03-19
66. Memory Corruption - Chromium (CVE-2024-1669) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1669 was patched at 2024-02-23, unknown date
67. Memory Corruption - Chromium (CVE-2024-1670) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1670 was patched at 2024-02-23, unknown date
68. Memory Corruption - Chromium (CVE-2024-1673) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1673 was patched at 2024-02-23, unknown date
69. Memory Corruption - Chromium (CVE-2024-1938) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1938 was patched at 2024-02-28, unknown date
70. Memory Corruption - Chromium (CVE-2024-1939) - Medium [234]
Description: Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1939 was patched at 2024-02-28, unknown date
71. Memory Corruption - Chromium (CVE-2024-2173) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-2173 was patched at 2024-03-06, unknown date
72. Memory Corruption - Chromium (CVE-2024-2174) - Medium [234]
Description: Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-2174 was patched at 2024-03-06, unknown date
73. Memory Corruption - Chromium (CVE-2024-2176) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-2176 was patched at 2024-03-06, unknown date
74. Memory Corruption - Chromium (CVE-2024-2400) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-2400 was patched at 2024-03-13, unknown date
75. Unknown Vulnerability Type - Linux Kernel (CVE-2023-50431) - Medium [233]
Description: {'nvd_cve_data_all': 'sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2023-50431 was patched at unknown date
ubuntu: CVE-2023-50431 was patched at 2024-03-11
76. Denial of Service - Unknown Product (CVE-2023-3966) - Medium [232]
Description: {'nvd_cve_data_all': 'A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2023-3966 was patched at 2024-03-14, unknown date
ubuntu: CVE-2023-3966 was patched at 2024-03-12
redhat: CVE-2023-3966 was patched at 2024-03-07
77. Security Feature Bypass - Unknown Product (CVE-2024-25617) - Medium [232]
Description: {'nvd_cve_data_all': 'Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 ', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0 | 14 | Unknown Product | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-25617 was patched at 2024-03-08, unknown date
redhat: CVE-2024-25617 was patched at 2024-03-01, 2024-03-04, 2024-03-06, 2024-03-19
78. Denial of Service - FRRouting (CVE-2024-27913) - Medium [220]
Description: ospf_te_parse_te in ospfd/ospf_te.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-27913 was patched at unknown date
ubuntu: CVE-2024-27913 was patched at 2024-03-06
79. Spoofing - Chromium (CVE-2024-1676) - Medium [216]
Description: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1676 was patched at 2024-02-23, unknown date
80. Cross Site Scripting - Unknown Product (CVE-2024-27285) - Medium [214]
Description: {'nvd_cve_data_all': 'YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0 | 14 | Unknown Product | |
0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2024-27285 was patched at 2024-03-04, unknown date
81. Denial of Service - Unknown Product (CVE-2024-1062) - Medium [208]
Description: {'nvd_cve_data_all': 'A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-1062 was patched at unknown date
redhat: CVE-2024-1062 was patched at 2024-03-05
82. Denial of Service - Unknown Product (CVE-2024-26141) - Medium [208]
Description: {'nvd_cve_data_all': 'Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.6 | 10 | CVSS Base Score is 5.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-26141 was patched at unknown date
ubuntu: CVE-2024-26141 was patched at 2024-03-12
83. Denial of Service - Unknown Product (CVE-2024-26146) - Low [196]
Description: {'nvd_cve_data_all': 'Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2024-26146 was patched at unknown date
ubuntu: CVE-2024-26146 was patched at 2024-03-12
84. Unknown Vulnerability Type - Knot Resolver (CVE-2023-46317) - Low [190]
Description: {'nvd_cve_data_all': 'Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.5 | 14 | Product detected by a:nic:knot_resolver (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.14413 |
debian: CVE-2023-46317 was patched at 2024-02-27, unknown date
85. Unknown Vulnerability Type - NCurse (CVE-2023-50495) - Low [190]
Description: {'nvd_cve_data_all': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.5 | 14 | Product detected by a:invisible-island:ncurse (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.17908 |
debian: CVE-2023-50495 was patched at unknown date
ubuntu: CVE-2023-50495 was patched at 2024-03-07
86. Command Injection - Unknown Product (CVE-2024-25081) - Low [185]
Description: {'nvd_cve_data_all': 'Splinefont in FontForge through 20230101 allows command injection via crafted filenames.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Splinefont in FontForge through 20230101 allows command injection via crafted filenames.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-25081 was patched at 2024-03-19, unknown date
87. Command Injection - Unknown Product (CVE-2024-25082) - Low [185]
Description: {'nvd_cve_data_all': 'Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-25082 was patched at 2024-03-19, unknown date
88. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52436) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list. This\neliminates the fragile assumption that the unused xattr space is always\nzeroed.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52436 was patched at unknown date
ubuntu: CVE-2023-52436 was patched at 2024-03-11
89. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52454) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp] Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110 Fix the bug by raising a fatal error if DATAL isn't coherent with the packet size. Also, the PDU length should never exceed the MAXH2CDATA parameter which has been communicated to the host in nvmet_tcp_handle_icreq().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\n\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\n\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n process_one_work+0x174/0x3c8\n worker_thread+0x2d0/0x3e8\n kthread+0x104/0x110\n\nFix the bug by raising a fatal error if DATAL isn't coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq().', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52454 was patched at unknown date
ubuntu: CVE-2023-52454 was patched at 2024-03-11
90. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52458) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error if the size of the read command is smaller than the logical block size.If integrity data is supported, this will also result in a null pointer dereference when calling bio_integrity_free.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add check that partition length needs to be aligned with block size\n\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2023-52458 was patched at unknown date
ubuntu: CVE-2023-52458 was patched at 2024-03-11
91. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52462) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it, depending on actual spill size). So to check if some stack slot has spilled register we need to consult slot_type[7], not slot_type[0]. To avoid the need to remember and double-check this in the future, just use is_spilled_reg() helper.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix check for attempt to corrupt spilled pointer\n\nWhen register is spilled onto a stack as a 1/2/4-byte register, we set\nslot_type[BPF_REG_SIZE - 1] (plus potentially few more below it,\ndepending on actual spill size). So to check if some stack slot has\nspilled register we need to consult slot_type[7], not slot_type[0].\n\nTo avoid the need to remember and double-check this in the future, just\nuse is_spilled_reg() helper.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52462 was patched at unknown date
