CVE-2026-53040 (GCVE-0-2026-53040)

Vulnerability from cvelistv5 – Published: 2026-06-24 16:29 – Updated: 2026-06-28 06:38
VLAI
Title
ocfs2: validate bg_bits during freefrag scan
Summary
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bg_bits during freefrag scan [BUG] A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT. BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline] BUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline] BUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline] BUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline] BUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754 Read of size 8 at addr ffff888031bce000 by task syz.0.636/1435 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xd1/0x650 mm/kasan/report.c:482 kasan_report+0xfb/0x140 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:186 [inline] kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200 __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] test_bit_le include/asm-generic/bitops/le.h:21 [inline] ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline] ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline] ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline] ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754 ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828 ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583 ... [CAUSE] ocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the bitmap scan limit. The coherent path reads group descriptors through ocfs2_read_group_descriptor(), which validates the descriptor before use. The non-coherent path uses ocfs2_read_blocks_sync() instead and skips that validation, so an impossible bg_bits value can drive the bitmap walk past the end of the block. [FIX] Compute the bitmap capacity from the filesystem format with ocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds that limit, and clamp the scan to the computed capacity. This keeps the freefrag report going while avoiding reads beyond the buffer.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < bb2906a1065ec28de021bac2ed03f2624edd7d07 (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < 3e167e230d19cd273108bab2e4c61800fc335ae8 (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < 0998674eec138c55e9e349b9cbd9dbc5129a9cc8 (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < bb3c54d1e71578521111f1a1ee7d5f4761a242b8 (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < 05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < 4c2d62ddde8928db12f4608950b67a20e67deab2 (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < e0dcf12665d6dde37facf790803cdad44d5c328c (git)
Affected: d24a10b9f8ed548981696cd36e2b4f16e6f360b1 , < 8f687eeed3da3012152b0f9473f578869de0cd7b (git)
Create a notification for this product.
Linux Linux Affected: 3.0
Unaffected: 0 , < 3.0 (semver)
Unaffected: 5.10.258 , ≤ 5.10.* (semver)
Unaffected: 5.15.209 , ≤ 5.15.* (semver)
Unaffected: 6.1.175 , ≤ 6.1.* (semver)
Unaffected: 6.6.141 , ≤ 6.6.* (semver)
Unaffected: 6.12.91 , ≤ 6.12.* (semver)
Unaffected: 6.18.33 , ≤ 6.18.* (semver)
Unaffected: 7.0.10 , ≤ 7.0.* (semver)
Unaffected: 7.1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb2906a1065ec28de021bac2ed03f2624edd7d07",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "3e167e230d19cd273108bab2e4c61800fc335ae8",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "0998674eec138c55e9e349b9cbd9dbc5129a9cc8",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "bb3c54d1e71578521111f1a1ee7d5f4761a242b8",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "4c2d62ddde8928db12f4608950b67a20e67deab2",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "e0dcf12665d6dde37facf790803cdad44d5c328c",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            },
            {
              "lessThan": "8f687eeed3da3012152b0f9473f578869de0cd7b",
              "status": "affected",
              "version": "d24a10b9f8ed548981696cd36e2b4f16e6f360b1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.258",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.258",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.209",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.175",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.141",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.91",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate bg_bits during freefrag scan\n\n[BUG]\nA crafted filesystem can trigger an out-of-bounds bitmap walk when\nOCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.\n\nBUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\nRead of size 8 at addr ffff888031bce000 by task syz.0.636/1435\nCall Trace:\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xd1/0x650 mm/kasan/report.c:482\n kasan_report+0xfb/0x140 mm/kasan/report.c:595\n check_region_inline mm/kasan/generic.c:186 [inline]\n kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200\n __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n test_bit_le include/asm-generic/bitops/le.h:21 [inline]\n ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\n ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\n ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\n ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\n ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828\n ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583\n ...\n\n[CAUSE]\nocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the\nbitmap scan limit. The coherent path reads group descriptors through\nocfs2_read_group_descriptor(), which validates the descriptor before\nuse. The non-coherent path uses ocfs2_read_blocks_sync() instead and\nskips that validation, so an impossible bg_bits value can drive the\nbitmap walk past the end of the block.