Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0719
Vulnerability from certfr_avis - Published: 2024-08-23 - Updated: 2024-08-23
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bullseye versions ant\u00e9rieures \u00e0 5.10.223-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2022-48666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48666"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41034"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-36484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36484"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-36938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41017"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-36901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36901"
},
{
"name": "CVE-2024-41090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41090"
},
{
"name": "CVE-2024-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41077"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41046"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
}
],
"initial_release_date": "2024-08-23T00:00:00",
"last_revision_date": "2024-08-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0719",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5747-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00159.html"
}
]
}
CVE-2024-41055 (GCVE-0-2024-41055)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
mm: prevent derefencing NULL ptr in pfn_section_valid()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent derefencing NULL ptr in pfn_section_valid()
Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing
memory_section->usage") changed pfn_section_valid() to add a READ_ONCE()
call around "ms->usage" to fix a race with section_deactivate() where
ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough
to prevent NULL pointer dereference. We need to check its value before
dereferencing it.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
90ad17575d26874287271127d43ef3c2af876cea , < 0100aeb8a12d51950418e685f879cc80cb8e5982
(git)
Affected: b448de2459b6d62a53892487ab18b7d823ff0529 , < bc17f2377818dca643a74499c3f5333500c90503 (git) Affected: 68ed9e33324021e9d6b798e9db00ca3093d2012a , < 941e816185661bf2b44b488565d09444ae316509 (git) Affected: 70064241f2229f7ba7b9599a98f68d9142e81a97 , < 797323d1cf92d09b7a017cfec576d9babf99cde7 (git) Affected: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 , < adccdf702b4ea913ded5ff512239e382d7473b63 (git) Affected: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 , < 82f0b6f041fad768c28b4ad05a683065412c226e (git) Affected: 3a01daace71b521563c38bbbf874e14c3e58adb7 (git) Affected: 5.10.210 , < 5.10.222 (semver) Affected: 5.15.149 , < 5.15.163 (semver) Affected: 6.1.76 , < 6.1.100 (semver) Affected: 6.6.15 , < 6.6.41 (semver) Affected: 6.7.3 , < 6.8 (semver) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:54.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:28.194623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:01.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/mmzone.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0100aeb8a12d51950418e685f879cc80cb8e5982",
"status": "affected",
"version": "90ad17575d26874287271127d43ef3c2af876cea",
"versionType": "git"
},
{
"lessThan": "bc17f2377818dca643a74499c3f5333500c90503",
"status": "affected",
"version": "b448de2459b6d62a53892487ab18b7d823ff0529",
"versionType": "git"
},
{
"lessThan": "941e816185661bf2b44b488565d09444ae316509",
"status": "affected",
"version": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
"versionType": "git"
},
{
"lessThan": "797323d1cf92d09b7a017cfec576d9babf99cde7",
"status": "affected",
"version": "70064241f2229f7ba7b9599a98f68d9142e81a97",
"versionType": "git"
},
{
"lessThan": "adccdf702b4ea913ded5ff512239e382d7473b63",
"status": "affected",
"version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
"versionType": "git"
},
{
"lessThan": "82f0b6f041fad768c28b4ad05a683065412c226e",
"status": "affected",
"version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
"versionType": "git"
},
{
"status": "affected",
"version": "3a01daace71b521563c38bbbf874e14c3e58adb7",
"versionType": "git"
},
{
"lessThan": "5.10.222",
"status": "affected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThan": "5.15.163",
"status": "affected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThan": "6.1.100",
"status": "affected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThan": "6.6.41",
"status": "affected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThan": "6.8",
"status": "affected",
"version": "6.7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/mmzone.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:49.078Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
},
{
"url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
},
{
"url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
},
{
"url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
},
{
"url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
},
{
"url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
}
],
"title": "mm: prevent derefencing NULL ptr in pfn_section_valid()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41055",
"datePublished": "2024-07-29T14:32:10.672Z",
"dateReserved": "2024-07-12T12:17:45.627Z",
"dateUpdated": "2026-05-23T15:51:49.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41059 (GCVE-0-2024-41059)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
hfsplus: fix uninit-value in copy_name
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix uninit-value in copy_name
[syzbot reported]
BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160
sized_strscpy+0xc4/0x160
copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411
hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x1f3/0x6b0 fs/xattr.c:840
path_listxattr fs/xattr.c:864 [inline]
__do_sys_listxattr fs/xattr.c:876 [inline]
__se_sys_listxattr fs/xattr.c:873 [inline]
__x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3877 [inline]
slab_alloc_node mm/slub.c:3918 [inline]
kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065
kmalloc include/linux/slab.h:628 [inline]
hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x1f3/0x6b0 fs/xattr.c:840
path_listxattr fs/xattr.c:864 [inline]
__do_sys_listxattr fs/xattr.c:876 [inline]
__se_sys_listxattr fs/xattr.c:873 [inline]
__x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
[Fix]
