Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0837
Vulnerability from certfr_avis - Published: 2024-10-04 - Updated: 2024-10-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.112-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46770"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2024-46844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46844"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-46676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46676"
},
{
"name": "CVE-2024-46740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46740"
},
{
"name": "CVE-2024-46798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46798"
},
{
"name": "CVE-2024-46735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46735"
},
{
"name": "CVE-2024-46707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46707"
},
{
"name": "CVE-2024-45029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45029"
},
{
"name": "CVE-2024-46747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46747"
},
{
"name": "CVE-2024-45002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45002"
},
{
"name": "CVE-2024-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46835"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-46738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46738"
},
{
"name": "CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"name": "CVE-2024-46734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46734"
},
{
"name": "CVE-2024-46855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46855"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-46791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46791"
},
{
"name": "CVE-2024-44986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44986"
},
{
"name": "CVE-2024-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45026"
},
{
"name": "CVE-2024-44946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44946"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2024-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46750"
},
{
"name": "CVE-2024-46722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46722"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-46745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46745"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46822"
},
{
"name": "CVE-2024-44991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44991"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-46685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46685"
},
{
"name": "CVE-2024-45000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45000"
},
{
"name": "CVE-2024-44998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44998"
},
{
"name": "CVE-2024-46723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46723"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-46836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46836"
},
{
"name": "CVE-2024-46675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46675"
},
{
"name": "CVE-2024-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46783"
},
{
"name": "CVE-2024-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46846"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46715"
},
{
"name": "CVE-2024-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46689"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-46781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46781"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2024-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46714"
},
{
"name": "CVE-2024-46807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46807"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46857"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46674"
},
{
"name": "CVE-2024-46859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46859"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-46757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46757"
},
{
"name": "CVE-2024-46677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46677"
},
{
"name": "CVE-2024-44999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44999"
},
{
"name": "CVE-2024-44988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44988"
},
{
"name": "CVE-2024-46830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46830"
},
{
"name": "CVE-2024-46773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46773"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46758"
},
{
"name": "CVE-2024-46746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46746"
},
{
"name": "CVE-2024-44974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44974"
},
{
"name": "CVE-2024-46756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46756"
},
{
"name": "CVE-2024-46739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46739"
},
{
"name": "CVE-2024-45006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45006"
},
{
"name": "CVE-2024-46725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46725"
},
{
"name": "CVE-2024-46829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46829"
},
{
"name": "CVE-2024-44977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44977"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2024-46743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46743"
},
{
"name": "CVE-2024-46744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46744"
},
{
"name": "CVE-2024-46805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46805"
},
{
"name": "CVE-2024-45007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45007"
},
{
"name": "CVE-2024-44983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44983"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-46810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46810"
},
{
"name": "CVE-2024-43835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43835"
},
{
"name": "CVE-2024-46794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46794"
},
{
"name": "CVE-2024-46711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46711"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-46732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46732"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2024-45022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45022"
},
{
"name": "CVE-2024-46720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46720"
},
{
"name": "CVE-2024-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46737"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-46852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46852"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-46686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46686"
},
{
"name": "CVE-2024-46832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46832"
},
{
"name": "CVE-2024-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46752"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-46761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46761"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46795"
},
{
"name": "CVE-2024-45008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45008"
},
{
"name": "CVE-2024-46726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46726"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-44987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44987"
},
{
"name": "CVE-2024-44982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44982"
},
{
"name": "CVE-2024-46694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46694"
},
{
"name": "CVE-2024-45011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45011"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2024-45009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45009"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-45028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45028"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-46702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46702"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-44985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44985"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
}
],
"initial_release_date": "2024-10-04T00:00:00",
"last_revision_date": "2024-10-04T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5782-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00195.html"
}
]
}
CVE-2024-45008 (GCVE-0-2024-45008)
Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2026-05-11 20:33
VLAI
EPSS
Title
Input: MT - limit max slots
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: MT - limit max slots
syzbot is reporting too large allocation at input_mt_init_slots(), for
num_slots is supplied from userspace using ioctl(UI_DEV_CREATE).
