Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0458
Vulnerability from certfr_avis - Published: 2024-05-31 - Updated: 2024-05-31
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | Legacy Module 15-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | Public Cloud Module | Public Cloud Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 12 SP5 | ||
| SUSE | SUSE Real Time Module | SUSE Real Time Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | Basesystem Module | Basesystem Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP5 | ||
| SUSE | N/A | Development Tools Module 15-SP5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP5",
"product": {
"name": "Public Cloud Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "SUSE Real Time Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP5",
"product": {
"name": "Basesystem Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-47159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47159"
},
{
"name": "CVE-2023-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35827"
},
{
"name": "CVE-2021-47205",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47205"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2021-47024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47024"
},
{
"name": "CVE-2023-52646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52646"
},
{
"name": "CVE-2021-46907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46907"
},
{
"name": "CVE-2024-26898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26898"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2022-48626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48626"
},
{
"name": "CVE-2024-26816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26816"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2021-47202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47202"
},
{
"name": "CVE-2021-47179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47179"
},
{
"name": "CVE-2021-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47100"
},
{
"name": "CVE-2021-47161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47161"
},
{
"name": "CVE-2021-47198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47198"
},
{
"name": "CVE-2021-47142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47142"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2024-27078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27078"
},
{
"name": "CVE-2022-48695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48695"
},
{
"name": "CVE-2022-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48619"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2021-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47141"
},
{
"name": "CVE-2024-26883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26883"
},
{
"name": "CVE-2022-48701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48701"
},
{
"name": "CVE-2021-47183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47183"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2021-47117",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47117"
},
{
"name": "CVE-2021-46975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46975"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2021-46958",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46958"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2022-48667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48667"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2021-46904",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46904"
},
{
"name": "CVE-2023-52635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52635"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2022-48668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48668"
},
{
"name": "CVE-2024-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24855"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2023-52515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52515"
},
{
"name": "CVE-2021-47168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47168"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2021-47015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47015"
},
{
"name": "CVE-2021-47181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47181"
},
{
"name": "CVE-2024-26903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26903"
},
{
"name": "CVE-2021-47180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47180"
},
{
"name": "CVE-2023-52454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52454"
},
{
"name": "CVE-2023-52590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52590"
},
{
"name": "CVE-2020-36312",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36312"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2024-26839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26839"
},
{
"name": "CVE-2024-26857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26857"
},
{
"name": "CVE-2021-46905",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46905"
},
{
"name": "CVE-2024-26817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26817"
},
{
"name": "CVE-2021-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47177"
},
{
"name": "CVE-2023-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
},
{
"name": "CVE-2021-47061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47061"
},
{
"name": "CVE-2022-48650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48650"
},
{
"name": "CVE-2021-47204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47204"
},
{
"name": "CVE-2021-47217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47217"
},
{
"name": "CVE-2021-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47169"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2023-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
},
{
"name": "CVE-2021-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47068"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2021-46964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46964"
},
{
"name": "CVE-2023-52650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52650"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26931"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2021-47211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47211"
},
{
"name": "CVE-2022-48636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48636"
},
{
"name": "CVE-2021-47104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47104"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2021-46950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46950"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2022-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0487"
},
{
"name": "CVE-2021-46966",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46966"
},
{
"name": "CVE-2021-46998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46998"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2022-48687",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48687"
},
{
"name": "CVE-2021-47184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47184"
},
{
"name": "CVE-2021-47165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47165"
},
{
"name": "CVE-2021-47063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47063"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2024-26948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26948"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2021-47071",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47071"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2023-52524",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52524"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2021-47112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47112"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52488",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52488"