When allocating memory to strbuf, initialize memory to 0.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
017f8da43e92ddd9989884720b694a512e09ccce , < 72805debec8f7aa342da194fe0ed7bc8febea335
(git)
Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < c733e24a61cbcff10f660041d6d84d32bb7e4cb4 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < 34f8efd2743f2d961e92e8e994de4c7a2f9e74a0 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < d02d8c1dacafb28930c39e16d48e40bb6e4cbc70 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < 22999936b91ba545ce1fbbecae6895127945e91c (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < 0570730c16307a72f8241df12363f76600baf57d (git) |
|
| Linux | Linux |
Affected:
3.16
Unaffected: 0 , < 3.16 (semver) Unaffected: 4.19.319 , ≤ 4.19.* (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:03.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:15.385503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72805debec8f7aa342da194fe0ed7bc8febea335",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "c733e24a61cbcff10f660041d6d84d32bb7e4cb4",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "34f8efd2743f2d961e92e8e994de4c7a2f9e74a0",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "d02d8c1dacafb28930c39e16d48e40bb6e4cbc70",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "22999936b91ba545ce1fbbecae6895127945e91c",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "0570730c16307a72f8241df12363f76600baf57d",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:24.451Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335"
},
{
"url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4"
},
{
"url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0"
},
{
"url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70"
},
{
"url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c"
},
{
"url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a"
},
{
"url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2"
},
{
"url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d"
}
],
"title": "hfsplus: fix uninit-value in copy_name",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41059",
"datePublished": "2024-07-29T14:57:21.616Z",
"dateReserved": "2024-07-12T12:17:45.627Z",
"dateUpdated": "2026-05-11T20:25:24.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41063 (GCVE-0-2024-41063)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
syzbot is reporting that calling hci_release_dev() from hci_error_reset()
due to hci_dev_put() from hci_error_reset() can cause deadlock at
destroy_workqueue(), for hci_error_reset() is called from
hdev->req_workqueue which destroy_workqueue() needs to flush.
We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are
queued into hdev->workqueue and hdev->{power_on,error_reset} which are
queued into hdev->req_workqueue are no longer running by the moment
destroy_workqueue(hdev->workqueue);
destroy_workqueue(hdev->req_workqueue);
are called from hci_release_dev().
Call cancel_work_sync() on these work items from hci_unregister_dev()
as soon as hdev->list is removed from hci_dev_list.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e0b278650f07acf2e0932149183458468a731c03 , < 48542881997e17b49dc16b93fe910e0cfcf7a9f9
(git)
Affected: 98fb98fd37e42fd4ce13ff657ea64503e24b6090 , < 9cfc84b1d464cc024286f42a090718f9067b80ed (git) Affected: 6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 , < ddeda6ca5f218b668b560d90fc31ae469adbfd92 (git) Affected: da4569d450b193e39e87119fd316c0291b585d14 , < d2ce562a5aff1dcd0c50d9808ea825ef90da909f (git) Affected: 45085686b9559bfbe3a4f41d3d695a520668f5e1 , < 96600c2e5ee8213dbab5df1617293d8e847bb4fa (git) Affected: 2ab9a19d896f5a0dd386e1f001c5309bc35f433b , < d6cbce18370641a21dd889e8613d8153df15eb39 (git) Affected: 2449007d3f73b2842c9734f45f0aadb522daf592 , < 3f939bd73fed12dddc2a32a76116c19ca47c7678 (git) Affected: 2449007d3f73b2842c9734f45f0aadb522daf592 , < 0d151a103775dd9645c78c97f77d6e2a5298d913 (git) Affected: dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (git) Affected: 4.19.309 , < 4.19.319 (semver) Affected: 5.4.271 , < 5.4.281 (semver) Affected: 5.10.212 , < 5.10.223 (semver) Affected: 5.15.151 , < 5.15.164 (semver) Affected: 6.1.81 , < 6.1.101 (semver) Affected: 6.6.21 , < 6.6.42 (semver) Affected: 6.7.9 , < 6.8 (semver) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 4.19.319 , ≤ 4.19.* (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:11.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:02.545206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:59.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "48542881997e17b49dc16b93fe910e0cfcf7a9f9",
"status": "affected",
"version": "e0b278650f07acf2e0932149183458468a731c03",
"versionType": "git"
},
{
"lessThan": "9cfc84b1d464cc024286f42a090718f9067b80ed",
"status": "affected",
"version": "98fb98fd37e42fd4ce13ff657ea64503e24b6090",
"versionType": "git"
},
{
"lessThan": "ddeda6ca5f218b668b560d90fc31ae469adbfd92",
"status": "affected",
"version": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2",
"versionType": "git"
},
{
"lessThan": "d2ce562a5aff1dcd0c50d9808ea825ef90da909f",
"status": "affected",
"version": "da4569d450b193e39e87119fd316c0291b585d14",
"versionType": "git"
},
{
"lessThan": "96600c2e5ee8213dbab5df1617293d8e847bb4fa",
"status": "affected",
"version": "45085686b9559bfbe3a4f41d3d695a520668f5e1",
"versionType": "git"
},
{
"lessThan": "d6cbce18370641a21dd889e8613d8153df15eb39",
"status": "affected",
"version": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b",
"versionType": "git"
},
{
"lessThan": "3f939bd73fed12dddc2a32a76116c19ca47c7678",
"status": "affected",
"version": "2449007d3f73b2842c9734f45f0aadb522daf592",
"versionType": "git"
},
{
"lessThan": "0d151a103775dd9645c78c97f77d6e2a5298d913",
"status": "affected",
"version": "2449007d3f73b2842c9734f45f0aadb522daf592",
"versionType": "git"
},
{
"status": "affected",
"version": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1",
"versionType": "git"
},
{
"lessThan": "4.19.319",
"status": "affected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThan": "5.4.281",
"status": "affected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThan": "5.10.223",
"status": "affected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThan": "5.15.164",
"status": "affected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThan": "6.1.101",