Since nobody knows possible max slots, this patch chose 1024.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
38e7afe96c7c0ad900824911c61fdb04078033dc , < 2829c80614890624456337e47320289112785f3e
(git)
Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322 (git) Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549 (git) Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 95f73d01f547dfc67fda3022c51e377a0454b505 (git) Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 94736334b8a25e4fae8daa6934e54a31f099be43 (git) Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 8f04edd554d191834e9e1349ef030318ea6b11ba (git) Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < cd19f1799c32ba7b874474b1b968815ce5364f73 (git) Affected: 38e7afe96c7c0ad900824911c61fdb04078033dc , < 99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (git) |
|
| Linux | Linux |
Affected:
2.6.36
Unaffected: 0 , < 2.6.36 (semver) Unaffected: 4.19.321 , ≤ 4.19.* (semver) Unaffected: 5.4.283 , ≤ 5.4.* (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:17:57.073437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:18:19.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:13.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/input-mt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2829c80614890624456337e47320289112785f3e",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "95f73d01f547dfc67fda3022c51e377a0454b505",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "94736334b8a25e4fae8daa6934e54a31f099be43",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "8f04edd554d191834e9e1349ef030318ea6b11ba",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "cd19f1799c32ba7b874474b1b968815ce5364f73",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
},
{
"lessThan": "99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb",
"status": "affected",
"version": "38e7afe96c7c0ad900824911c61fdb04078033dc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/input-mt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.36"
},
{
"lessThan": "2.6.36",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:33:40.445Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e"
},
{
"url": "https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322"
},
{
"url": "https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549"
},
{
"url": "https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505"
},
{
"url": "https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43"
},
{
"url": "https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba"
},
{
"url": "https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73"
},
{
"url": "https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb"
}
],
"title": "Input: MT - limit max slots",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45008",
"datePublished": "2024-09-04T19:54:49.763Z",
"dateReserved": "2024-08-21T05:34:56.679Z",
"dateUpdated": "2026-05-11T20:33:40.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45009 (GCVE-0-2024-45009)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-11 20:33
VLAI
EPSS
Title
mptcp: pm: only decrement add_addr_accepted for MPJ req
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: only decrement add_addr_accepted for MPJ req
Adding the following warning ...
WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)
... before decrementing the add_addr_accepted counter helped to find a
bug when running the "remove single subflow" subtest from the
mptcp_join.sh selftest.
Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the
subflow closure. Before this patch, and upon the reception of the
RM_ADDR, the other peer will then try to decrement this
add_addr_accepted. That's not correct because the attached subflows have
not been created upon the reception of an ADD_ADDR.
A way to solve that is to decrement the counter only if the attached
subflow was an MP_JOIN to a remote id that was not 0, and initiated by
the host receiving the RM_ADDR.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 35b31f5549ede4070566b949781e83495906b43d
(git)
Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 85b866e4c4e63a1d7afb58f1e24273caad03d0b7 (git) Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < d20bf2c96d7ffd171299b32f562f70e5bf5dc608 (git) Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 2060f1efab370b496c4903b840844ecaff324c3c (git) Affected: d0876b2284cf8b34dd214b2d0aa21071c345da59 , < 1c1f721375989579e46741f59523e39ec9b2a9bd (git) |
|
| Linux | Linux |
Affected:
5.10
Unaffected: 0 , < 5.10 (semver) Unaffected: 5.15.167 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:51:12.192901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:51:26.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:15.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "35b31f5549ede4070566b949781e83495906b43d",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "85b866e4c4e63a1d7afb58f1e24273caad03d0b7",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "d20bf2c96d7ffd171299b32f562f70e5bf5dc608",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "2060f1efab370b496c4903b840844ecaff324c3c",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "1c1f721375989579e46741f59523e39ec9b2a9bd",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:33:41.598Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d"
},
{
"url": "https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7"
},
{
"url": "https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608"
},
{
"url": "https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c"
},
{
"url": "https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd"
}
],
"title": "mptcp: pm: only decrement add_addr_accepted for MPJ req",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45009",
"datePublished": "2024-09-11T15:13:47.719Z",
"dateReserved": "2024-08-21T05:34:56.679Z",
"dateUpdated": "2026-05-11T20:33:41.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45010 (GCVE-0-2024-45010)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-11 20:33
VLAI
EPSS
Title
mptcp: pm: only mark 'subflow' endp as available
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: only mark 'subflow' endp as available
Adding the following warning ...