},
{
"name": "CVE-2021-47162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47162"
},
{
"name": "CVE-2021-47056",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47056"
},
{
"name": "CVE-2021-47189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47189"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2021-47216",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47216"
},
{
"name": "CVE-2021-47138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47138"
},
{
"name": "CVE-2024-27073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27073"
},
{
"name": "CVE-2021-47114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47114"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-26922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26922"
},
{
"name": "CVE-2023-52639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52639"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2021-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47143"
},
{
"name": "CVE-2021-47149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47149"
},
{
"name": "CVE-2024-27013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27013"
},
{
"name": "CVE-2021-46938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46938"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2023-52509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52509"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2021-47045",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47045"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2023-52583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
},
{
"name": "CVE-2021-47006",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47006"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2021-47034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47034"
},
{
"name": "CVE-2021-47060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47060"
},
{
"name": "CVE-2024-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
},
{
"name": "CVE-2021-47203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47203"
},
{
"name": "CVE-2021-46988",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46988"
},
{
"name": "CVE-2021-47049",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47049"
},
{
"name": "CVE-2024-26884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26884"
},
{
"name": "CVE-2024-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26771"
},
{
"name": "CVE-2021-47207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47207"
},
{
"name": "CVE-2021-47167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47167"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2021-46963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46963"
},
{
"name": "CVE-2023-52575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52575"
},
{
"name": "CVE-2024-23848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23848"
},
{
"name": "CVE-2024-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26747"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-27074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27074"
},
{
"name": "CVE-2023-52644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52644"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-47150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47150"
},
{
"name": "CVE-2024-26777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26777"
},
{
"name": "CVE-2024-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
},
{
"name": "CVE-2024-26689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26689"
},
{
"name": "CVE-2024-26778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26778"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2024-27054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27054"
},
{
"name": "CVE-2021-47188",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47188"
},
{
"name": "CVE-2024-27075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27075"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2021-46981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46981"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2022-48688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48688"
},
{
"name": "CVE-2021-47101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
},
{
"name": "CVE-2021-46990",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46990"
},
{
"name": "CVE-2021-47166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47166"
},
{
"name": "CVE-2023-52476",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
},
{
"name": "CVE-2021-46941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46941"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2021-47070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47070"
},
{
"name": "CVE-2021-47173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47173"
},
{
"name": "CVE-2021-47182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47182"
},
{
"name": "CVE-2023-52628",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52628"
},
{
"name": "CVE-2021-46960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46960"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2019-25160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25160"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2023-52614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52614"
},
{
"name": "CVE-2021-47110",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47110"
},
{
"name": "CVE-2023-52474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2023-52652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52652"
},
{
"name": "CVE-2021-47146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47146"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-24861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24861"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
},
{
"name": "CVE-2024-27046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27046"
}
],
"initial_release_date": "2024-05-31T00:00:00",
"last_revision_date": "2024-05-31T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0458",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-05-29",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1834-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241834-1"
},
{
"published_at": "2024-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1804-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241804-1"
},
{
"published_at": "2024-05-30",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1870-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241870-1"
},
{
"published_at": "2024-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1801-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241801-1"
},
{
"published_at": "2024-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1787-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241787-1"
},
{
"published_at": "2024-05-29",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1813-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241813-1"
}
]
}
CVE-2024-26948 (GCVE-0-2024-26948)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2026-05-11 20:07
VLAI
EPSS
Title
drm/amd/display: Add a dc_state NULL check in dc_state_release
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add a dc_state NULL check in dc_state_release
[How]
Check wheather state is NULL before releasing it.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < d37a08f840485995e3fb91dad95e441b9d28a269