"status": "affected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThan": "6.6.42",
"status": "affected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThan": "6.8",
"status": "affected",
"version": "6.7.9",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "4.19.309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "5.4.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "5.10.212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.15.151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "6.1.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "6.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev-\u003ereq_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev-\u003e{rx_work,cmd_work,tx_work} which are\nqueued into hdev-\u003eworkqueue and hdev-\u003e{power_on,error_reset} which are\nqueued into hdev-\u003ereq_workqueue are no longer running by the moment\n\n destroy_workqueue(hdev-\u003eworkqueue);\n destroy_workqueue(hdev-\u003ereq_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev-\u003elist is removed from hci_dev_list."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:51.517Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9"
},
{
"url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed"
},
{
"url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92"
},
{
"url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f"
},
{
"url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa"
},
{
"url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39"
},
{
"url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678"
},
{
"url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913"
}
],
"title": "Bluetooth: hci_core: cancel all works upon hci_unregister_dev()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41063",
"datePublished": "2024-07-29T14:57:25.154Z",
"dateReserved": "2024-07-12T12:17:45.628Z",
"dateUpdated": "2026-05-23T15:51:51.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41064 (GCVE-0-2024-41064)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
powerpc/eeh: avoid possible crash when edev->pdev changes
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/eeh: avoid possible crash when edev->pdev changes
If a PCI device is removed during eeh_pe_report_edev(), edev->pdev
will change and can cause a crash, hold the PCI rescan/remove lock
while taking a copy of edev->pdev->bus.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3
(git)
Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 033c51dfdbb6b79ab43fb3587276fa82d0a329e1 (git) Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 4fad7fef847b6028475dd7b4c14fcb82b3e51274 (git) Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 4bc246d2d60d071314842fa448faa4ed39082aff (git) Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5 (git) Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < 428d940a8b6b3350b282c14d3f63350bde65c48b (git) Affected: 9b3c76f08122f5efdbe4992a64b8478cc92dd983 , < a1216e62d039bf63a539bbe718536ec789a853dd (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:13.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:59.237031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/eeh_pe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
},
{
"lessThan": "033c51dfdbb6b79ab43fb3587276fa82d0a329e1",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
},
{
"lessThan": "4fad7fef847b6028475dd7b4c14fcb82b3e51274",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
},
{
"lessThan": "4bc246d2d60d071314842fa448faa4ed39082aff",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
},
{
"lessThan": "f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
},
{
"lessThan": "428d940a8b6b3350b282c14d3f63350bde65c48b",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
},
{
"lessThan": "a1216e62d039bf63a539bbe718536ec789a853dd",
"status": "affected",
"version": "9b3c76f08122f5efdbe4992a64b8478cc92dd983",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/eeh_pe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev-\u003epdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev-\u003epdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev-\u003epdev-\u003ebus."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:30.305Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"
},
{
"url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"
},
{
"url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"
},
{
"url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"
},
{
"url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"
},
{
"url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"
},
{
"url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"
}
],
"title": "powerpc/eeh: avoid possible crash when edev-\u003epdev changes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41064",
"datePublished": "2024-07-29T14:57:26.086Z",
"dateReserved": "2024-07-12T12:17:45.628Z",
"dateUpdated": "2026-05-11T20:25:30.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41065 (GCVE-0-2024-41065)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
powerpc/pseries: Whitelist dtl slub object for copying to userspace
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Whitelist dtl slub object for copying to userspace
Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*
results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as
shown below.
kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc
scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse
CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85
Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries
NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8
REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)
MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2828220f XER: 0000000e
CFAR: c0000000001fdc80 IRQMASK: 0
[ ... GPRs omitted ... ]
NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0
LR [c0000000005d23d0] usercopy_abort+0x74/0xb0
Call Trace:
usercopy_abort+0x74/0xb0 (unreliable)
__check_heap_object+0xf8/0x120
check_heap_object+0x218/0x240
__check_object_size+0x84/0x1a4
dtl_file_read+0x17c/0x2c4
full_proxy_read+0x8c/0x110
vfs_read+0xdc/0x3a0
ksys_read+0x84/0x144
system_call_exception+0x124/0x330
system_call_vectored_common+0x15c/0x2ec
--- interrupt: 3000 at 0x7fff81f3ab34
Commit 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0")
requires that only whitelisted areas in slab/slub objects can be copied to
userspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.