WARN_ON_ONCE(msk->pm.local_addr_used == 0)
... before decrementing the local_addr_used counter helped to find a bug
when running the "remove single address" subtest from the mptcp_join.sh
selftests.
Removing a 'signal' endpoint will trigger the removal of all subflows
linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with
rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used
counter, which is wrong in this case because this counter is linked to
'subflow' endpoints, and here it is a 'signal' endpoint that is being
removed.
Now, the counter is decremented, only if the ID is being used outside
of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and
if the ID is not 0 -- local_addr_used is not taking into account these
ones. This marking of the ID as being available, and the decrement is
done no matter if a subflow using this ID is currently available,
because the subflow could have been closed before.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
06faa22710342bca5e9c249634199c650799fce6 , < 7fdc870d08960961408a44c569f20f50940e7d4f
(git)
Affected: 06faa22710342bca5e9c249634199c650799fce6 , < 43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d (git) Affected: 06faa22710342bca5e9c249634199c650799fce6 , < 9849cfc67383ceb167155186f8f8fe8a896b60b3 (git) Affected: 06faa22710342bca5e9c249634199c650799fce6 , < 322ea3778965da72862cca2a0c50253aacf65fe6 (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 6.1.108 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:50:56.116338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:51:10.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:16.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7fdc870d08960961408a44c569f20f50940e7d4f",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
},
{
"lessThan": "43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
},
{
"lessThan": "9849cfc67383ceb167155186f8f8fe8a896b60b3",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
},
{
"lessThan": "322ea3778965da72862cca2a0c50253aacf65fe6",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.108",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:33:42.788Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f"
},
{
"url": "https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d"
},
{
"url": "https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3"
},
{
"url": "https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6"
}
],
"title": "mptcp: pm: only mark \u0027subflow\u0027 endp as available",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45010",
"datePublished": "2024-09-11T15:13:48.358Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2026-05-11T20:33:42.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45011 (GCVE-0-2024-45011)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-11 20:33
VLAI
EPSS
Title
char: xillybus: Check USB endpoints when probing device
Summary
In the Linux kernel, the following vulnerability has been resolved:
char: xillybus: Check USB endpoints when probing device
Ensure, as the driver probes the device, that all endpoints that the
driver may attempt to access exist and are of the correct type.
All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at
address 1. This is verified in xillyusb_setup_base_eps().
On top of that, a XillyUSB device may have additional Bulk OUT
endpoints. The information about these endpoints' addresses is deduced
from a data structure (the IDT) that the driver fetches from the device
while probing it. These endpoints are checked in setup_channels().