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 334b56cea5d9df5989be6cf1a5898114fa70ad98 (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 6.8.3 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/334b56cea5d9df5989be6cf1a5898114fa70ad98"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:45:42.687315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_state.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d37a08f840485995e3fb91dad95e441b9d28a269",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "334b56cea5d9df5989be6cf1a5898114fa70ad98",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_state.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add a dc_state NULL check in dc_state_release\n\n[How]\nCheck wheather state is NULL before releasing it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:07:28.811Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269"
},
{
"url": "https://git.kernel.org/stable/c/334b56cea5d9df5989be6cf1a5898114fa70ad98"
}
],
"title": "drm/amd/display: Add a dc_state NULL check in dc_state_release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26948",
"datePublished": "2024-05-01T05:18:21.547Z",
"dateReserved": "2024-02-19T14:20:24.198Z",
"dateUpdated": "2026-05-11T20:07:28.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26993 (GCVE-0-2024-26993)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2026-05-23 15:40
VLAI
EPSS
Title
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
The sysfs_break_active_protection() routine has an obvious reference
leak in its error path. If the call to kernfs_find_and_get() fails then
kn will be NULL, so the companion sysfs_unbreak_active_protection()
routine won't get called (and would only cause an access violation by
trying to dereference kn->parent if it was called). As a result, the
reference to kobj acquired at the start of the function will never be
released.
Fix the leak by adding an explicit kobject_put() call when kn is NULL.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
15 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2afc9166f79b8f6da5f347f48515215ceee4ae37 , < f28bba37fe244889b81bb5c508d3f6e5c6e342c5
(git)
Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < 57baab0f376bec8f54b0fe6beb8f77a57c228063 (git) Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < 84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17 (git) Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < 43f00210cb257bcb0387e8caeb4b46375d67f30c (git) Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < 5d43e072285e81b0b63cee7189b3357c7768a43b (git) Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < ac107356aabc362aaeb77463e814fc067a5d3957 (git) Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < a4c99b57d43bab45225ba92d574a8683f9edc8e4 (git) Affected: 2afc9166f79b8f6da5f347f48515215ceee4ae37 , < a90bca2228c0646fc29a72689d308e5fe03e6d78 (git) Affected: e8a37b2fd5b5087bec6cbbf6946ee3caa712953b (git) Affected: a6abc93760dd07fcd29760b70e6e7520f22cb288 (git) Affected: 461a6385e58e8247e6ba2005aa5d1b8d980ee4a2 (git) Affected: 8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a (git) Affected: c984f4d1d40a2f349503b3faf946502ccbf02f9f (git) Affected: 807d1d299a04e9ad9a9dac55419c1137a105254b (git) Affected: 3.16.62 , < 3.17 (semver) Affected: 3.18.121 , < 3.19 (semver) Affected: 4.4.154 , < 4.5 (semver) Affected: 4.9.125 , < 4.10 (semver) Affected: 4.14.68 , < 4.15 (semver) Affected: 4.18.6 , < 4.19 (semver) |
|
| Linux | Linux |
Affected:
4.19
Unaffected: 0 , < 4.19 (semver) Unaffected: 4.19.313 , ≤ 4.19.* (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.157 , ≤ 5.15.* (semver) Unaffected: 6.1.88 , ≤ 6.1.* (semver) Unaffected: 6.6.29 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:37:12.333218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:44.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:15:48.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:51:02.982Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/sysfs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f28bba37fe244889b81bb5c508d3f6e5c6e342c5",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "57baab0f376bec8f54b0fe6beb8f77a57c228063",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "43f00210cb257bcb0387e8caeb4b46375d67f30c",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "5d43e072285e81b0b63cee7189b3357c7768a43b",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "ac107356aabc362aaeb77463e814fc067a5d3957",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "a4c99b57d43bab45225ba92d574a8683f9edc8e4",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "a90bca2228c0646fc29a72689d308e5fe03e6d78",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"status": "affected",
"version": "e8a37b2fd5b5087bec6cbbf6946ee3caa712953b",
"versionType": "git"
},
{
"status": "affected",
"version": "a6abc93760dd07fcd29760b70e6e7520f22cb288",
"versionType": "git"
},
{
"status": "affected",
"version": "461a6385e58e8247e6ba2005aa5d1b8d980ee4a2",
"versionType": "git"
},
{
"status": "affected",
"version": "8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a",
"versionType": "git"
},
{
"status": "affected",
"version": "c984f4d1d40a2f349503b3faf946502ccbf02f9f",
"versionType": "git"
},
{
"status": "affected",
"version": "807d1d299a04e9ad9a9dac55419c1137a105254b",
"versionType": "git"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.62",
"versionType": "semver"
},
{
"lessThan": "3.19",
"status": "affected",
"version": "3.18.121",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.154",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.125",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.68",
"versionType": "semver"
},
{
"lessThan": "4.19",
"status": "affected",
"version": "4.18.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/sysfs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.18.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\n\nThe sysfs_break_active_protection() routine has an obvious reference\nleak in its error path. If the call to kernfs_find_and_get() fails then\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\nroutine won\u0027t get called (and would only cause an access violation by\ntrying to dereference kn-\u003eparent if it was called). As a result, the\nreference to kobj acquired at the start of the function will never be\nreleased.\n\nFix the leak by adding an explicit kobject_put() call when kn is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:40:53.659Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5"
},
{
"url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063"
},
{
"url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17"
},
{
"url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c"
},
{
"url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b"
},
{
"url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957"
},
{
"url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4"
},
{
"url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78"
}
],
"title": "fs: sysfs: Fix reference leak in sysfs_break_active_protection()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26993",
"datePublished": "2024-05-01T05:28:02.462Z",
"dateReserved": "2024-02-19T14:20:24.206Z",
"dateUpdated": "2026-05-23T15:40:53.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27013 (GCVE-0-2024-27013)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2026-05-12 11:51
VLAI
EPSS
Title
tun: limit printing rate when illegal packet received by tun dev
Summary
In the Linux kernel, the following vulnerability has been resolved:
tun: limit printing rate when illegal packet received by tun dev
vhost_worker will call tun call backs to receive packets. If too many
illegal packets arrives, tun_do_read will keep dumping packet contents.
When console is enabled, it will costs much more cpu time to dump
packet and soft lockup will be detected.
net_ratelimit mechanism can be used to limit the dumping rate.
PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980"
#0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253