ubuntu: CVE-2023-52462 was patched at 2024-03-11
92. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52463) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP [ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6 [ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1 [ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023 [ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 303.292123] pc : 0x0 [ 303.292443] lr : efivar_set_variable_locked+0x74/0xec [ 303.293156] sp : ffff800008673c10 [ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000 [ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027 [ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000 [ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000 [ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54 [ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4 [ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002 [ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201 [ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc [ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000 [ 303.303341] Call trace: [ 303.303679] 0x0 [ 303.303938] efivar_entry_set_get_size+0x98/0x16c [ 303.304585] efivarfs_file_write+0xd0/0x1a4 [ 303.305148] vfs_write+0xc4/0x2e4 [ 303.305601] ksys_write+0x70/0x104 [ 303.306073] __arm64_sys_write+0x1c/0x28 [ 303.306622] invoke_syscall+0x48/0x114 [ 303.307156] el0_svc_common.constprop.0+0x44/0xec [ 303.307803] do_el0_svc+0x38/0x98 [ 303.308268] el0_svc+0x2c/0x84 [ 303.308702] el0t_64_sync_handler+0xf4/0x120 [ 303.309293] el0t_64_sync+0x190/0x194 [ 303.309794] Code: ???????? ???????? ???????? ???????? (????????) [ 303.310612] ---[ end trace 0000000000000000 ]--- Fix this by adding a .reconfigure() function to the fs operations which we can use to check the requested flags and deny anything that's not RO if the firmware doesn't implement SetVariable at runtime.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: force RO when remounting if SetVariable is not supported\n\nIf SetVariable at runtime is not supported by the firmware we never assign\na callback for that function. At the same time mount the efivarfs as\nRO so no one can call that. However, we never check the permission flags\nwhen someone remounts the filesystem as RW. As a result this leads to a\ncrash looking like this:\n\n$ mount -o remount,rw /sys/firmware/efi/efivars\n$ efi-updatevar -f PK.auth PK\n\n[ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 303.280482] Mem abort info:\n[ 303.280854] ESR = 0x0000000086000004\n[ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 303.282016] SET = 0, FnV = 0\n[ 303.282414] EA = 0, S1PTW = 0\n[ 303.282821] FSC = 0x04: level 0 translation fault\n[ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000\n[ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n[ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6\n[ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1\n[ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023\n[ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 303.292123] pc : 0x0\n[ 303.292443] lr : efivar_set_variable_locked+0x74/0xec\n[ 303.293156] sp : ffff800008673c10\n[ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000\n[ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027\n[ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000\n[ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000\n[ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54\n[ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4\n[ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002\n[ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201\n[ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc\n[ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000\n[ 303.303341] Call trace:\n[ 303.303679] 0x0\n[ 303.303938] efivar_entry_set_get_size+0x98/0x16c\n[ 303.304585] efivarfs_file_write+0xd0/0x1a4\n[ 303.305148] vfs_write+0xc4/0x2e4\n[ 303.305601] ksys_write+0x70/0x104\n[ 303.306073] __arm64_sys_write+0x1c/0x28\n[ 303.306622] invoke_syscall+0x48/0x114\n[ 303.307156] el0_svc_common.constprop.0+0x44/0xec\n[ 303.307803] do_el0_svc+0x38/0x98\n[ 303.308268] el0_svc+0x2c/0x84\n[ 303.308702] el0t_64_sync_handler+0xf4/0x120\n[ 303.309293] el0t_64_sync+0x190/0x194\n[ 303.309794] Code: ???????? ???????? ???????? ???????? (????????)\n[ 303.310612] ---[ end trace 0000000000000000 ]---\n\nFix this by adding a .reconfigure() function to the fs operations which\nwe can use to check the requested flags and deny anything that's not RO\nif the firmware doesn't implement SetVariable at runtime.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52463 was patched at unknown date
ubuntu: CVE-2023-52463 was patched at 2024-03-11
93. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52464) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr': drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... 1145 | strncat(msg, other, OCX_MESSAGE_SIZE); ... 1150 | strncat(msg, other, OCX_MESSAGE_SIZE); ... Apparently the author of this driver expected strncat() to behave the way that strlcat() does, which uses the size of the destination buffer as its third argument rather than the length of the source buffer. The result is that there is no check on the size of the allocated buffer. Change it to strlcat(). [ bp: Trim compiler output, fixup commit message. ]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/thunderx: Fix possible out-of-bounds string access\n\nEnabling -Wstringop-overflow globally exposes a warning for a common bug\nin the usage of strncat():\n\n drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':\n drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=]\n 1136 | strncat(msg, other, OCX_MESSAGE_SIZE);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n ...\n 1145 | strncat(msg, other, OCX_MESSAGE_SIZE);\n ...\n 1150 | strncat(msg, other, OCX_MESSAGE_SIZE);\n\n ...\n\nApparently the author of this driver expected strncat() to behave the\nway that strlcat() does, which uses the size of the destination buffer\nas its third argument rather than the length of the source buffer. The\nresult is that there is no check on the size of the allocated buffer.\n\nChange it to strlcat().\n\n [ bp: Trim compiler output, fixup commit message. ]', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52464 was patched at unknown date
ubuntu: CVE-2023-52464 was patched at 2024-03-11
94. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52467) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: syscon: Fix null pointer dereference in of_syscon_register()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52467 was patched at unknown date
ubuntu: CVE-2023-52467 was patched at 2024-03-11
95. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52470) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check the alloc_workqueue return value in radeon_crtc_init()\n\ncheck the alloc_workqueue return value in radeon_crtc_init()\nto avoid null-ptr-deref.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52470 was patched at unknown date
ubuntu: CVE-2023-52470 was patched at 2024-03-11
96. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52583) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let's just remove it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52583 was patched at unknown date
ubuntu: CVE-2023-52583 was patched at 2024-03-11
97. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52584) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspmi: mediatek: Fix UAF on device remove\n\nThe pmif driver data that contains the clocks is allocated along with\nspmi_controller.\nOn device remove, spmi_controller will be freed first, and then devres\n, including the clocks, will be cleanup.\nThis leads to UAF because putting the clocks will access the clocks in\nthe pmif driver data, which is already freed along with spmi_controller.\n\nThis can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and\nbuilding the kernel with KASAN.\n\nFix the UAF issue by using unmanaged clk_bulk_get() and putting the\nclocks before freeing spmi_controller.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2023-52584 was patched at unknown date
ubuntu: CVE-2023-52584 was patched at 2024-03-11
98. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52587) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the `priv->lock` while iterating the `priv->multicast_list` in `ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to remove the items while in the middle of iteration. If the mcast is removed while the lock was dropped, the for loop spins forever resulting in a hard lockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel): Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below) -----------------------------------+----------------------------------- ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work) spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...) list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev) &priv->multicast_list, list) | ipoib_mcast_join(dev, mcast) | spin_unlock_irq(&priv->lock) | | spin_lock_irqsave(&priv->lock, flags) | list_for_each_entry_safe(mcast, tmcast, | &priv->multicast_list, list) | list_del(&mcast->list); | list_add_tail(&mcast->list, &remove_list) | spin_unlock_irqrestore(&priv->lock, flags) spin_lock_irq(&priv->lock) | | ipoib_mcast_remove_list(&remove_list) (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast, `priv->multicast_list` and we keep | remove_list, list) spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done) the other thread which is blocked | and the list is still valid on | it's stack.) Fix this by keeping the lock held and changing to GFP_ATOMIC to prevent eventual sleeps. Unfortunately we could not reproduce the lockup and confirm this fix but based on the code review I think this fix should address such lockups. crash> bc 31 PID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: "kworker/u72:2" -- [exception RIP: ipoib_mcast_join_task+0x1b1] RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002 RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000 work (&priv->mcast_task{,.work}) RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000 &mcast->list RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000 R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00 mcast R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8 dev priv (&priv->lock) &priv->multicast_list (aka head) ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 --- <NMI exception stack> --- #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib] #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967 crash> rx ff646f199a8c7e68 ff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work crash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000 (empty) crash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000 mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>, mcast_mutex.owner.counter = 0xff1c69998efec000 crash> b 8 PID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: "kworker/u72:0" -- #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646 #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib] #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib] #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib] #7 [ff ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nIB/ipoib: Fix mcast list locking\n\nReleasing the `priv->lock` while iterating the `priv->multicast_list` in\n`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to\nremove the items while in the middle of iteration. If the mcast is removed\nwhile the lock was dropped, the for loop spins forever resulting in a hard\nlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):\n\n Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)\n -----------------------------------+-----------------------------------\n ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)\n spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...)\n list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev)\n &priv->multicast_list, list) |\n ipoib_mcast_join(dev, mcast) |\n spin_unlock_irq(&priv->lock) |\n | spin_lock_irqsave(&priv->lock, flags)\n | list_for_each_entry_safe(mcast, tmcast,\n | &priv->multicast_list, list)\n | list_del(&mcast->list);\n | list_add_tail(&mcast->list, &remove_list)\n | spin_unlock_irqrestore(&priv->lock, flags)\n spin_lock_irq(&priv->lock) |\n | ipoib_mcast_remove_list(&remove_list)\n (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,\n `priv->multicast_list` and we keep | remove_list, list)\n spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done)\n the other thread which is blocked |\n and the list is still valid on |\n it's stack.)\n\nFix this by keeping the lock held and changing to GFP_ATOMIC to prevent\neventual sleeps.\nUnfortunately we could not reproduce the lockup and confirm this fix but\nbased on the code review I think this fix should address such lockups.\n\ncrash> bc 31\nPID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: "kworker/u72:2"\n--\n [exception RIP: ipoib_mcast_join_task+0x1b1]\n RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002\n RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000\n work (&priv->mcast_task{,.work})\n RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000\n &mcast->list\n RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000\n R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00\n mcast\n R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8\n dev priv (&priv->lock) &priv->multicast_list (aka head)\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n--- <NMI exception stack> ---\n #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]\n #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967\n\ncrash> rx ff646f199a8c7e68\nff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work\n\ncrash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000\n(empty)\n\ncrash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000\n mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>,\n mcast_mutex.owner.counter = 0xff1c69998efec000\n\ncrash> b 8\nPID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: "kworker/u72:0"\n--\n #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646\n #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]\n #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]\n #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]\n #7 [ff\n---truncated---', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52587 was patched at unknown date
ubuntu: CVE-2023-52587 was patched at 2024-03-11
99. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52588) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency between data and node may cause data corruption after SPOR. Similar issue was fixed by commit 2d1fe8a86bf5 ("f2fs: fix to tag gcing flag on page during file defragment").', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to tag gcing flag on page during block migration\n\nIt needs to add missing gcing flag on page during block migration,\nin order to garantee migrated data be persisted during checkpoint,\notherwise out-of-order persistency between data and node may cause\ndata corruption after SPOR.\n\nSimilar issue was fixed by commit 2d1fe8a86bf5 ("f2fs: fix to tag\ngcing flag on page during file defragment").', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2023-52588 was patched at unknown date