A XillyUSB device never has more than one IN endpoint, as all data
towards the host is multiplexed in this single Bulk IN endpoint. This is
why setup_channels() only checks OUT endpoints.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a53d1202aef122894b6e46116a92174a9123db5d , < 25ee8b2908200fc862c0434e5ad483817d50ceda
(git)
Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 4267131278f5cc98f8db31d035d64bdbbfe18658 (git) Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 5cff754692ad45d5086b75fef8cc3a99c30a1005 (git) Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 1371d32b95972d39c1e6e4bae8b6d0df1b573731 (git) Affected: a53d1202aef122894b6e46116a92174a9123db5d , < 2374bf7558de915edc6ec8cb10ec3291dfab9594 (git) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:50:39.730810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:50:54.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:18.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/xillybus/xillyusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25ee8b2908200fc862c0434e5ad483817d50ceda",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "4267131278f5cc98f8db31d035d64bdbbfe18658",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "5cff754692ad45d5086b75fef8cc3a99c30a1005",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "1371d32b95972d39c1e6e4bae8b6d0df1b573731",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "2374bf7558de915edc6ec8cb10ec3291dfab9594",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/xillybus/xillyusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints\u0027 addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:33:44.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda"
},
{
"url": "https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658"
},
{
"url": "https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005"
},
{
"url": "https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731"
},
{
"url": "https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594"
}
],
"title": "char: xillybus: Check USB endpoints when probing device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45011",
"datePublished": "2024-09-11T15:13:48.969Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2026-05-11T20:33:44.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45016 (GCVE-0-2024-45016)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-23 15:53
VLAI
EPSS
Title
netem: fix return value if duplicate enqueue fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
netem: fix return value if duplicate enqueue fails
There is a bug in netem_enqueue() introduced by
commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")
that can lead to a use-after-free.
This commit made netem_enqueue() always return NET_XMIT_SUCCESS
when a packet is duplicated, which can cause the parent qdisc's q.qlen
to be mistakenly incremented. When this happens qlen_notify() may be
skipped on the parent during destruction, leaving a dangling pointer
for some classful qdiscs like DRR.
There are two ways for the bug happen:
- If the duplicated packet is dropped by rootq->enqueue() and then
the original packet is also dropped.
- If rootq->enqueue() sends the duplicated packet to a different qdisc
and the original packet is dropped.
In both cases NET_XMIT_SUCCESS is returned even though no packets
are enqueued at the netem qdisc.
The fix is to defer the enqueue of the duplicate packet until after
the original packet has been guaranteed to return NET_XMIT_SUCCESS.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4
(git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 52d99a69f3d556c6426048c9d481b912205919d8 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 0486d31dd8198e22b63a4730244b38fffce6d469 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 577d6c0619467fe90f7e8e57e45cb5bd9d936014 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < e5bb2988a310667abed66c7d3ffa28880cf0f883 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < c07ff8592d57ed258afee5a5e04991a48dbaf382 (git) Affected: a550a01b8af856f2684b0f79d552f5119eb5006c (git) Affected: 009510a90e230bb495f3fe25c7db956679263b07 (git) Affected: 4de7d30668cb8b06330992e1cd336f91700a2ce7 (git) Affected: d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73 (git) Affected: 0148fe458b5705e2fea7cb88294fed7e36066ca2 (git) Affected: 3.16.66 , < 3.17 (semver) Affected: 4.9.163 , < 4.10 (semver) Affected: 4.14.106 , < 4.15 (semver) Affected: 4.19.28 , < 4.20 (semver) Affected: 4.20.15 , < 4.21 (semver) |
|
| Linux | Linux |
Affected:
5.0
Unaffected: 0 , < 5.0 (semver) Unaffected: 5.4.283 , ≤ 5.4.* (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:49:19.675501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:33.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:21.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:57:29.260Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_netem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "52d99a69f3d556c6426048c9d481b912205919d8",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "0486d31dd8198e22b63a4730244b38fffce6d469",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "577d6c0619467fe90f7e8e57e45cb5bd9d936014",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "e5bb2988a310667abed66c7d3ffa28880cf0f883",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "c07ff8592d57ed258afee5a5e04991a48dbaf382",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"status": "affected",
"version": "a550a01b8af856f2684b0f79d552f5119eb5006c",
"versionType": "git"
},
{
"status": "affected",
"version": "009510a90e230bb495f3fe25c7db956679263b07",