#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3
#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e
#3 [fffffe00003fced0] do_nmi at ffffffff8922660d
#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663
[exception RIP: io_serial_in+20]
RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002
RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0
RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f
R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020
R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#5 [ffffa655314979e8] io_serial_in at ffffffff89792594
#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470
#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6
#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605
#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558
#10 [ffffa65531497ac8] console_unlock at ffffffff89316124
#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07
#12 [ffffa65531497b68] printk at ffffffff89318306
#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765
#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]
#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]
#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]
#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]
#18 [ffffa65531497f10] kthread at ffffffff892d2e72
#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
15 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < 68459b8e3ee554ce71878af9eb69659b9462c588
(git)
Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < 4b0dcae5c4797bf31c63011ed62917210d3fdac3 (git) Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < 14cdb43dbc827e18ac7d5b30c5b4c676219f1421 (git) Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < a50dbeca28acf7051dfa92786b85f704c75db6eb (git) Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < 62e27ef18eb4f0d33bbae8e9ef56b99696a74713 (git) Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < 40f4ced305c6c47487d3cd8da54676e2acc1a6ad (git) Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < 52854101180beccdb9dc2077a3bea31b6ad48dfa (git) Affected: ef3db4a5954281bc1ea49a4739c88eaea091dc71 , < f8bbc07ac535593139c875ffa19af924b1084540 (git) |
|
| Linux | Linux |
Affected:
2.6.35
Unaffected: 0 , < 2.6.35 (semver) Unaffected: 4.19.313 , ≤ 4.19.* (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.157 , ≤ 5.15.* (semver) Unaffected: 6.1.88 , ≤ 6.1.* (semver) Unaffected: 6.6.29 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:35:26.133742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:49.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:17:07.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:51:05.557Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68459b8e3ee554ce71878af9eb69659b9462c588",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "4b0dcae5c4797bf31c63011ed62917210d3fdac3",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "14cdb43dbc827e18ac7d5b30c5b4c676219f1421",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "a50dbeca28acf7051dfa92786b85f704c75db6eb",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "62e27ef18eb4f0d33bbae8e9ef56b99696a74713",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "40f4ced305c6c47487d3cd8da54676e2acc1a6ad",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "52854101180beccdb9dc2077a3bea31b6ad48dfa",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "f8bbc07ac535593139c875ffa19af924b1084540",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: limit printing rate when illegal packet received by tun dev\n\nvhost_worker will call tun call backs to receive packets. If too many\nillegal packets arrives, tun_do_read will keep dumping packet contents.\nWhen console is enabled, it will costs much more cpu time to dump\npacket and soft lockup will be detected.\n\nnet_ratelimit mechanism can be used to limit the dumping rate.\n\nPID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: \"vhost-32980\"\n #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253\n #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3\n #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e\n #3 [fffffe00003fced0] do_nmi at ffffffff8922660d\n #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663\n [exception RIP: io_serial_in+20]\n RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002\n RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000\n RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0\n RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f\n R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020\n R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #5 [ffffa655314979e8] io_serial_in at ffffffff89792594\n #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470\n #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6\n #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605\n #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558\n #10 [ffffa65531497ac8] console_unlock at ffffffff89316124\n #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07\n #12 [ffffa65531497b68] printk at ffffffff89318306\n #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765\n #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]\n #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]\n #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]\n #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]\n #18 [ffffa65531497f10] kthread at ffffffff892d2e72\n #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:08:43.707Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588"
},
{
"url": "https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3"
},
{
"url": "https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421"
},
{
"url": "https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb"
},
{
"url": "https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713"
},
{
"url": "https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad"
},
{
"url": "https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa"
},
{
"url": "https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540"
}
],
"title": "tun: limit printing rate when illegal packet received by tun dev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27013",
"datePublished": "2024-05-01T05:29:42.289Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2026-05-12T11:51:05.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27014 (GCVE-0-2024-27014)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2026-05-11 20:08
VLAI
EPSS
Title
net/mlx5e: Prevent deadlock while disabling aRFS
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Prevent deadlock while disabling aRFS
When disabling aRFS under the `priv->state_lock`, any scheduled
aRFS works are canceled using the `cancel_work_sync` function,
which waits for the work to end if it has already started.
However, while waiting for the work handler, the handler will
try to acquire the `state_lock` which is already acquired.
The worker acquires the lock to delete the rules if the state
is down, which is not the worker's responsibility since
disabling aRFS deletes the rules.
Add an aRFS state variable, which indicates whether the aRFS is
enabled and prevent adding rules when the aRFS is disabled.
Kernel log:
======================================================
WARNING: possible circular locking dependency detected
6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I
------------------------------------------------------
ethtool/386089 is trying to acquire lock:
ffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0
but task is already holding lock:
ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&priv->state_lock){+.+.}-{3:3}:
__mutex_lock+0x80/0xc90
arfs_handle_work+0x4b/0x3b0 [mlx5_core]
process_one_work+0x1dc/0x4a0