Dtl contains hypervisor dispatch events which are expected to be read by
privileged users. Hence mark this safe for user access.
Specify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the
entire object.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
af442a1baa6d00117cc7e7377ce7e6a545268684 , < a7b952941ce07e1e7a2cafd08c64a98e14f553e6
(git)
Affected: af442a1baa6d00117cc7e7377ce7e6a545268684 , < 6b16098148ea58a67430d90e20476be2377c3acd (git) Affected: af442a1baa6d00117cc7e7377ce7e6a545268684 , < e59822f9d700349cd17968d22c979db23a2d347f (git) Affected: af442a1baa6d00117cc7e7377ce7e6a545268684 , < 1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2 (git) Affected: af442a1baa6d00117cc7e7377ce7e6a545268684 , < e512a59b472684d8585125101ab03b86c2c1348a (git) Affected: af442a1baa6d00117cc7e7377ce7e6a545268684 , < 0f5892212c27be31792ef1daa89c8dac1b3047e4 (git) Affected: af442a1baa6d00117cc7e7377ce7e6a545268684 , < 1a14150e1656f7a332a943154fc486504db4d586 (git) |
|
| Linux | Linux |
Affected:
3.0
Unaffected: 0 , < 3.0 (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:14.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:55.941792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/setup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7b952941ce07e1e7a2cafd08c64a98e14f553e6",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
},
{
"lessThan": "6b16098148ea58a67430d90e20476be2377c3acd",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
},
{
"lessThan": "e59822f9d700349cd17968d22c979db23a2d347f",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
},
{
"lessThan": "1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
},
{
"lessThan": "e512a59b472684d8585125101ab03b86c2c1348a",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
},
{
"lessThan": "0f5892212c27be31792ef1daa89c8dac1b3047e4",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
},
{
"lessThan": "1a14150e1656f7a332a943154fc486504db4d586",
"status": "affected",
"version": "af442a1baa6d00117cc7e7377ce7e6a545268684",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/setup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2828220f XER: 0000000e\n CFAR: c0000000001fdc80 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n Call Trace:\n usercopy_abort+0x74/0xb0 (unreliable)\n __check_heap_object+0xf8/0x120\n check_heap_object+0x218/0x240\n __check_object_size+0x84/0x1a4\n dtl_file_read+0x17c/0x2c4\n full_proxy_read+0x8c/0x110\n vfs_read+0xdc/0x3a0\n ksys_read+0x84/0x144\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:31.468Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6"
},
{
"url": "https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd"
},
{
"url": "https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f"
},
{
"url": "https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2"
},
{
"url": "https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a"
},
{
"url": "https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4"
},
{
"url": "https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586"
}
],
"title": "powerpc/pseries: Whitelist dtl slub object for copying to userspace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41065",
"datePublished": "2024-07-29T14:57:27.011Z",
"dateReserved": "2024-07-12T12:17:45.628Z",
"dateUpdated": "2026-05-11T20:25:31.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41068 (GCVE-0-2024-41068)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
s390/sclp: Fix sclp_init() cleanup on failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Fix sclp_init() cleanup on failure
If sclp_init() fails it only partially cleans up: if there are multiple
failing calls to sclp_init() sclp_state_change_event will be added several
times to sclp_reg_list, which results in the following warning:
------------[ cut here ]------------
list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.
WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3
Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
...