ubuntu: CVE-2023-52588 was patched at 2024-03-11
100. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52589) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is not the case, as the interrupt handler can already be running, which would lead to the ISP being disabled while the interrupt handler handling a captured frame. This brings up two issues: 1) the ISP could be powered off while the interrupt handler is still running and accessing registers, leading to board lockup, and 2) the interrupt handler code and the code that disables the streaming might do things that conflict. It is not clear to me if 2) causes a real issue, but 1) can be seen with a suitable delay (or printk in my case) in the interrupt handler, leading to board lockup.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ disable race issue\n\nIn rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the\ninterrupts and then apparently assumes that the interrupt handler won't\nbe running, and proceeds in the stop procedure. This is not the case, as\nthe interrupt handler can already be running, which would lead to the\nISP being disabled while the interrupt handler handling a captured\nframe.\n\nThis brings up two issues: 1) the ISP could be powered off while the\ninterrupt handler is still running and accessing registers, leading to\nboard lockup, and 2) the interrupt handler code and the code that\ndisables the streaming might do things that conflict.\n\nIt is not clear to me if 2) causes a real issue, but 1) can be seen with\na suitable delay (or printk in my case) in the interrupt handler,\nleading to board lockup.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2023-52589 was patched at unknown date
ubuntu: CVE-2023-52589 was patched at 2024-03-11
101. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52593) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()' should check the return value before examining skb data. So convert the latter to return an appropriate error code and propagate it to return from 'wfx_start_ap()' as well. Compile tested only.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()\n\nSince 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()'\nshould check the return value before examining skb data. So convert\nthe latter to return an appropriate error code and propagate it to\nreturn from 'wfx_start_ap()' as well. Compile tested only.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2023-52593 was patched at unknown date
ubuntu: CVE-2023-52593 was patched at 2024-03-11
102. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52595) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: restart beacon queue when hardware reset\n\nWhen a hardware reset is triggered, all registers are reset, so all\nqueues are forced to stop in hardware interface. However, mac80211\nwill not automatically stop the queue. If we don't manually stop the\nbeacon queue, the queue will be deadlocked and unable to start again.\nThis patch fixes the issue where Apple devices cannot connect to the\nAP after calling ieee80211_restart_hw().', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2023-52595 was patched at unknown date
ubuntu: CVE-2023-52595 was patched at 2024-03-11
103. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52597) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52597 was patched at unknown date
ubuntu: CVE-2023-52597 was patched at 2024-03-11
104. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52598) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space fpc register value, however it will be discarded, when returning to user space. In result the tracer will incorrectly continue to run with the value that was supposed to be used for the traced process. Fix this by saving fpu register contents with save_fpu_regs() before using test_fp_ctl().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ptrace: handle setting of fpc register correctly\n\nIf the content of the floating point control (fpc) register of a traced\nprocess is modified with the ptrace interface the new value is tested for\nvalidity by temporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the tracing process:\nif an interrupt happens while the value is temporarily loaded into the\nfpc register, and within interrupt context floating point or vector\nregisters are used, the current fp/vx registers are saved with\nsave_fpu_regs() assuming they belong to user space and will be loaded into\nfp/vx registers when returning to user space.\n\ntest_fp_ctl() restores the original user space fpc register value, however\nit will be discarded, when returning to user space.\n\nIn result the tracer will incorrectly continue to run with the value that\nwas supposed to be used for the traced process.\n\nFix this by saving fpu register contents with save_fpu_regs() before using\ntest_fp_ctl().', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52598 was patched at unknown date
ubuntu: CVE-2023-52598 was patched at 2024-03-11
105. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52599) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next report by kernel test robot (Dan Carpenter).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diNewExt\n\n[Syz report]\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2\nindex -878706688 is out of range for type 'struct iagctl[128]'\nCPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360\n diAllocExt fs/jfs/jfs_imap.c:1949 [inline]\n diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666\n diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225\n vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106\n do_mkdirat+0x264/0x3a0 fs/namei.c:4129\n __do_sys_mkdir fs/namei.c:4149 [inline]\n __se_sys_mkdir fs/namei.c:4147 [inline]\n __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7fcb7e6a0b57\nCode: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053\nRAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57\nRDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140\nRBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n\n[Analysis]\nWhen the agstart is too large, it can cause agno overflow.\n\n[Fix]\nAfter obtaining agno, if the value is invalid, exit the subsequent process.\n\n\nModified the test from agno > MAXAG to agno >= MAXAG based on linux-next\nreport by kernel test robot (Dan Carpenter).', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52599 was patched at unknown date
ubuntu: CVE-2023-52599 was patched at 2024-03-11
106. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52600) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uaf in jfs_evict_inode\n\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\n\nTherefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as\nipimap.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52600 was patched at unknown date
ubuntu: CVE-2023-52600 was patched at 2024-03-11
107. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52601) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to determine the size as suggest in the following commit. https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in dbAdjTree\n\nCurrently there is a bound check missing in the dbAdjTree while\naccessing the dmt_stree. To add the required check added the bool is_ctl\nwhich is required to determine the size as suggest in the following\ncommit.\nhttps://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52601 was patched at unknown date