"versionType": "git"
},
{
"status": "affected",
"version": "4de7d30668cb8b06330992e1cd336f91700a2ce7",
"versionType": "git"
},
{
"status": "affected",
"version": "d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73",
"versionType": "git"
},
{
"status": "affected",
"version": "0148fe458b5705e2fea7cb88294fed7e36066ca2",
"versionType": "git"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.66",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.163",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.106",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.28",
"versionType": "semver"
},
{
"lessThan": "4.21",
"status": "affected",
"version": "4.20.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_netem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:53:18.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4"
},
{
"url": "https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d"
},
{
"url": "https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8"
},
{
"url": "https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469"
},
{
"url": "https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014"
},
{
"url": "https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883"
},
{
"url": "https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382"
}
],
"title": "netem: fix return value if duplicate enqueue fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45016",
"datePublished": "2024-09-11T15:13:52.053Z",
"dateReserved": "2024-08-21T05:34:56.682Z",
"dateUpdated": "2026-05-23T15:53:18.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45018 (GCVE-0-2024-45018)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-12 11:57
VLAI
EPSS
Title
netfilter: flowtable: initialise extack before use
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: initialise extack before use
Fix missing initialisation of extack in flow offload.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c29f74e0df7a02b8303bcdce93a7c0132d62577a , < e5ceff2196dc633c995afb080f6f44a72cff6e1d
(git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 356beb911b63a8cff34cb57f755c2a2d2ee9dec7 (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 7eafeec6be68ebd6140a830ce9ae68ad5b67ec78 (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < c7b760499f7791352b49b11667ed04b23d7f5b0f (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 119be227bc04f5035efa64cb823b8a5ca5e2d1c1 (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < e9767137308daf906496613fd879808a07f006a2 (git) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:48:48.250822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:02.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:25.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:57:30.406Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_flow_table_offload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e5ceff2196dc633c995afb080f6f44a72cff6e1d",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "356beb911b63a8cff34cb57f755c2a2d2ee9dec7",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "7eafeec6be68ebd6140a830ce9ae68ad5b67ec78",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "c7b760499f7791352b49b11667ed04b23d7f5b0f",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "119be227bc04f5035efa64cb823b8a5ca5e2d1c1",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "e9767137308daf906496613fd879808a07f006a2",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_flow_table_offload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:33:52.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d"
},
{
"url": "https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7"
},
{
"url": "https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78"
},
{
"url": "https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f"
},
{
"url": "https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1"
},
{
"url": "https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2"
}
],
"title": "netfilter: flowtable: initialise extack before use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45018",
"datePublished": "2024-09-11T15:13:53.297Z",
"dateReserved": "2024-08-21T05:34:56.683Z",
"dateUpdated": "2026-05-12T11:57:30.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45019 (GCVE-0-2024-45019)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-23 15:53
VLAI
EPSS
Title
net/mlx5e: Take state lock during tx timeout reporter
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Take state lock during tx timeout reporter
mlx5e_safe_reopen_channels() requires the state lock taken. The
referenced changed in the Fixes tag removed the lock to fix another
issue. This patch adds it back but at a later point (when calling
mlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the
Fixes tag.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
514232495aa523641febaa58b687fe6df1cd0b73 , < 03d3734bd692affe4d0e9c9d638f491aaf37411b
(git)
Affected: 8ce3d969348a7c7fa3469588eb1319f9f3cc0eaa , < b3b9a87adee97854bcd71057901d46943076267e (git) Affected: eab0da38912ebdad922ed0388209f7eb0a5163cd , < 8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809 (git) Affected: eab0da38912ebdad922ed0388209f7eb0a5163cd , < e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (git) Affected: 6.1.69 , < 6.1.107 (semver) Affected: 6.6.8 , < 6.6.48 (semver) |
|
| Linux | Linux |
Affected:
6.7
Unaffected: 0 , < 6.7 (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:48:31.371644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:48:46.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:26.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "03d3734bd692affe4d0e9c9d638f491aaf37411b",