worker_thread+0x1bf/0x3c0
kthread+0xd7/0x100
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
-> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}:
__lock_acquire+0x17b4/0x2c80
lock_acquire+0xd0/0x2b0
__flush_work+0x7a/0x4e0
__cancel_work_timer+0x131/0x1c0
arfs_del_rules+0x143/0x1e0 [mlx5_core]
mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]
mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]
ethnl_set_channels+0x28f/0x3b0
ethnl_default_set_doit+0xec/0x240
genl_family_rcv_msg_doit+0xd0/0x120
genl_rcv_msg+0x188/0x2c0
netlink_rcv_skb+0x54/0x100
genl_rcv+0x24/0x40
netlink_unicast+0x1a1/0x270
netlink_sendmsg+0x214/0x460
__sock_sendmsg+0x38/0x60
__sys_sendto+0x113/0x170
__x64_sys_sendto+0x20/0x30
do_syscall_64+0x40/0xe0
entry_SYSCALL_64_after_hwframe+0x46/0x4e
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&priv->state_lock);
lock((work_completion)(&rule->arfs_work));
lock(&priv->state_lock);
lock((work_completion)(&rule->arfs_work));
*** DEADLOCK ***
3 locks held by ethtool/386089:
#0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40
#1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240
#2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]
stack backtrace:
CPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x60/0xa0
check_noncircular+0x144/0x160
__lock_acquire+0x17b4/0x2c80
lock_acquire+0xd0/0x2b0
? __flush_work+0x74/0x4e0
? save_trace+0x3e/0x360
? __flush_work+0x74/0x4e0
__flush_work+0x7a/0x4e0
? __flush_work+0x74/0x4e0
? __lock_acquire+0xa78/0x2c80
? lock_acquire+0xd0/0x2b0
? mark_held_locks+0x49/0x70
__cancel_work_timer+0x131/0x1c0
? mark_held_locks+0x49/0x70
arfs_del_rules+0x143/0x1e0 [mlx5_core]
mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]
mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]
ethnl_set_channels+0x28f/0x3b0
ethnl_default_set_doit+0xec/0x240
genl_family_rcv_msg_doit+0xd0/0x120
genl_rcv_msg+0x188/0x2c0
? ethn
---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b
(git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 48c4bb81df19402d4346032353d0795260255e3b (git) Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 0080bf99499468030248ebd25dd645e487dcecdc (git) Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < fef965764cf562f28afb997b626fc7c3cec99693 (git) |
|
| Linux | Linux |
Affected:
4.7
Unaffected: 0 , < 4.7 (semver) Unaffected: 6.1.88 , ≤ 6.1.* (semver) Unaffected: 6.6.29 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:27.350253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:46:06.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:17:11.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b",
"status": "affected",
"version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
"versionType": "git"
},
{
"lessThan": "48c4bb81df19402d4346032353d0795260255e3b",
"status": "affected",
"version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
"versionType": "git"
},
{
"lessThan": "0080bf99499468030248ebd25dd645e487dcecdc",
"status": "affected",
"version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
"versionType": "git"
},
{
"lessThan": "fef965764cf562f28afb997b626fc7c3cec99693",
"status": "affected",
"version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker\u0027s responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\n __mutex_lock+0x80/0xc90\n arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n process_one_work+0x1dc/0x4a0\n worker_thread+0x1bf/0x3c0\n kthread+0xd7/0x100\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n __flush_work+0x7a/0x4e0\n __cancel_work_timer+0x131/0x1c0\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1a1/0x270\n netlink_sendmsg+0x214/0x460\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x113/0x170\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026priv-\u003estate_lock);\n lock((work_completion)(\u0026rule-\u003earfs_work));\n lock(\u0026priv-\u003estate_lock);\n lock((work_completion)(\u0026rule-\u003earfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:08:44.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
},
{
"url": "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b"
},
{
"url": "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc"
},
{
"url": "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693"
}
],
"title": "net/mlx5e: Prevent deadlock while disabling aRFS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27014",
"datePublished": "2024-05-01T05:29:46.980Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2026-05-11T20:08:44.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27043 (GCVE-0-2024-27043)
Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2026-05-11 20:09
VLAI
EPSS
Title
media: edia: dvbdev: fix a use-after-free
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: edia: dvbdev: fix a use-after-free
In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:
budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put
When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b61901024776b25ce7b8edc31bb1757c7382a88e , < d0f5c28333822f9baa5280d813124920720fd856
(git)
Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 096237039d00c839f3e3a5fe6d001bf0db45b644 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 0d3fe80b6d175c220b3e252efc6c6777e700e98e (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 437a111f79a2f5b2a5f21e27fdec6f40c8768712 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 779e8db7efb22316c8581d6c229636d2f5694a62 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 35674111a043b0482a9bc69da8850a83f465b07d (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < b7586e902128e4fb7bfbb661cb52e4215a65637b (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 8c64f4cdf4e6cc5682c52523713af8c39c94e6d5 (git) |
|
| Linux | Linux |
Affected:
2.6.21
Unaffected: 0 , < 2.6.21 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:22:34.576999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:22:42.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0f5c28333822f9baa5280d813124920720fd856",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "f20c3270f3ed5aa6919a87e4de9bf6c05fb57086",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "096237039d00c839f3e3a5fe6d001bf0db45b644",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "0d3fe80b6d175c220b3e252efc6c6777e700e98e",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "437a111f79a2f5b2a5f21e27fdec6f40c8768712",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "779e8db7efb22316c8581d6c229636d2f5694a62",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "35674111a043b0482a9bc69da8850a83f465b07d",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "b7586e902128e4fb7bfbb661cb52e4215a65637b",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "8c64f4cdf4e6cc5682c52523713af8c39c94e6d5",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.21"
},
{
"lessThan": "2.6.21",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:17.969Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
}
],
"title": "media: edia: dvbdev: fix a use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27043",
"datePublished": "2024-05-01T12:54:11.197Z",
"dateReserved": "2024-02-19T14:20:24.212Z",
"dateUpdated": "2026-05-11T20:09:17.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27046 (GCVE-0-2024-27046)
Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2026-05-11 20:09
VLAI
EPSS
Title
nfp: flower: handle acti_netdevs allocation failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfp: flower: handle acti_netdevs allocation failure
The kmalloc_array() in nfp_fl_lag_do_work() will return null, if
the physical memory has run out. As a result, if we dereference
the acti_netdevs, the null pointer dereference bugs will happen.
This patch adds a check to judge whether allocation failure occurs.