ubuntu: CVE-2023-52601 was patched at 2024-03-11
108. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52602) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds Read in dtSearch\n\nCurrently while searching for current page in the sorted entry table\nof the page there is a out of bound access. Added a bound check to fix\nthe error.\n\nDave:\nSet return code to -EIO', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52602 was patched at unknown date
ubuntu: CVE-2023-52602 was patched at 2024-03-11
109. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52603) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type 'struct dtslot [128]' CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:985 [inline] dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013 do_mkdirat+0x279/0x550 fs/namei.c:4038 __do_sys_mkdirat fs/namei.c:4053 [inline] __se_sys_mkdirat fs/namei.c:4051 [inline] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcdc0113fd9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0 R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000 R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 </TASK> The issue is caused when the value of fsi becomes less than -1. The check to break the loop when fsi value becomes -1 is present but syzbot was able to produce value less than -1 which cause the error. This patch simply add the change for the values less than 0. The patch is tested via syzbot.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUBSAN: array-index-out-of-bounds in dtSplitRoot\n\nSyzkaller reported the following issue:\n\noop0: detected capacity change from 0 to 32768\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9\nindex -2 is out of range for type 'struct dtslot [128]'\nCPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283\n dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971\n dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]\n dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863\n jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270\n vfs_mkdir+0x3b3/0x590 fs/namei.c:4013\n do_mkdirat+0x279/0x550 fs/namei.c:4038\n __do_sys_mkdirat fs/namei.c:4053 [inline]\n __se_sys_mkdirat fs/namei.c:4051 [inline]\n __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fcdc0113fd9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9\nRDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003\nRBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0\nR10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000\nR13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000\n </TASK>\n\nThe issue is caused when the value of fsi becomes less than -1.\nThe check to break the loop when fsi value becomes -1 is present\nbut syzbot was able to produce value less than -1 which cause the error.\nThis patch simply add the change for the values less than 0.\n\nThe patch is tested via syzbot.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52603 was patched at unknown date
ubuntu: CVE-2023-52603 was patched at 2024-03-11
110. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52604) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6\nindex 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]')\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n </TASK>\n================================================================================\nKernel panic - not syncing: UBSAN: panic_on_warn set ...\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n panic+0x30f/0x770 kernel/panic.c:340\n check_panic_on_warn+0x82/0xa0 kernel/panic.c:236\n ubsan_epilogue lib/ubsan.c:223 [inline]\n __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n </TASK>\nKernel Offset: disabled\nRebooting in 86400 seconds..\n\nThe issue is caused when the value of lp becomes greater than\nCTLTREESIZE which is the max size of stree. Adding a simple check\nsolves this issue.\n\nDave:\nAs the function returns a void, good error handling\nwould require a more intrusive code reorganization, so I modified\nOsama's patch at use WARN_ON_ONCE for lack of a cleaner option.\n\nThe patch is tested via syzbot.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52604 was patched at unknown date
ubuntu: CVE-2023-52604 was patched at 2024-03-11
111. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52606) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/lib: Validate size for vector operations\n\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\ninstructions being emulated. The size of those operations however is\ndetermined separately in analyse_instr().\n\nAdd a check to validate the assumption on the maximum size of the\noperations, so as to prevent any unintended kernel stack corruption.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52606 was patched at unknown date
ubuntu: CVE-2023-52606 was patched at 2024-03-11
112. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52607) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2023-52607 was patched at unknown date
ubuntu: CVE-2023-52607 was patched at 2024-03-11
113. Unknown Vulnerability Type - Linux Kernel (CVE-2024-25744) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-25744 was patched at unknown date
ubuntu: CVE-2024-25744 was patched at 2024-03-06, 2024-03-08, 2024-03-19
114. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26581) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2024-26581 was patched at unknown date
ubuntu: CVE-2024-26581 was patched at 2024-03-11
115. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26592) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in ksmbd_tcp_new_connection() function.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix UAF issue in ksmbd_tcp_new_connection()\n\nThe race is between the handling of a new TCP connection and\nits disconnection. It leads to UAF on `struct tcp_transport` in\nksmbd_tcp_new_connection() function.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.133 |
debian: CVE-2024-26592 was patched at unknown date
ubuntu: CVE-2024-26592 was patched at 2024-03-11
116. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26594) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate mech token in session setup\n\nIf client send invalid mech token in session setup request, ksmbd\nvalidate and make the error if it is invalid.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.133 |
debian: CVE-2024-26594 was patched at unknown date
ubuntu: CVE-2024-26594 was patched at 2024-03-11
117. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26598) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache\n\nThere is a potential UAF scenario in the case of an LPI translation\ncache hit racing with an operation that invalidates the cache, such\nas a DISCARD ITS command. The root of the problem is that\nvgic_its_check_cache() does not elevate the refcount on the vgic_irq\nbefore dropping the lock that serializes refcount changes.\n\nHave vgic_its_check_cache() raise the refcount on the returned vgic_irq\nand add the corresponding decrement after queueing the interrupt.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2024-26598 was patched at unknown date
ubuntu: CVE-2024-26598 was patched at 2024-03-11
118. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26599) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: pwm: Fix out-of-bounds access in of_pwm_single_xlate() With args->args_count == 2 args->args[2] is not defined. Actually the flags are contained in args->args[1].', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npwm: Fix out-of-bounds access in of_pwm_single_xlate()\n\nWith args->args_count == 2 args->args[2] is not defined. Actually the\nflags are contained in args->args[1].', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-26599 was patched at unknown date