"status": "affected",
"version": "514232495aa523641febaa58b687fe6df1cd0b73",
"versionType": "git"
},
{
"lessThan": "b3b9a87adee97854bcd71057901d46943076267e",
"status": "affected",
"version": "8ce3d969348a7c7fa3469588eb1319f9f3cc0eaa",
"versionType": "git"
},
{
"lessThan": "8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809",
"status": "affected",
"version": "eab0da38912ebdad922ed0388209f7eb0a5163cd",
"versionType": "git"
},
{
"lessThan": "e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3",
"status": "affected",
"version": "eab0da38912ebdad922ed0388209f7eb0a5163cd",
"versionType": "git"
},
{
"lessThan": "6.1.107",
"status": "affected",
"version": "6.1.69",
"versionType": "semver"
},
{
"lessThan": "6.6.48",
"status": "affected",
"version": "6.6.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "6.1.69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "6.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:53:19.833Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b"
},
{
"url": "https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e"
},
{
"url": "https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809"
},
{
"url": "https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3"
}
],
"title": "net/mlx5e: Take state lock during tx timeout reporter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45019",
"datePublished": "2024-09-11T15:13:53.933Z",
"dateReserved": "2024-08-21T05:34:56.683Z",
"dateUpdated": "2026-05-23T15:53:19.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45021 (GCVE-0-2024-45021)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-11 20:33
VLAI
EPSS
Title
memcg_write_event_control(): fix a user-triggerable oops
Summary
In the Linux kernel, the following vulnerability has been resolved:
memcg_write_event_control(): fix a user-triggerable oops
we are *not* guaranteed that anything past the terminating NUL
is mapped (let alone initialized with anything sane).
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
(git)
Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < 1b37ec85ad95b612307627758c6018cd9d92cca8 (git) Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < ad149f5585345e383baa65f1539d816cd715fd3b (git) Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < 0fbe2a72e853a1052abe9bc2b7df8ddb102da227 (git) Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < 43768fa80fd192558737e24ed6548f74554611d7 (git) Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < f1aa7c509aa766080db7ab3aec2e31b1df09e57c (git) Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < 21b578f1d599edb87462f11113c5b0fc7a04ac61 (git) Affected: 0dea116876eefc9c7ca9c5d74fe665481e499fa3 , < 046667c4d3196938e992fba0dfcde570aa85cd0e (git) |
|
| Linux | Linux |
Affected:
2.6.34
Unaffected: 0 , < 2.6.34 (semver) Unaffected: 4.19.321 , ≤ 4.19.* (semver) Unaffected: 5.4.283 , ≤ 5.4.* (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:47:59.119087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:48:13.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:30.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/memcontrol-v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fa5bfdf6cb5846a00e712d630a43e3cf55ccb411",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "1b37ec85ad95b612307627758c6018cd9d92cca8",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "ad149f5585345e383baa65f1539d816cd715fd3b",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "0fbe2a72e853a1052abe9bc2b7df8ddb102da227",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "43768fa80fd192558737e24ed6548f74554611d7",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "f1aa7c509aa766080db7ab3aec2e31b1df09e57c",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "21b578f1d599edb87462f11113c5b0fc7a04ac61",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "046667c4d3196938e992fba0dfcde570aa85cd0e",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/memcontrol-v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane)."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:33:55.959Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411"
},
{
"url": "https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8"
},
{
"url": "https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b"
},
{
"url": "https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227"
},
{
"url": "https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7"
},
{
"url": "https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c"
},
{
"url": "https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61"
},
{
"url": "https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e"
}
],
"title": "memcg_write_event_control(): fix a user-triggerable oops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45021",
"datePublished": "2024-09-11T15:13:55.211Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2026-05-11T20:33:55.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45022 (GCVE-0-2024-45022)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-23 15:53
VLAI
EPSS
Title
mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
The __vmap_pages_range_noflush() assumes its argument pages** contains
pages with the same page shift. However, since commit e9c3cda4d86e ("mm,
vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes
__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation
failed for high order, the pages** may contain two different page shifts
(high order and order-0). This could lead __vmap_pages_range_noflush() to
perform incorrect mappings, potentially resulting in memory corruption.