If it happens, the delayed work will be rescheduled and try again.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bb9a8d031140f186d13d82f57b0f5646d596652f , < d746889db75a76aeee95fb705b8e1ac28c684a2e
(git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 3b1e8a617eb0f4cdc19def530047a95b5abde07d (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 928705e341010dd910fdece61ccb974f494a758f (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 0d387dc503f9a53e6d1f6e9dd0292d38f083eba5 (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < c9b4e220dd18f79507803f38a55d53b483f6c9c3 (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 408ba7fd04f959c61b50db79c983484312fea642 (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < c8df9203bf22c66fa26e8d8c7f8ce181cf88099d (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 9d8eb1238377cd994829f9162ae396a84ae037b2 (git) Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 84e95149bd341705f0eca6a7fcb955c548805002 (git) |
|
| Linux | Linux |
Affected:
4.18
Unaffected: 0 , < 4.18 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:11.581706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:45:28.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/netronome/nfp/flower/lag_conf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d746889db75a76aeee95fb705b8e1ac28c684a2e",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "3b1e8a617eb0f4cdc19def530047a95b5abde07d",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "928705e341010dd910fdece61ccb974f494a758f",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "0d387dc503f9a53e6d1f6e9dd0292d38f083eba5",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "c9b4e220dd18f79507803f38a55d53b483f6c9c3",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "408ba7fd04f959c61b50db79c983484312fea642",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "c8df9203bf22c66fa26e8d8c7f8ce181cf88099d",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "9d8eb1238377cd994829f9162ae396a84ae037b2",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "84e95149bd341705f0eca6a7fcb955c548805002",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/netronome/nfp/flower/lag_conf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: handle acti_netdevs allocation failure\n\nThe kmalloc_array() in nfp_fl_lag_do_work() will return null, if\nthe physical memory has run out. As a result, if we dereference\nthe acti_netdevs, the null pointer dereference bugs will happen.\n\nThis patch adds a check to judge whether allocation failure occurs.\nIf it happens, the delayed work will be rescheduled and try again."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:21.444Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e"
},
{
"url": "https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d"
},
{
"url": "https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f"
},
{
"url": "https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5"
},
{
"url": "https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3"
},
{
"url": "https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642"
},
{
"url": "https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d"
},
{
"url": "https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2"
},
{
"url": "https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002"
}
],
"title": "nfp: flower: handle acti_netdevs allocation failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27046",
"datePublished": "2024-05-01T12:54:21.725Z",
"dateReserved": "2024-02-19T14:20:24.213Z",
"dateUpdated": "2026-05-11T20:09:21.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27054 (GCVE-0-2024-27054)
Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2026-05-11 20:09
VLAI
EPSS
Title
s390/dasd: fix double module refcount decrement
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix double module refcount decrement
Once the discipline is associated with the device, deleting the device
takes care of decrementing the module's refcount. Doing it manually on
this error path causes refcount to artificially decrease on each error
while it should just stay the same.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c020d722b110a44c613ef71e657e6dd4116e09d9 , < 9fe0562179d8fa960afca0eaed6d4ba4122a3cc6
(git)
Affected: c020d722b110a44c613ef71e657e6dd4116e09d9 , < edbdb0d94143db46edd373cc93e433832d29fe19 (git) Affected: c020d722b110a44c613ef71e657e6dd4116e09d9 , < ad999aa18103fa038787b6a8a55020abcf34df1a (git) Affected: c020d722b110a44c613ef71e657e6dd4116e09d9 , < ec09bcab32fc4765e0cc97e1b72cdd067135f37e (git) Affected: c020d722b110a44c613ef71e657e6dd4116e09d9 , < fa18aa507ea71d8914b6acb2c94db311c757c650 (git) Affected: c020d722b110a44c613ef71e657e6dd4116e09d9 , < ebc5a3bd79e54f98c885c26f0862a27a02c487c5 (git) Affected: c020d722b110a44c613ef71e657e6dd4116e09d9 , < c3116e62ddeff79cae342147753ce596f01fcf06 (git) |
|
| Linux | Linux |
Affected:
4.9
Unaffected: 0 , < 4.9 (semver) Unaffected: 5.10.237 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:30:31.482327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T20:08:55.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edbdb0d94143db46edd373cc93e433832d29fe19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad999aa18103fa038787b6a8a55020abcf34df1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec09bcab32fc4765e0cc97e1b72cdd067135f37e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa18aa507ea71d8914b6acb2c94db311c757c650"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebc5a3bd79e54f98c885c26f0862a27a02c487c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3116e62ddeff79cae342147753ce596f01fcf06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9fe0562179d8fa960afca0eaed6d4ba4122a3cc6",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
},
{
"lessThan": "edbdb0d94143db46edd373cc93e433832d29fe19",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
},
{
"lessThan": "ad999aa18103fa038787b6a8a55020abcf34df1a",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
},
{
"lessThan": "ec09bcab32fc4765e0cc97e1b72cdd067135f37e",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
},
{
"lessThan": "fa18aa507ea71d8914b6acb2c94db311c757c650",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
},
{