ubuntu: CVE-2024-26599 was patched at 2024-03-11
119. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26600) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet's fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2024-26600 was patched at unknown date
ubuntu: CVE-2024-26600 was patched at 2024-03-11
120. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26601) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such. This causes corruption of the buddy bitmap so we need to regenerate it in that case.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd ("ext4: remove redundant\nmb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2024-26601 was patched at unknown date
ubuntu: CVE-2024-26601 was patched at 2024-03-11
121. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26602) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/membarrier: reduce the ability to hammer on sys_membarrier\n\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2024-26602 was patched at unknown date
redhat: CVE-2024-26602 was patched at 2024-03-12, 2024-03-14
122. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26624) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: af_unix: fix lockdep positive in sk_diag_dump_icons() syzbot reported a lockdep splat [1]. Blamed commit hinted about the possible lockdep violation, and code used unix_state_lock_nested() in an attempt to silence lockdep. It is not sufficient, because unix_state_lock_nested() is already used from unix_state_double_lock(). We need to use a separate subclass. This patch adds a distinct enumeration to make things more explicit. Also use swap() in unix_state_double_lock() as a clean up. v2: add a missing inline keyword to unix_state_lock_nested() [1] WARNING: possible circular locking dependency detected 6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 Not tainted syz-executor.1/2542 is trying to acquire lock: ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, at: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863 but task is already holding lock: ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&u->lock/1){+.+.}-{2:2}: lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 sk_diag_dump_icons net/unix/diag.c:87 [inline] sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157 sk_diag_dump net/unix/diag.c:196 [inline] unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220 netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264 __netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370 netlink_dump_start include/linux/netlink.h:338 [inline] unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319 sock_diag_rcv_msg+0xe3/0x400 netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x39a/0x520 net/socket.c:1160 call_write_iter include/linux/fs.h:2085 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa74/0xca0 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b -> #0 (rlock-AF_UNIX){+.+.}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863 unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x592/0x890 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724 __do_sys_sendmmsg net/socket.c:2753 [inline] __se_sys_sendmmsg net/socket.c:2750 [inline] __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: fix lockdep positive in sk_diag_dump_icons()\n\nsyzbot reported a lockdep splat [1].\n\nBlamed commit hinted about the possible lockdep\nviolation, and code used unix_state_lock_nested()\nin an attempt to silence lockdep.\n\nIt is not sufficient, because unix_state_lock_nested()\nis already used from unix_state_double_lock().\n\nWe need to use a separate subclass.\n\nThis patch adds a distinct enumeration to make things\nmore explicit.\n\nAlso use swap() in unix_state_double_lock() as a clean up.\n\nv2: add a missing inline keyword to unix_state_lock_nested()\n\n[1]\nWARNING: possible circular locking dependency detected\n6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 Not tainted\n\nsyz-executor.1/2542 is trying to acquire lock:\n ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, at: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863\n\nbut task is already holding lock:\n ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&u->lock/1){+.+.}-{2:2}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378\n sk_diag_dump_icons net/unix/diag.c:87 [inline]\n sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157\n sk_diag_dump net/unix/diag.c:196 [inline]\n unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220\n netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264\n __netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:338 [inline]\n unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319\n sock_diag_rcv_msg+0xe3/0x400\n netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x39a/0x520 net/socket.c:1160\n call_write_iter include/linux/fs.h:2085 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa74/0xca0 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\n-> #0 (rlock-AF_UNIX){+.+.}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863\n unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x592/0x890 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724\n __do_sys_sendmmsg net/socket.c:2753 [inline]\n __se_sys_sendmmsg net/socket.c:2750 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 \n---truncated---', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.11048 |
debian: CVE-2024-26624 was patched at unknown date
ubuntu: CVE-2024-26624 was patched at 2024-03-11
123. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26627) - Low [161]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requests are in-flight, each scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called for the last in-flight request, scsi_host_busy() has been run for (N * M - 1) times, and request has been iterated for (N*M - 1) * (N * M) times. If both N and M are big enough, hard lockup can be triggered on acquiring host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169). Fix the issue by calling scsi_host_busy() outside the host lock. We don't need the host lock for getting busy count because host the lock never covers that. [mkp: Drop unnecessary 'busy' variables pointed out by Bart]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.08526 |
debian: CVE-2024-26627 was patched at unknown date
ubuntu: CVE-2024-26627 was patched at 2024-03-11
124. Denial of Service - Unknown Product (CVE-2024-25262) - Low [136]
Description: {'nvd_cve_data_all': 'texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-25262 was patched at unknown date
ubuntu: CVE-2024-25262 was patched at 2024-03-14
125. Denial of Service - Unknown Product (CVE-2024-27351) - Low [136]
Description: {'nvd_cve_data_all': 'In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-27351 was patched at unknown date
ubuntu: CVE-2024-27351 was patched at 2024-03-04
126. Unknown Vulnerability Type - keylime (CVE-2023-3674) - Low [119]
Description: {'nvd_cve_data_all': 'A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.5 | 14 | Product detected by a:keylime:keylime (exists in CPE dict) | |
0.2 | 10 | CVSS Base Score is 2.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
oraclelinux: CVE-2023-3674 was patched at 2024-03-06
redhat: CVE-2023-3674 was patched at 2024-03-05
almalinux: CVE-2023-3674 was patched at 2024-03-05
127. Unknown Vulnerability Type - Unknown Product (CVE-2024-25629) - Low [59]
Description: {'nvd_cve_data_all': 'c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.4 | 10 | CVSS Base Score is 4.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-25629 was patched at unknown date