Users might encounter this as follows (vmap_allow_huge = true, 2M is for
PMD_SIZE):
kvmalloc(2M, __GFP_NOFAIL|GFP_X)
__vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)
vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0
vmap_pages_range()
vmap_pages_range_noflush()
__vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens
We can remove the fallback code because if a high-order allocation fails,
__vmalloc_node_range_noprof() will retry with order-0. Therefore, it is
unnecessary to fallback to order-0 here. Therefore, fix this by removing
the fallback code.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fe5c2bdcb14c8612eb5e7a09159801c7219e9ac4 , < fd1ffbb50ef4da5e1378a46616b6d7407dc795da
(git)
Affected: e9c3cda4d86e56bf7fe403729f38c4f0f65d3860 , < de7bad86345c43cd040ed43e20d9fad78a3ee59f (git) Affected: e9c3cda4d86e56bf7fe403729f38c4f0f65d3860 , < c91618816f4d21fc574d7577a37722adcd4075b2 (git) Affected: e9c3cda4d86e56bf7fe403729f38c4f0f65d3860 , < 61ebe5a747da649057c37be1c37eb934b4af79ca (git) Affected: 6.1.95 , < 6.1.107 (semver) |
|
| Linux | Linux |
Affected:
6.3
Unaffected: 0 , < 6.3 (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:47:43.491220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:47:57.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:32.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/vmalloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd1ffbb50ef4da5e1378a46616b6d7407dc795da",
"status": "affected",
"version": "fe5c2bdcb14c8612eb5e7a09159801c7219e9ac4",
"versionType": "git"
},
{
"lessThan": "de7bad86345c43cd040ed43e20d9fad78a3ee59f",
"status": "affected",
"version": "e9c3cda4d86e56bf7fe403729f38c4f0f65d3860",
"versionType": "git"
},
{
"lessThan": "c91618816f4d21fc574d7577a37722adcd4075b2",
"status": "affected",
"version": "e9c3cda4d86e56bf7fe403729f38c4f0f65d3860",
"versionType": "git"
},
{
"lessThan": "61ebe5a747da649057c37be1c37eb934b4af79ca",
"status": "affected",
"version": "e9c3cda4d86e56bf7fe403729f38c4f0f65d3860",
"versionType": "git"
},
{
"lessThan": "6.1.107",
"status": "affected",
"version": "6.1.95",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/vmalloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "6.1.95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift. However, since commit e9c3cda4d86e (\"mm,\nvmalloc: fix high order __GFP_NOFAIL allocations\"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0). This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n vm_area_alloc_pages(order=9) ---\u003e order-9 allocation failed and fallback to order-0\n vmap_pages_range()\n vmap_pages_range_noflush()\n __vmap_pages_range_noflush(page_shift = 21) ----\u003e wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0. Therefore, it is\nunnecessary to fallback to order-0 here. Therefore, fix this by removing\nthe fallback code."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:53:21.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da"
},
{
"url": "https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f"
},
{
"url": "https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2"
},
{
"url": "https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca"
}
],
"title": "mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45022",
"datePublished": "2024-09-11T15:13:55.837Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2026-05-23T15:53:21.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45025 (GCVE-0-2024-45025)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
Summary
In the Linux kernel, the following vulnerability has been resolved:
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
copy_fd_bitmaps(new, old, count) is expected to copy the first
count/BITS_PER_LONG bits from old->full_fds_bits[] and fill
the rest with zeroes. What it does is copying enough words
(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.