Call Trace:
[<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8
([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8)
[<000003ffe0a8d37e>] sclp_init+0x40e/0x450
[<000003ffe00009f2>] do_one_initcall+0x42/0x1e0
[<000003ffe15b77a6>] do_initcalls+0x126/0x150
[<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8
[<000003ffe0d6650e>] kernel_init+0x2e/0x180
[<000003ffe000301c>] __ret_from_fork+0x3c/0x60
[<000003ffe0d759ca>] ret_from_fork+0xa/0x30
Fix this by removing sclp_state_change_event from sclp_reg_list when
sclp_init() fails.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < cf521049fcd07071ed42dc9758fce7d5ee120ec6
(git)
Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < 79b4be70d5a160969b805f638ac5b4efd0aac7a3 (git) Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < 0a31b3fdc7e735c4f8c65fe4339945c717ed6808 (git) Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < be0259796d0b76bbc7461e12c186814a9e58244c (git) Affected: 8bc00c04d87ee151fb8fe18ed7e7af8c785843f2 , < 6434b33faaa063df500af355ee6c3942e0f8d982 (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:17.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:46.444784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/char/sclp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf521049fcd07071ed42dc9758fce7d5ee120ec6",
"status": "affected",
"version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
"versionType": "git"
},
{
"lessThan": "79b4be70d5a160969b805f638ac5b4efd0aac7a3",
"status": "affected",
"version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
"versionType": "git"
},
{
"lessThan": "0a31b3fdc7e735c4f8c65fe4339945c717ed6808",
"status": "affected",
"version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
"versionType": "git"
},
{
"lessThan": "be0259796d0b76bbc7461e12c186814a9e58244c",
"status": "affected",
"version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
"versionType": "git"
},
{
"lessThan": "6434b33faaa063df500af355ee6c3942e0f8d982",
"status": "affected",
"version": "8bc00c04d87ee151fb8fe18ed7e7af8c785843f2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/char/sclp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [\u003c000003ffe0d6076a\u003e] __list_add_valid_or_report+0xe2/0xf8\n([\u003c000003ffe0d60766\u003e] __list_add_valid_or_report+0xde/0xf8)\n [\u003c000003ffe0a8d37e\u003e] sclp_init+0x40e/0x450\n [\u003c000003ffe00009f2\u003e] do_one_initcall+0x42/0x1e0\n [\u003c000003ffe15b77a6\u003e] do_initcalls+0x126/0x150\n [\u003c000003ffe15b7a0a\u003e] kernel_init_freeable+0x1ba/0x1f8\n [\u003c000003ffe0d6650e\u003e] kernel_init+0x2e/0x180\n [\u003c000003ffe000301c\u003e] __ret_from_fork+0x3c/0x60\n [\u003c000003ffe0d759ca\u003e] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:35.088Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6"
},
{
"url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3"
},
{
"url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808"
},
{
"url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c"
},
{
"url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982"
}
],
"title": "s390/sclp: Fix sclp_init() cleanup on failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41068",
"datePublished": "2024-07-29T14:57:29.360Z",
"dateReserved": "2024-07-12T12:17:45.630Z",
"dateUpdated": "2026-05-11T20:25:35.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41070 (GCVE-0-2024-41070)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group().
It looks up `stt` from tablefd, but then continues to use it after doing
fdput() on the returned fd. After the fdput() the tablefd is free to be
closed by another thread. The close calls kvm_spapr_tce_release() and
then release_spapr_tce_table() (via call_rcu()) which frees `stt`.
Although there are calls to rcu_read_lock() in
kvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent
the UAF, because `stt` is used outside the locked regions.
With an artifcial delay after the fdput() and a userspace program which
triggers the race, KASAN detects the UAF:
BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]
Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505
CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1
Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV
Call Trace:
dump_stack_lvl+0xb4/0x108 (unreliable)
print_report+0x2b4/0x6ec
kasan_report+0x118/0x2b0
__asan_load4+0xb8/0xd0
kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]
kvm_vfio_set_attr+0x524/0xac0 [kvm]
kvm_device_ioctl+0x144/0x240 [kvm]
sys_ioctl+0x62c/0x1810
system_call_exception+0x190/0x440
system_call_vectored_common+0x15c/0x2ec
...
Freed by task 0:
...
kfree+0xec/0x3e0
release_spapr_tce_table+0xd4/0x11c [kvm]
rcu_core+0x568/0x16a0
handle_softirqs+0x23c/0x920
do_softirq_own_stack+0x6c/0x90
do_softirq_own_stack+0x58/0x90
__irq_exit_rcu+0x218/0x2d0
irq_exit+0x30/0x80
arch_local_irq_restore+0x128/0x230
arch_local_irq_enable+0x1c/0x30
cpuidle_enter_state+0x134/0x5cc
cpuidle_enter+0x6c/0xb0
call_cpuidle+0x7c/0x100
do_idle+0x394/0x410
cpu_startup_entry+0x60/0x70
start_secondary+0x3fc/0x410
start_secondary_prolog+0x10/0x14
Fix it by delaying the fdput() until `stt` is no longer in use, which
is effectively the entire function. To keep the patch minimal add a call
to fdput() at each of the existing return paths. Future work can convert
the function to goto or __cleanup style cleanup.