"lessThan": "ebc5a3bd79e54f98c885c26f0862a27a02c487c5",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
},
{
"lessThan": "c3116e62ddeff79cae342147753ce596f01fcf06",
"status": "affected",
"version": "c020d722b110a44c613ef71e657e6dd4116e09d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix double module refcount decrement\n\nOnce the discipline is associated with the device, deleting the device\ntakes care of decrementing the module\u0027s refcount. Doing it manually on\nthis error path causes refcount to artificially decrease on each error\nwhile it should just stay the same."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:30.974Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9fe0562179d8fa960afca0eaed6d4ba4122a3cc6"
},
{
"url": "https://git.kernel.org/stable/c/edbdb0d94143db46edd373cc93e433832d29fe19"
},
{
"url": "https://git.kernel.org/stable/c/ad999aa18103fa038787b6a8a55020abcf34df1a"
},
{
"url": "https://git.kernel.org/stable/c/ec09bcab32fc4765e0cc97e1b72cdd067135f37e"
},
{
"url": "https://git.kernel.org/stable/c/fa18aa507ea71d8914b6acb2c94db311c757c650"
},
{
"url": "https://git.kernel.org/stable/c/ebc5a3bd79e54f98c885c26f0862a27a02c487c5"
},
{
"url": "https://git.kernel.org/stable/c/c3116e62ddeff79cae342147753ce596f01fcf06"
}
],
"title": "s390/dasd: fix double module refcount decrement",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27054",
"datePublished": "2024-05-01T12:54:49.441Z",
"dateReserved": "2024-02-19T14:20:24.214Z",
"dateUpdated": "2026-05-11T20:09:30.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27072 (GCVE-0-2024-27072)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2026-05-12 11:51
VLAI
EPSS
Title
media: usbtv: Remove useless locks in usbtv_video_free()
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: usbtv: Remove useless locks in usbtv_video_free()
Remove locks calls in usbtv_video_free() because
are useless and may led to a deadlock as reported here:
https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000
Also remove usbtv_stop() call since it will be called when
unregistering the device.
Before 'c838530d230b' this issue would only be noticed if you
disconnect while streaming and now it is noticeable even when
disconnecting while not streaming.
[hverkuil: fix minor spelling mistake in log message]
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f3d27f34fdd7701e499617d2c1d94480a98f6d07 , < 4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9
(git)
Affected: f3d27f34fdd7701e499617d2c1d94480a98f6d07 , < d5ed208d04acf06781d63d30f9fa991e8d609ebd (git) Affected: f3d27f34fdd7701e499617d2c1d94480a98f6d07 , < bdd82c47b22a8befd617b723098b2a41b77373c7 (git) Affected: f3d27f34fdd7701e499617d2c1d94480a98f6d07 , < dea46e246ef0f98d89d59a4229157cd9ffb636bf (git) Affected: f3d27f34fdd7701e499617d2c1d94480a98f6d07 , < 3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2 (git) Affected: f3d27f34fdd7701e499617d2c1d94480a98f6d07 , < 65e6a2773d655172143cc0b927cdc89549842895 (git) |
|
| Linux | Linux |
Affected:
3.11
Unaffected: 0 , < 3.11 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:54:11.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T18:51:09.728947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:05:19.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:51:28.272Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/usbtv/usbtv-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9",
"status": "affected",
"version": "f3d27f34fdd7701e499617d2c1d94480a98f6d07",
"versionType": "git"
},
{
"lessThan": "d5ed208d04acf06781d63d30f9fa991e8d609ebd",
"status": "affected",
"version": "f3d27f34fdd7701e499617d2c1d94480a98f6d07",
"versionType": "git"
},
{
"lessThan": "bdd82c47b22a8befd617b723098b2a41b77373c7",
"status": "affected",
"version": "f3d27f34fdd7701e499617d2c1d94480a98f6d07",
"versionType": "git"
},
{
"lessThan": "dea46e246ef0f98d89d59a4229157cd9ffb636bf",
"status": "affected",
"version": "f3d27f34fdd7701e499617d2c1d94480a98f6d07",
"versionType": "git"
},
{
"lessThan": "3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2",
"status": "affected",
"version": "f3d27f34fdd7701e499617d2c1d94480a98f6d07",
"versionType": "git"
},
{
"lessThan": "65e6a2773d655172143cc0b927cdc89549842895",
"status": "affected",
"version": "f3d27f34fdd7701e499617d2c1d94480a98f6d07",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/usbtv/usbtv-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Remove useless locks in usbtv_video_free()\n\nRemove locks calls in usbtv_video_free() because\nare useless and may led to a deadlock as reported here:\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\nAlso remove usbtv_stop() call since it will be called when\nunregistering the device.\n\nBefore \u0027c838530d230b\u0027 this issue would only be noticed if you\ndisconnect while streaming and now it is noticeable even when\ndisconnecting while not streaming.\n\n\n[hverkuil: fix minor spelling mistake in log message]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:50.763Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9"
},
{
"url": "https://git.kernel.org/stable/c/d5ed208d04acf06781d63d30f9fa991e8d609ebd"
},
{
"url": "https://git.kernel.org/stable/c/bdd82c47b22a8befd617b723098b2a41b77373c7"
},
{
"url": "https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf"
},
{
"url": "https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2"
},
{
"url": "https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895"
}
],
"title": "media: usbtv: Remove useless locks in usbtv_video_free()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27072",
"datePublished": "2024-05-01T13:04:34.169Z",
"dateReserved": "2024-02-19T14:20:24.216Z",
"dateUpdated": "2026-05-12T11:51:28.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27073 (GCVE-0-2024-27073)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2026-05-11 20:09
VLAI
EPSS
Title
media: ttpci: fix two memleaks in budget_av_attach
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: ttpci: fix two memleaks in budget_av_attach
When saa7146_register_device and saa7146_vv_init fails, budget_av_attach
should free the resources it allocates, like the error-handling of
ttpci_budget_init does. Besides, there are two fixme comment refers to
such deallocations.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < af37aed04997e644f7e1b52b696b62dcae3cc016