ubuntu: CVE-2024-25629 was patched at 2024-03-06
128. Unknown Vulnerability Type - Unknown Product (CVE-2022-48624) - Low [11]
Description: {'nvd_cve_data_all': 'close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2022-48624 was patched at unknown date
ubuntu: CVE-2022-48624 was patched at 2024-02-27
129. Unknown Vulnerability Type - Unknown Product (CVE-2023-52605) - Low [11]
Description: {'nvd_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2023-52605 was patched at unknown date
ubuntu: CVE-2023-52605 was patched at 2024-03-11
130. Unknown Vulnerability Type - Unknown Product (CVE-2024-1936) - Low [11]
Description: {'nvd_cve_data_all': 'The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.07283 |
debian: CVE-2024-1936 was patched at unknown date
ubuntu: CVE-2024-1936 was patched at 2024-03-04
131. Unknown Vulnerability Type - Unknown Product (CVE-2024-26628) - Low [11]
Description: {'nvd_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-26628 was patched at unknown date
ubuntu: CVE-2024-26628 was patched at 2024-03-11
132. Unknown Vulnerability Type - Unknown Product (CVE-2024-28757) - Low [11]
Description: {'nvd_cve_data_all': 'libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.12897 |
debian: CVE-2024-28757 was patched at unknown date
ubuntu: CVE-2024-28757 was patched at 2024-03-14
133. Unknown Vulnerability Type - Unknown Product (CVE-2021-34981) - Low [0]
Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2021-34981 was patched at unknown date
oraclelinux: CVE-2021-34981 was patched at 2024-03-01
134. Unknown Vulnerability Type - Unknown Product (CVE-2023-6110) - Low [0]
Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0 | 14 | Unknown Product | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2023-6110 was patched at unknown date
ubuntu: CVE-2023-6110 was patched at 2024-02-28
debian: CVE-2024-24806 was patched at 2024-03-10, unknown date
ubuntu: CVE-2024-24806 was patched at 2024-02-28
debian: CVE-2023-32668 was patched at unknown date
ubuntu: CVE-2023-32668 was patched at 2024-03-14
debian: CVE-2023-37276 was patched at unknown date
debian: CVE-2023-47627 was patched at unknown date
debian: CVE-2023-49082 was patched at unknown date
redos: CVE-2023-37276 was patched at 2024-03-18
redos: CVE-2023-47627 was patched at 2024-03-18
redos: CVE-2023-49082 was patched at 2024-03-18
debian: CVE-2024-23638 was patched at 2024-03-08, unknown date
ubuntu: CVE-2023-6560 was patched at 2024-03-06, 2024-03-08, 2024-03-19
debian: CVE-2023-52425 was patched at unknown date
ubuntu: CVE-2023-52425 was patched at 2024-03-14
debian: CVE-2023-47641 was patched at unknown date
debian: CVE-2023-49081 was patched at unknown date
redos: CVE-2023-47641 was patched at 2024-03-18
redos: CVE-2023-49081 was patched at 2024-03-18
redhat: CVE-2023-4043 was patched at 2024-03-06
debian: CVE-2024-23301 was patched at unknown date
oraclelinux: CVE-2024-23301 was patched at 2024-03-06
redhat: CVE-2024-23301 was patched at 2024-03-05
almalinux: CVE-2024-23301 was patched at 2024-03-05
debian: CVE-2012-6655 was patched at unknown date
ubuntu: CVE-2012-6655 was patched at 2024-03-11
debian: CVE-2024-25062 was patched at unknown date
ubuntu: CVE-2024-25062 was patched at 2024-02-26, 2024-03-11
debian: CVE-2024-22667 was patched at unknown date
ubuntu: CVE-2024-22667 was patched at 2024-03-18
debian: CVE-2023-40175 was patched at unknown date
ubuntu: CVE-2023-40175 was patched at 2024-03-07
debian: CVE-2024-25081 was patched at 2024-03-19, unknown date
debian: CVE-2024-25082 was patched at 2024-03-19, unknown date
debian: CVE-2024-1085 was patched at unknown date
ubuntu: CVE-2024-0582 was patched at 2024-02-23, 2024-02-28, 2024-02-29
ubuntu: CVE-2024-1085 was patched at 2024-03-11, 2024-03-20
oraclelinux: CVE-2024-1085 was patched at 2024-03-11
redhat: CVE-2024-1085 was patched at 2024-02-28
debian: CVE-2022-20567 was patched at unknown date
ubuntu: CVE-2022-20567 was patched at 2024-03-18
debian: CVE-2023-39197 was patched at unknown date
debian: CVE-2024-0340 was patched at unknown date
ubuntu: CVE-2023-39197 was patched at 2024-03-18
ubuntu: CVE-2024-0340 was patched at 2024-03-06, 2024-03-08, 2024-03-11, 2024-03-13, 2024-03-19, 2024-03-20
debian: CVE-2023-50782 was patched at unknown date
ubuntu: CVE-2023-50782 was patched at 2024-03-04, 2024-03-14
debian: CVE-2023-5992 was patched at unknown date
oraclelinux: CVE-2023-5992 was patched at 2024-02-26
redhat: CVE-2023-5992 was patched at 2024-02-26
almalinux: CVE-2023-5992 was patched at 2024-02-26
debian: CVE-2024-0914 was patched at unknown date
oraclelinux: CVE-2024-0914 was patched at 2024-03-08
redhat: CVE-2024-0914 was patched at 2024-03-07, 2024-03-19
almalinux: CVE-2024-0914 was patched at 2024-03-07
debian: CVE-2022-48623 was patched at unknown date
ubuntu: CVE-2022-48623 was patched at 2024-02-28
debian: CVE-2023-52161 was patched at 2024-02-25, unknown date
debian: CVE-2024-24575 was patched at unknown date
ubuntu: CVE-2024-24575 was patched at 2024-03-05
debian: CVE-2024-22019 was patched at unknown date
redhat: CVE-2024-22019 was patched at 2024-03-18, 2024-03-19, 2024-03-20
debian: CVE-2022-0480 was patched at unknown date
debian: CVE-2022-48619 was patched at unknown date
debian: CVE-2023-52456 was patched at unknown date
debian: CVE-2024-24855 was patched at unknown date
debian: CVE-2024-24860 was patched at unknown date
debian: CVE-2024-26591 was patched at unknown date
ubuntu: CVE-2023-52456 was patched at 2024-03-11
ubuntu: CVE-2024-24855 was patched at 2024-03-18, 2024-03-19, 2024-03-20
ubuntu: CVE-2024-24860 was patched at 2024-03-11
ubuntu: CVE-2024-26591 was patched at 2024-03-11
oraclelinux: CVE-2022-48619 was patched at 2024-03-01
redhat: CVE-2022-0480 was patched at 2024-03-12, 2024-03-13
ubuntu: CVE-2024-21392 was patched at 2024-03-12
oraclelinux: CVE-2024-21392 was patched at 2024-03-14, 2024-03-15
redhat: CVE-2024-21392 was patched at 2024-03-13
almalinux: CVE-2024-21392 was patched at 2024-03-13
debian: CVE-2023-3966 was patched at 2024-03-14, unknown date
debian: CVE-2024-1062 was patched at unknown date
debian: CVE-2024-25111 was patched at unknown date
debian: CVE-2024-25262 was patched at unknown date
debian: CVE-2024-26141 was patched at unknown date
debian: CVE-2024-26146 was patched at unknown date
debian: CVE-2024-27351 was patched at unknown date
ubuntu: CVE-2023-3966 was patched at 2024-03-12
ubuntu: CVE-2024-25262 was patched at 2024-03-14
ubuntu: CVE-2024-26141 was patched at 2024-03-12
ubuntu: CVE-2024-26146 was patched at 2024-03-12
ubuntu: CVE-2024-27351 was patched at 2024-03-04
redhat: CVE-2023-3966 was patched at 2024-03-07
redhat: CVE-2024-1062 was patched at 2024-03-05
redhat: CVE-2024-25111 was patched at 2024-03-19
debian: CVE-2024-27913 was patched at unknown date
ubuntu: CVE-2024-27913 was patched at 2024-03-06
debian: CVE-2024-24821 was patched at 2024-02-26, unknown date
debian: CVE-2023-23000 was patched at unknown date
debian: CVE-2023-52438 was patched at unknown date
debian: CVE-2023-52439 was patched at unknown date
debian: CVE-2023-52443 was patched at unknown date
debian: CVE-2023-52444 was patched at unknown date
debian: CVE-2023-52445 was patched at unknown date
debian: CVE-2023-52447 was patched at unknown date
debian: CVE-2023-52448 was patched at unknown date
debian: CVE-2023-52449 was patched at unknown date
debian: CVE-2023-52457 was patched at unknown date
debian: CVE-2023-52469 was patched at unknown date
debian: CVE-2023-52594 was patched at unknown date
debian: CVE-2024-0775 was patched at unknown date
debian: CVE-2024-26588 was patched at unknown date
debian: CVE-2024-26589 was patched at unknown date
debian: CVE-2024-26597 was patched at unknown date