That works fine, *if* all bits past the cutoff point are
clear. Otherwise we are risking garbage from the last word
we'd copied.
For most of the callers that is true - expand_fdtable() has
count equal to old->max_fds, so there's no open descriptors
past count, let alone fully occupied words in ->open_fds[],
which is what bits in ->full_fds_bits[] correspond to.
The other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),
which is the smallest multiple of BITS_PER_LONG that covers all
opened descriptors below max_fds. In the common case (copying on
fork()) max_fds is ~0U, so all opened descriptors will be below
it and we are fine, by the same reasons why the call in expand_fdtable()
is safe.
Unfortunately, there is a case where max_fds is less than that
and where we might, indeed, end up with junk in ->full_fds_bits[] -
close_range(from, to, CLOSE_RANGE_UNSHARE) with
* descriptor table being currently shared
* 'to' being above the current capacity of descriptor table
* 'from' being just under some chunk of opened descriptors.
In that case we end up with observably wrong behaviour - e.g. spawn
a child with CLONE_FILES, get all descriptors in range 0..127 open,
then close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending
up with descriptor #128, despite #64 being observably not open.
The minimally invasive fix would be to deal with that in dup_fd().
If this proves to add measurable overhead, we can go that way, but
let's try to fix copy_fd_bitmaps() first.
* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).
* make copy_fd_bitmaps() take the bitmap size in words, rather than
bits; it's 'count' argument is always a multiple of BITS_PER_LONG,
so we are not losing any information, and that way we can use the
same helper for all three bitmaps - compiler will see that count
is a multiple of BITS_PER_LONG for the large ones, so it'll generate
plain memcpy()+memset().
Reproducer added to tools/testing/selftests/core/close_range_test.c
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
278a5fbaed89dacd04e9d052f4594ffd0e0585de , < fe5bf14881701119aeeda7cf685f3c226c7380df
(git)
Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < 5053581fe5dfb09b58c65dd8462bf5dea71f41ff (git) Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < 8cad3b2b3ab81ca55f37405ffd1315bcc2948058 (git) Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a (git) Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < c69d18f0ac7060de724511537810f10f29a27958 (git) Affected: 278a5fbaed89dacd04e9d052f4594ffd0e0585de , < 9a2fa1472083580b6c66bdaf291f591e1170123a (git) |
|
| Linux | Linux |
Affected:
5.9
Unaffected: 0 , < 5.9 (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:46:55.387258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:47:10.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:35.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/file.c",
"include/linux/bitmap.h",
"tools/testing/selftests/core/close_range_test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fe5bf14881701119aeeda7cf685f3c226c7380df",
"status": "affected",
"version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
"versionType": "git"
},
{
"lessThan": "5053581fe5dfb09b58c65dd8462bf5dea71f41ff",
"status": "affected",
"version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
"versionType": "git"
},
{
"lessThan": "8cad3b2b3ab81ca55f37405ffd1315bcc2948058",
"status": "affected",
"version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
"versionType": "git"
},
{
"lessThan": "dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a",
"status": "affected",
"version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
"versionType": "git"
},
{
"lessThan": "c69d18f0ac7060de724511537810f10f29a27958",
"status": "affected",
"version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
"versionType": "git"
},
{
"lessThan": "9a2fa1472083580b6c66bdaf291f591e1170123a",
"status": "affected",
"version": "278a5fbaed89dacd04e9d052f4594ffd0e0585de",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/file.c",
"include/linux/bitmap.h",
"tools/testing/selftests/core/close_range_test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes. What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear. Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds. In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:00.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df"
},
{
"url": "https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff"
},
{
"url": "https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058"
},
{
"url": "https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a"
},
{
"url": "https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958"
},
{
"url": "https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a"
}
],
"title": "fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45025",
"datePublished": "2024-09-11T15:13:57.732Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2026-05-11T20:34:00.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…