With the fix in place the test case no longer triggers the UAF.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
121f80ba68f1a5779a36d7b3247206e60e0a7418 , < be847bb20c809de8ac124431b556f244400b0491
(git)
Affected: 121f80ba68f1a5779a36d7b3247206e60e0a7418 , < 4cdf6926f443c84f680213c7aafbe6f91a5fcbc0 (git) Affected: 121f80ba68f1a5779a36d7b3247206e60e0a7418 , < b26c8c85463ef27a522d24fcd05651f0bb039e47 (git) Affected: 121f80ba68f1a5779a36d7b3247206e60e0a7418 , < 5f856023971f97fff74cfaf21b48ec320147b50a (git) Affected: 121f80ba68f1a5779a36d7b3247206e60e0a7418 , < 82c7a4cf14aa866f8f7f09e662b02eddc49ee0bf (git) Affected: 121f80ba68f1a5779a36d7b3247206e60e0a7418 , < 9975f93c760a32453d7639cf6fcf3f73b4e71ffe (git) Affected: 121f80ba68f1a5779a36d7b3247206e60e0a7418 , < a986fa57fd81a1430e00b3c6cf8a325d6f894a63 (git) |
|
| Linux | Linux |
Affected:
4.12
Unaffected: 0 , < 4.12 (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:20.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be847bb20c809de8ac124431b556f244400b0491"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cdf6926f443c84f680213c7aafbe6f91a5fcbc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b26c8c85463ef27a522d24fcd05651f0bb039e47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f856023971f97fff74cfaf21b48ec320147b50a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82c7a4cf14aa866f8f7f09e662b02eddc49ee0bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9975f93c760a32453d7639cf6fcf3f73b4e71ffe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a986fa57fd81a1430e00b3c6cf8a325d6f894a63"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:40.187466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:00.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kvm/book3s_64_vio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be847bb20c809de8ac124431b556f244400b0491",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
},
{
"lessThan": "4cdf6926f443c84f680213c7aafbe6f91a5fcbc0",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
},
{
"lessThan": "b26c8c85463ef27a522d24fcd05651f0bb039e47",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
},
{
"lessThan": "5f856023971f97fff74cfaf21b48ec320147b50a",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
},
{
"lessThan": "82c7a4cf14aa866f8f7f09e662b02eddc49ee0bf",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
},
{
"lessThan": "9975f93c760a32453d7639cf6fcf3f73b4e71ffe",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
},
{
"lessThan": "a986fa57fd81a1430e00b3c6cf8a325d6f894a63",
"status": "affected",
"version": "121f80ba68f1a5779a36d7b3247206e60e0a7418",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kvm/book3s_64_vio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()\n\nAl reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group().\n\nIt looks up `stt` from tablefd, but then continues to use it after doing\nfdput() on the returned fd. After the fdput() the tablefd is free to be\nclosed by another thread. The close calls kvm_spapr_tce_release() and\nthen release_spapr_tce_table() (via call_rcu()) which frees `stt`.\n\nAlthough there are calls to rcu_read_lock() in\nkvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent\nthe UAF, because `stt` is used outside the locked regions.\n\nWith an artifcial delay after the fdput() and a userspace program which\ntriggers the race, KASAN detects the UAF:\n\n BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505\n CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1\n Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV\n Call Trace:\n dump_stack_lvl+0xb4/0x108 (unreliable)\n print_report+0x2b4/0x6ec\n kasan_report+0x118/0x2b0\n __asan_load4+0xb8/0xd0\n kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n kvm_vfio_set_attr+0x524/0xac0 [kvm]\n kvm_device_ioctl+0x144/0x240 [kvm]\n sys_ioctl+0x62c/0x1810\n system_call_exception+0x190/0x440\n system_call_vectored_common+0x15c/0x2ec\n ...\n Freed by task 0:\n ...\n kfree+0xec/0x3e0\n release_spapr_tce_table+0xd4/0x11c [kvm]\n rcu_core+0x568/0x16a0\n handle_softirqs+0x23c/0x920\n do_softirq_own_stack+0x6c/0x90\n do_softirq_own_stack+0x58/0x90\n __irq_exit_rcu+0x218/0x2d0\n irq_exit+0x30/0x80\n arch_local_irq_restore+0x128/0x230\n arch_local_irq_enable+0x1c/0x30\n cpuidle_enter_state+0x134/0x5cc\n cpuidle_enter+0x6c/0xb0\n call_cpuidle+0x7c/0x100\n do_idle+0x394/0x410\n cpu_startup_entry+0x60/0x70\n start_secondary+0x3fc/0x410\n start_secondary_prolog+0x10/0x14\n\nFix it by delaying the fdput() until `stt` is no longer in use, which\nis effectively the entire function. To keep the patch minimal add a call\nto fdput() at each of the existing return paths. Future work can convert\nthe function to goto or __cleanup style cleanup.\n\nWith the fix in place the test case no longer triggers the UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:37.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be847bb20c809de8ac124431b556f244400b0491"
},
{
"url": "https://git.kernel.org/stable/c/4cdf6926f443c84f680213c7aafbe6f91a5fcbc0"
},
{
"url": "https://git.kernel.org/stable/c/b26c8c85463ef27a522d24fcd05651f0bb039e47"
},
{
"url": "https://git.kernel.org/stable/c/5f856023971f97fff74cfaf21b48ec320147b50a"
},
{
"url": "https://git.kernel.org/stable/c/82c7a4cf14aa866f8f7f09e662b02eddc49ee0bf"
},
{
"url": "https://git.kernel.org/stable/c/9975f93c760a32453d7639cf6fcf3f73b4e71ffe"
},
{
"url": "https://git.kernel.org/stable/c/a986fa57fd81a1430e00b3c6cf8a325d6f894a63"
}
],
"title": "KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41070",
"datePublished": "2024-07-29T14:57:30.952Z",
"dateReserved": "2024-07-12T12:17:45.630Z",