\n\n[FIX]\nCompute the bitmap capacity from the filesystem format with\nocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds\nthat limit, and clamp the scan to the computed capacity. This keeps the\nfreefrag report going while avoiding reads beyond the buffer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-28T06:38:21.786Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb2906a1065ec28de021bac2ed03f2624edd7d07"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e167e230d19cd273108bab2e4c61800fc335ae8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0998674eec138c55e9e349b9cbd9dbc5129a9cc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb3c54d1e71578521111f1a1ee7d5f4761a242b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c2d62ddde8928db12f4608950b67a20e67deab2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0dcf12665d6dde37facf790803cdad44d5c328c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f687eeed3da3012152b0f9473f578869de0cd7b"
        }
      ],
      "title": "ocfs2: validate bg_bits during freefrag scan",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53040",
    "datePublished": "2026-06-24T16:29:46.737Z",
    "dateReserved": "2026-06-09T07:44:35.380Z",
    "dateUpdated": "2026-06-28T06:38:21.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53040",
      "date": "2026-07-02",
      "epss": "0.00122",
      "percentile": "0.02293"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53040\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-24T17:17:15.687\",\"lastModified\":\"2026-06-28T08:16:30.603\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocfs2: validate bg_bits during freefrag scan\\n\\n[BUG]\\nA crafted filesystem can trigger an out-of-bounds bitmap walk when\\nOCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.\\n\\nBUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]\\nBUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\\nBUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline]\\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\\nBUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\\nBUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\\nRead of size 8 at addr ffff888031bce000 by task syz.0.636/1435\\nCall Trace:\\n __dump_stack lib/dump_stack.c:94 [inline]\\n dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120\\n print_address_description mm/kasan/report.c:378 [inline]\\n print_report+0xd1/0x650 mm/kasan/report.c:482\\n kasan_report+0xfb/0x140 mm/kasan/report.c:595\\n check_region_inline mm/kasan/generic.c:186 [inline]\\n kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200\\n __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\\n test_bit_le include/asm-generic/bitops/le.h:21 [inline]\\n ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\\n ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\\n ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\\n ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\\n ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828\\n ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:597 [inline]\\n __se_sys_ioctl fs/ioctl.c:583 [inline]\\n __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583\\n ...\\n\\n[CAUSE]\\nocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the\\nbitmap scan limit. The coherent path reads group descriptors through\\nocfs2_read_group_descriptor(), which validates the descriptor before\\nuse. The non-coherent path uses ocfs2_read_blocks_sync() instead and\\nskips that validation, so an impossible bg_bits value can drive the\\nbitmap walk past the end of the block.\\n\\n[FIX]\\nCompute the bitmap capacity from the filesystem format with\\nocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds\\nthat limit, and clamp the scan to the computed capacity. This keeps the\\nfreefrag report going while avoiding reads beyond the buffer.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"fs/ocfs2/ioctl.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"bb2906a1065ec28de021bac2ed03f2624edd7d07\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"3e167e230d19cd273108bab2e4c61800fc335ae8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"0998674eec138c55e9e349b9cbd9dbc5129a9cc8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"bb3c54d1e71578521111f1a1ee7d5f4761a242b8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"4c2d62ddde8928db12f4608950b67a20e67deab2\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"e0dcf12665d6dde37facf790803cdad44d5c328c\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"d24a10b9f8ed548981696cd36e2b4f16e6f360b1\",\"lessThan\":\"8f687eeed3da3012152b0f9473f578869de0cd7b\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"fs/ocfs2/ioctl.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3.0\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"3.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.258\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.209\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.175\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.141\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.91\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.33\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.10\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0998674eec138c55e9e349b9cbd9dbc5129a9cc8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3e167e230d19cd273108bab2e4c61800fc335ae8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4c2d62ddde8928db12f4608950b67a20e67deab2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8f687eeed3da3012152b0f9473f578869de0cd7b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bb2906a1065ec28de021bac2ed03f2624edd7d07\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bb3c54d1e71578521111f1a1ee7d5f4761a242b8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e0dcf12665d6dde37facf790803cdad44d5c328c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…