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 910363473e4bf97da3c350e08d915546dd6cc30b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 24e51d6eb578b82ff292927f14b9f5ec05a46beb (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7393c681f9aa05ffe2385e8716989565eed2fe06 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 656b8cc123d7635dd399d9f02594f27aa797ac3c (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d0b07f712bf61e1a3cf23c87c663791c42e50837 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:09:11.753345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:51:09.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/ttpci/budget-av.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "af37aed04997e644f7e1b52b696b62dcae3cc016",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "910363473e4bf97da3c350e08d915546dd6cc30b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "24e51d6eb578b82ff292927f14b9f5ec05a46beb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7393c681f9aa05ffe2385e8716989565eed2fe06",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "656b8cc123d7635dd399d9f02594f27aa797ac3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0b07f712bf61e1a3cf23c87c663791c42e50837",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/ttpci/budget-av.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ttpci: fix two memleaks in budget_av_attach\n\nWhen saa7146_register_device and saa7146_vv_init fails, budget_av_attach\nshould free the resources it allocates, like the error-handling of\nttpci_budget_init does. Besides, there are two fixme comment refers to\nsuch deallocations."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:51.921Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016"
},
{
"url": "https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b"
},
{
"url": "https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb"
},
{
"url": "https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0"
},
{
"url": "https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06"
},
{
"url": "https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63"
},
{
"url": "https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c"
},
{
"url": "https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837"
}
],
"title": "media: ttpci: fix two memleaks in budget_av_attach",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27073",
"datePublished": "2024-05-01T13:04:37.653Z",
"dateReserved": "2024-02-19T14:20:24.216Z",
"dateUpdated": "2026-05-11T20:09:51.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27074 (GCVE-0-2024-27074)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2026-05-11 20:09
VLAI
EPSS
Title
media: go7007: fix a memleak in go7007_load_encoder
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: go7007: fix a memleak in go7007_load_encoder
In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without
a deallocation thereafter. After the following call chain:
saa7134_go7007_init
|-> go7007_boot_encoder
|-> go7007_load_encoder
|-> kfree(go)
go is freed and thus bounce is leaked.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 7f11dd3d165b178e738fe73dfeea513e383bedb5
(git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 291cda0b805fc0d6e90d201710311630c8667159 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < b49fe84c6cefcc1c2336d793b53442e716c95073 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 790fa2c04dfb9f095ec372bf17909424d6e864b3 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < e04d15c8bb3e111dd69f98894acd92d63e87aac3 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < d43988a23c32588ccd0c74219637afb96cd78661 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 7405a0d4442792988e9ae834e7d84f9d163731a4 (git) Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < b9b683844b01d171a72b9c0419a2d760d946ee12 (git) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:38:34.857728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:45.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/go7007/go7007-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7f11dd3d165b178e738fe73dfeea513e383bedb5",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "291cda0b805fc0d6e90d201710311630c8667159",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "b49fe84c6cefcc1c2336d793b53442e716c95073",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "790fa2c04dfb9f095ec372bf17909424d6e864b3",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "e04d15c8bb3e111dd69f98894acd92d63e87aac3",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "d43988a23c32588ccd0c74219637afb96cd78661",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "7405a0d4442792988e9ae834e7d84f9d163731a4",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "b9b683844b01d171a72b9c0419a2d760d946ee12",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/go7007/go7007-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: go7007: fix a memleak in go7007_load_encoder\n\nIn go7007_load_encoder, bounce(i.e. go-\u003eboot_fw), is allocated without\na deallocation thereafter. After the following call chain:\n\nsaa7134_go7007_init\n |-\u003e go7007_boot_encoder\n |-\u003e go7007_load_encoder\n |-\u003e kfree(go)\n\ngo is freed and thus bounce is leaked."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:53.176Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5"
},
{
"url": "https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159"
},
{
"url": "https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073"
},
{
"url": "https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3"
},
{
"url": "https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3"
},
{
"url": "https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975"
},
{
"url": "https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661"
},
{
"url": "https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4"
},
{
"url": "https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12"
}
],
"title": "media: go7007: fix a memleak in go7007_load_encoder",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27074",
"datePublished": "2024-05-01T13:04:41.079Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2026-05-11T20:09:53.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…