"dateUpdated": "2026-05-11T20:25:37.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41072 (GCVE-0-2024-41072)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
In 'cfg80211_wext_siwscan()', add extra check whether number of
channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed
IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b2e3abdc708f8c0eff194af25362fdb239abe241 , < b02ba9a0b55b762bd04743a22f3d9f9645005e79
(git)
Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < de5fcf757e33596eed32de170ce5a93fa44dd2ac (git) Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 6295bad58f988eaafcf0e6f8b198a580398acb3b (git) Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < a43cc0558530b6c065976b6b9246f512f8d3593b (git) Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 001120ff0c9e3557dee9b5ee0d358e0fc189996f (git) Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < fe9644efd86704afe50e56b64b609de340ab7c95 (git) Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 35cee10ccaee5bd451a480521bbc25dc9f07fa5b (git) Affected: b2e3abdc708f8c0eff194af25362fdb239abe241 , < 6ef09cdc5ba0f93826c09d810c141a8d103a80fc (git) |
|
| Linux | Linux |
Affected:
2.6.32
Unaffected: 0 , < 2.6.32 (semver) Unaffected: 4.19.319 , ≤ 4.19.* (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:25.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d103a80fc"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:33.807600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:00.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b02ba9a0b55b762bd04743a22f3d9f9645005e79",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "de5fcf757e33596eed32de170ce5a93fa44dd2ac",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "6295bad58f988eaafcf0e6f8b198a580398acb3b",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "a43cc0558530b6c065976b6b9246f512f8d3593b",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "001120ff0c9e3557dee9b5ee0d358e0fc189996f",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "fe9644efd86704afe50e56b64b609de340ab7c95",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "35cee10ccaee5bd451a480521bbc25dc9f07fa5b",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
},
{
"lessThan": "6ef09cdc5ba0f93826c09d810c141a8d103a80fc",
"status": "affected",
"version": "b2e3abdc708f8c0eff194af25362fdb239abe241",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: wext: add extra SIOCSIWSCAN data check\n\nIn \u0027cfg80211_wext_siwscan()\u0027, add extra check whether number of\nchannels passed via \u0027ioctl(sock, SIOCSIWSCAN, ...)\u0027 doesn\u0027t exceed\nIW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:38.576Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79"
},
{
"url": "https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac"
},
{
"url": "https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b"
},
{
"url": "https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b"
},
{
"url": "https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f"
},
{
"url": "https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95"
},
{
"url": "https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b"
},
{
"url": "https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d103a80fc"
}
],
"title": "wifi: cfg80211: wext: add extra SIOCSIWSCAN data check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41072",
"datePublished": "2024-07-29T14:57:32.432Z",
"dateReserved": "2024-07-12T12:17:45.631Z",
"dateUpdated": "2026-05-11T20:25:38.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41077 (GCVE-0-2024-41077)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
null_blk: fix validation of block size
Summary
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix validation of block size
Block size should be between 512 and PAGE_SIZE and be a power of 2. The current
check does not validate this, so update the check.
Without this patch, null_blk would Oops due to a null pointer deref when
loaded with bs=1536 [1].
[axboe: remove unnecessary braces and != 0 check]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cedcafad8277b3a07e90bf2f68fff5c6b28a183e , < 9625afe1dd4a158a14bb50f81af9e2dac634c0b1
(git)
Affected: cedcafad8277b3a07e90bf2f68fff5c6b28a183e , < 9b873bdaae64bddade9d8c6df23c8a31948d47d0 (git) Affected: cedcafad8277b3a07e90bf2f68fff5c6b28a183e , < 2772ed2fc075eef7df3789906fc9dae01e4e132e (git) Affected: cedcafad8277b3a07e90bf2f68fff5c6b28a183e , < 08f03186b96e25e3154916a2e70732557c770ea7 (git) Affected: cedcafad8277b3a07e90bf2f68fff5c6b28a183e , < f92409a9da02f27d05d713bff5f865e386cef9b3 (git) Affected: cedcafad8277b3a07e90bf2f68fff5c6b28a183e , < c462ecd659b5fce731f1d592285832fd6ad54053 (git) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:34.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b873bdaae64bddade9d8c6df23c8a31948d47d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2772ed2fc075eef7df3789906fc9dae01e4e132e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08f03186b96e25e3154916a2e70732557c770ea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f92409a9da02f27d05d713bff5f865e386cef9b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c462ecd659b5fce731f1d592285832fd6ad54053"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:17.956039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:59.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/null_blk/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9625afe1dd4a158a14bb50f81af9e2dac634c0b1",
"status": "affected",
"version": "cedcafad8277b3a07e90bf2f68fff5c6b28a183e",
"versionType": "git"
},
{
"lessThan": "9b873bdaae64bddade9d8c6df23c8a31948d47d0",