debian: CVE-2024-26625 was patched at unknown date
ubuntu: CVE-2023-23000 was patched at 2024-03-18, 2024-03-19, 2024-03-20
ubuntu: CVE-2023-52438 was patched at 2024-03-11
ubuntu: CVE-2023-52439 was patched at 2024-03-11
ubuntu: CVE-2023-52443 was patched at 2024-03-11
ubuntu: CVE-2023-52444 was patched at 2024-03-11
ubuntu: CVE-2023-52445 was patched at 2024-03-11
ubuntu: CVE-2023-52447 was patched at 2024-03-11
ubuntu: CVE-2023-52448 was patched at 2024-03-11
ubuntu: CVE-2023-52449 was patched at 2024-03-11
ubuntu: CVE-2023-52457 was patched at 2024-03-11
ubuntu: CVE-2023-52469 was patched at 2024-03-11
ubuntu: CVE-2023-52594 was patched at 2024-03-11
ubuntu: CVE-2024-0775 was patched at 2024-03-18
ubuntu: CVE-2024-26588 was patched at 2024-03-11
ubuntu: CVE-2024-26589 was patched at 2024-03-11
ubuntu: CVE-2024-26597 was patched at 2024-03-11
ubuntu: CVE-2024-26625 was patched at 2024-03-11
oraclelinux: CVE-2024-0775 was patched at 2024-03-01
debian: CVE-2024-26130 was patched at unknown date
ubuntu: CVE-2024-26130 was patched at 2024-03-04
debian: CVE-2023-46838 was patched at unknown date
ubuntu: CVE-2023-46838 was patched at 2024-03-11, 2024-03-18
debian: CVE-2024-1669 was patched at 2024-02-23, unknown date
debian: CVE-2024-1670 was patched at 2024-02-23, unknown date
debian: CVE-2024-1673 was patched at 2024-02-23, unknown date
debian: CVE-2024-1938 was patched at 2024-02-28, unknown date
debian: CVE-2024-1939 was patched at 2024-02-28, unknown date
debian: CVE-2024-2173 was patched at 2024-03-06, unknown date
debian: CVE-2024-2174 was patched at 2024-03-06, unknown date
debian: CVE-2024-2176 was patched at 2024-03-06, unknown date
debian: CVE-2024-2400 was patched at 2024-03-13, unknown date
debian: CVE-2024-23849 was patched at unknown date
ubuntu: CVE-2024-23849 was patched at 2024-03-11
debian: CVE-2024-1671 was patched at 2024-02-23, unknown date
debian: CVE-2024-1672 was patched at 2024-02-23, unknown date
debian: CVE-2024-1674 was patched at 2024-02-23, unknown date
debian: CVE-2024-1675 was patched at 2024-02-23, unknown date
debian: CVE-2024-24549 was patched at unknown date
redhat: CVE-2024-24549 was patched at 2024-03-18
debian: CVE-2024-2182 was patched at unknown date
debian: CVE-2024-25617 was patched at 2024-03-08, unknown date
ubuntu: CVE-2024-2182 was patched at 2024-03-12
redhat: CVE-2024-2182 was patched at 2024-03-19
redhat: CVE-2024-25617 was patched at 2024-03-01, 2024-03-04, 2024-03-06, 2024-03-19
debian: CVE-2023-22995 was patched at unknown date
debian: CVE-2023-50431 was patched at unknown date
debian: CVE-2023-52436 was patched at unknown date
debian: CVE-2023-52451 was patched at unknown date
debian: CVE-2023-52454 was patched at unknown date
debian: CVE-2023-52458 was patched at unknown date
debian: CVE-2023-52462 was patched at unknown date
debian: CVE-2023-52463 was patched at unknown date
debian: CVE-2023-52464 was patched at unknown date
debian: CVE-2023-52467 was patched at unknown date
debian: CVE-2023-52470 was patched at unknown date
debian: CVE-2023-52583 was patched at unknown date
debian: CVE-2023-52584 was patched at unknown date
debian: CVE-2023-52587 was patched at unknown date
debian: CVE-2023-52588 was patched at unknown date
debian: CVE-2023-52589 was patched at unknown date
debian: CVE-2023-52593 was patched at unknown date
debian: CVE-2023-52595 was patched at unknown date
debian: CVE-2023-52597 was patched at unknown date
debian: CVE-2023-52598 was patched at unknown date
debian: CVE-2023-52599 was patched at unknown date
debian: CVE-2023-52600 was patched at unknown date
debian: CVE-2023-52601 was patched at unknown date
debian: CVE-2023-52602 was patched at unknown date
debian: CVE-2023-52603 was patched at unknown date
debian: CVE-2023-52604 was patched at unknown date
debian: CVE-2023-52606 was patched at unknown date
debian: CVE-2023-52607 was patched at unknown date
debian: CVE-2024-25744 was patched at unknown date
debian: CVE-2024-26581 was patched at unknown date
debian: CVE-2024-26592 was patched at unknown date
debian: CVE-2024-26594 was patched at unknown date
debian: CVE-2024-26598 was patched at unknown date
debian: CVE-2024-26599 was patched at unknown date
debian: CVE-2024-26600 was patched at unknown date
debian: CVE-2024-26601 was patched at unknown date
debian: CVE-2024-26602 was patched at unknown date
debian: CVE-2024-26624 was patched at unknown date
debian: CVE-2024-26627 was patched at unknown date
ubuntu: CVE-2023-22995 was patched at 2024-03-06, 2024-03-08, 2024-03-11, 2024-03-13, 2024-03-19, 2024-03-20
ubuntu: CVE-2023-50431 was patched at 2024-03-11
ubuntu: CVE-2023-52436 was patched at 2024-03-11
ubuntu: CVE-2023-52451 was patched at 2024-03-11
ubuntu: CVE-2023-52454 was patched at 2024-03-11
ubuntu: CVE-2023-52458 was patched at 2024-03-11
ubuntu: CVE-2023-52462 was patched at 2024-03-11
ubuntu: CVE-2023-52463 was patched at 2024-03-11
ubuntu: CVE-2023-52464 was patched at 2024-03-11
ubuntu: CVE-2023-52467 was patched at 2024-03-11
ubuntu: CVE-2023-52470 was patched at 2024-03-11
ubuntu: CVE-2023-52583 was patched at 2024-03-11
ubuntu: CVE-2023-52584 was patched at 2024-03-11
ubuntu: CVE-2023-52587 was patched at 2024-03-11
ubuntu: CVE-2023-52588 was patched at 2024-03-11
ubuntu: CVE-2023-52589 was patched at 2024-03-11
ubuntu: CVE-2023-52593 was patched at 2024-03-11
ubuntu: CVE-2023-52595 was patched at 2024-03-11
ubuntu: CVE-2023-52597 was patched at 2024-03-11
ubuntu: CVE-2023-52598 was patched at 2024-03-11
ubuntu: CVE-2023-52599 was patched at 2024-03-11
ubuntu: CVE-2023-52600 was patched at 2024-03-11
ubuntu: CVE-2023-52601 was patched at 2024-03-11
ubuntu: CVE-2023-52602 was patched at 2024-03-11
ubuntu: CVE-2023-52603 was patched at 2024-03-11
ubuntu: CVE-2023-52604 was patched at 2024-03-11
ubuntu: CVE-2023-52606 was patched at 2024-03-11
ubuntu: CVE-2023-52607 was patched at 2024-03-11
ubuntu: CVE-2024-25744 was patched at 2024-03-06, 2024-03-08, 2024-03-19
ubuntu: CVE-2024-26581 was patched at 2024-03-11
ubuntu: CVE-2024-26592 was patched at 2024-03-11
ubuntu: CVE-2024-26594 was patched at 2024-03-11
ubuntu: CVE-2024-26598 was patched at 2024-03-11
ubuntu: CVE-2024-26599 was patched at 2024-03-11
ubuntu: CVE-2024-26600 was patched at 2024-03-11
ubuntu: CVE-2024-26601 was patched at 2024-03-11
ubuntu: CVE-2024-26624 was patched at 2024-03-11
ubuntu: CVE-2024-26627 was patched at 2024-03-11
redhat: CVE-2024-26602 was patched at 2024-03-12, 2024-03-14
debian: CVE-2023-46317 was patched at 2024-02-27, unknown date
debian: CVE-2023-50495 was patched at unknown date
ubuntu: CVE-2023-50495 was patched at 2024-03-07
oraclelinux: CVE-2023-3674 was patched at 2024-03-06
redhat: CVE-2023-3674 was patched at 2024-03-05
almalinux: CVE-2023-3674 was patched at 2024-03-05
debian: CVE-2021-34981 was patched at unknown date
debian: CVE-2022-48624 was patched at unknown date
debian: CVE-2023-52605 was patched at unknown date
debian: CVE-2023-6110 was patched at unknown date
debian: CVE-2024-1936 was patched at unknown date
debian: CVE-2024-25629 was patched at unknown date
debian: CVE-2024-26628 was patched at unknown date
debian: CVE-2024-28757 was patched at unknown date
ubuntu: CVE-2022-48624 was patched at 2024-02-27
ubuntu: CVE-2023-52605 was patched at 2024-03-11
ubuntu: CVE-2023-6110 was patched at 2024-02-28
ubuntu: CVE-2024-1936 was patched at 2024-03-04
ubuntu: CVE-2024-25629 was patched at 2024-03-06
ubuntu: CVE-2024-26628 was patched at 2024-03-11
ubuntu: CVE-2024-28757 was patched at 2024-03-14
oraclelinux: CVE-2021-34981 was patched at 2024-03-01
debian: CVE-2024-1676 was patched at 2024-02-23, unknown date
debian: CVE-2024-27285 was patched at 2024-03-04, unknown date