"status": "affected",
"version": "cedcafad8277b3a07e90bf2f68fff5c6b28a183e",
"versionType": "git"
},
{
"lessThan": "2772ed2fc075eef7df3789906fc9dae01e4e132e",
"status": "affected",
"version": "cedcafad8277b3a07e90bf2f68fff5c6b28a183e",
"versionType": "git"
},
{
"lessThan": "08f03186b96e25e3154916a2e70732557c770ea7",
"status": "affected",
"version": "cedcafad8277b3a07e90bf2f68fff5c6b28a183e",
"versionType": "git"
},
{
"lessThan": "f92409a9da02f27d05d713bff5f865e386cef9b3",
"status": "affected",
"version": "cedcafad8277b3a07e90bf2f68fff5c6b28a183e",
"versionType": "git"
},
{
"lessThan": "c462ecd659b5fce731f1d592285832fd6ad54053",
"status": "affected",
"version": "cedcafad8277b3a07e90bf2f68fff5c6b28a183e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/null_blk/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:44.681Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1"
},
{
"url": "https://git.kernel.org/stable/c/9b873bdaae64bddade9d8c6df23c8a31948d47d0"
},
{
"url": "https://git.kernel.org/stable/c/2772ed2fc075eef7df3789906fc9dae01e4e132e"
},
{
"url": "https://git.kernel.org/stable/c/08f03186b96e25e3154916a2e70732557c770ea7"
},
{
"url": "https://git.kernel.org/stable/c/f92409a9da02f27d05d713bff5f865e386cef9b3"
},
{
"url": "https://git.kernel.org/stable/c/c462ecd659b5fce731f1d592285832fd6ad54053"
}
],
"title": "null_blk: fix validation of block size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41077",
"datePublished": "2024-07-29T14:57:36.680Z",
"dateReserved": "2024-07-12T12:17:45.632Z",
"dateUpdated": "2026-05-11T20:25:44.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41078 (GCVE-0-2024-41078)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:04 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
btrfs: qgroup: fix quota root leak after quota disable failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix quota root leak after quota disable failure
If during the quota disable we fail when cleaning the quota tree or when
deleting the root from the root tree, we jump to the 'out' label without
ever dropping the reference on the quota root, resulting in a leak of the
root since fs_info->quota_root is no longer pointing to the root (we have
set it to NULL just before those steps).
Fix this by always doing a btrfs_put_root() call under the 'out' label.
This is a problem that exists since qgroups were first added in 2012 by
commit bed92eae26cc ("Btrfs: qgroup implementation and prototypes"), but
back then we missed a kfree on the quota root and free_extent_buffer()
calls on its root and commit root nodes, since back then roots were not
yet reference counted.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bed92eae26ccf280d1a2168b7509447b56675a27 , < 94818bdb00ef34a996a06aa63d11f591074cb757
(git)
Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 8a69529f22590b67bb018de9acbcf94abc8603cf (git) Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 5ef3961682e5310f2221bae99bcf9f5d0f4b0d51 (git) Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < f88aeff5a173e8ba3133314eb4b964236ef3589d (git) Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < 7dd6a5b96157a21245566b21fd58276a214357ff (git) Affected: bed92eae26ccf280d1a2168b7509447b56675a27 , < a7e4c6a3031c74078dba7fa36239d0f4fe476c53 (git) |
|
| Linux | Linux |
Affected:
3.6
Unaffected: 0 , < 3.6 (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:35.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:14.829308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:59.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/qgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94818bdb00ef34a996a06aa63d11f591074cb757",
"status": "affected",
"version": "bed92eae26ccf280d1a2168b7509447b56675a27",
"versionType": "git"
},
{
"lessThan": "8a69529f22590b67bb018de9acbcf94abc8603cf",
"status": "affected",
"version": "bed92eae26ccf280d1a2168b7509447b56675a27",
"versionType": "git"
},
{
"lessThan": "5ef3961682e5310f2221bae99bcf9f5d0f4b0d51",
"status": "affected",
"version": "bed92eae26ccf280d1a2168b7509447b56675a27",
"versionType": "git"
},
{
"lessThan": "f88aeff5a173e8ba3133314eb4b964236ef3589d",
"status": "affected",
"version": "bed92eae26ccf280d1a2168b7509447b56675a27",
"versionType": "git"
},
{
"lessThan": "7dd6a5b96157a21245566b21fd58276a214357ff",
"status": "affected",
"version": "bed92eae26ccf280d1a2168b7509447b56675a27",
"versionType": "git"
},
{
"lessThan": "a7e4c6a3031c74078dba7fa36239d0f4fe476c53",
"status": "affected",
"version": "bed92eae26ccf280d1a2168b7509447b56675a27",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/qgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the \u0027out\u0027 label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info-\u003equota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the \u0027out\u0027 label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:45.954Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757"
},
{
"url": "https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf"
},
{
"url": "https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51"
},
{
"url": "https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d"
},
{
"url": "https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff"
},
{
"url": "https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53"
}
],
"title": "btrfs: qgroup: fix quota root leak after quota disable failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41078",
"datePublished": "2024-07-29T15:04:15.812Z",
"dateReserved": "2024-07-12T12:17:45.632Z",
"dateUpdated": "2026-05-11T20:25:45.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…