Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0837
Vulnerability from certfr_avis - Published: 2024-10-04 - Updated: 2024-10-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.112-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46770"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2024-46844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46844"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-46676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46676"
},
{
"name": "CVE-2024-46740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46740"
},
{
"name": "CVE-2024-46798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46798"
},
{
"name": "CVE-2024-46735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46735"
},
{
"name": "CVE-2024-46707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46707"
},
{
"name": "CVE-2024-45029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45029"
},
{
"name": "CVE-2024-46747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46747"
},
{
"name": "CVE-2024-45002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45002"
},
{
"name": "CVE-2024-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46835"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-46738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46738"
},
{
"name": "CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"name": "CVE-2024-46734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46734"
},
{
"name": "CVE-2024-46855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46855"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-46791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46791"
},
{
"name": "CVE-2024-44986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44986"
},
{
"name": "CVE-2024-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45026"
},
{
"name": "CVE-2024-44946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44946"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2024-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46750"
},
{
"name": "CVE-2024-46722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46722"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-46745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46745"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46822"
},
{
"name": "CVE-2024-44991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44991"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-46685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46685"
},
{
"name": "CVE-2024-45000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45000"
},
{
"name": "CVE-2024-44998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44998"
},
{
"name": "CVE-2024-46723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46723"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-46836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46836"
},
{
"name": "CVE-2024-46675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46675"
},
{
"name": "CVE-2024-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46783"
},
{
"name": "CVE-2024-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46846"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46715"
},
{
"name": "CVE-2024-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46689"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-46781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46781"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2024-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46714"
},
{
"name": "CVE-2024-46807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46807"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46857"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46674"
},
{
"name": "CVE-2024-46859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46859"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-46757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46757"
},
{
"name": "CVE-2024-46677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46677"
},
{
"name": "CVE-2024-44999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44999"
},
{
"name": "CVE-2024-44988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44988"
},
{
"name": "CVE-2024-46830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46830"
},
{
"name": "CVE-2024-46773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46773"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46758"
},
{
"name": "CVE-2024-46746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46746"
},
{
"name": "CVE-2024-44974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44974"
},
{
"name": "CVE-2024-46756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46756"
},
{
"name": "CVE-2024-46739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46739"
},
{
"name": "CVE-2024-45006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45006"
},
{
"name": "CVE-2024-46725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46725"
},
{
"name": "CVE-2024-46829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46829"
},
{
"name": "CVE-2024-44977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44977"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2024-46743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46743"
},
{
"name": "CVE-2024-46744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46744"
},
{
"name": "CVE-2024-46805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46805"
},
{
"name": "CVE-2024-45007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45007"
},
{
"name": "CVE-2024-44983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44983"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-46810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46810"
},
{
"name": "CVE-2024-43835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43835"
},
{
"name": "CVE-2024-46794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46794"
},
{
"name": "CVE-2024-46711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46711"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-46732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46732"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2024-45022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45022"
},
{
"name": "CVE-2024-46720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46720"
},
{
"name": "CVE-2024-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46737"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-46852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46852"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-46686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46686"
},
{
"name": "CVE-2024-46832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46832"
},
{
"name": "CVE-2024-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46752"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-46761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46761"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46795"
},
{
"name": "CVE-2024-45008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45008"
},
{
"name": "CVE-2024-46726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46726"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-44987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44987"
},
{
"name": "CVE-2024-44982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44982"
},
{
"name": "CVE-2024-46694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46694"
},
{
"name": "CVE-2024-45011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45011"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2024-45009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45009"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-45028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45028"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-46702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46702"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-44985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44985"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
}
],
"initial_release_date": "2024-10-04T00:00:00",
"last_revision_date": "2024-10-04T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5782-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00195.html"
}
]
}
CVE-2024-46686 (GCVE-0-2024-46686)
Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2026-05-23 15:53
VLAI
EPSS
Title
smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
This happens when called from SMB2_read() while using rdma
and reaching the rdma_readwrite_threshold.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
edf38e9f4269591d26b3783c0b348c9345580c3c , < 6df57c63c200cd05e085c3b695128260e21959b7
(git)
Affected: a6559cc1d35d3eeafb0296aca347b2f745a28a74 , < a01859dd6aebf826576513850a3b05992809e9d2 (git) Affected: a6559cc1d35d3eeafb0296aca347b2f745a28a74 , < b902fb78ab21299e4dd1775e7e8d251d5c0735bc (git) Affected: a6559cc1d35d3eeafb0296aca347b2f745a28a74 , < c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (git) Affected: 74ab77137c99438626f4eb8134d8e26204bb5b64 (git) Affected: 6.1.16 , < 6.1.108 (semver) Affected: 6.2.3 , < 6.3 (semver) |
|
| Linux | Linux |
Affected:
6.3
Unaffected: 0 , < 6.3 (semver) Unaffected: 6.1.108 , ≤ 6.1.* (semver) Unaffected: 6.6.49 , ≤ 6.6.* (semver) Unaffected: 6.10.8 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:08:12.875027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:08:26.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:24.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6df57c63c200cd05e085c3b695128260e21959b7",
"status": "affected",
"version": "edf38e9f4269591d26b3783c0b348c9345580c3c",
"versionType": "git"
},
{
"lessThan": "a01859dd6aebf826576513850a3b05992809e9d2",
"status": "affected",
"version": "a6559cc1d35d3eeafb0296aca347b2f745a28a74",
"versionType": "git"
},
{
"lessThan": "b902fb78ab21299e4dd1775e7e8d251d5c0735bc",
"status": "affected",
"version": "a6559cc1d35d3eeafb0296aca347b2f745a28a74",
"versionType": "git"
},
{
"lessThan": "c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf",
"status": "affected",
"version": "a6559cc1d35d3eeafb0296aca347b2f745a28a74",
"versionType": "git"
},
{
"status": "affected",
"version": "74ab77137c99438626f4eb8134d8e26204bb5b64",
"versionType": "git"
},
{
"lessThan": "6.1.108",
"status": "affected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThan": "6.3",
"status": "affected",
"version": "6.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.108",
"versionStartIncluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.49",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.8",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:53:23.833Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7"
},
{
"url": "https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2"
},
{
"url": "https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc"
},
{
"url": "https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf"
}
],
"title": "smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46686",
"datePublished": "2024-09-13T05:29:17.821Z",
"dateReserved": "2024-09-11T15:12:18.248Z",
"dateUpdated": "2026-05-23T15:53:23.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46689 (GCVE-0-2024-46689)
Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
soc: qcom: cmd-db: Map shared memory as WC, not WB
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
Linux does not write into cmd-db region. This region of memory is write
protected by XPU. XPU may sometime falsely detect clean cache eviction
as "write" into the write protected region leading to secure interrupt
which causes an endless loop somewhere in Trust Zone.
The only reason it is working right now is because Qualcomm Hypervisor
maps the same region as Non-Cacheable memory in Stage 2 translation
tables. The issue manifests if we want to use another hypervisor (like
Xen or KVM), which does not know anything about those specific mappings.
Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC
removes dependency on correct mappings in Stage 2 tables. This patch
fixes the issue by updating the mapping to MEMREMAP_WC.
I tested this on SA8155P with Xen.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
312416d9171a1460b7ed8d182b5b540c910ce80d , < 0ee9594c974368a17e85a431e9fe1c14fb65c278
(git)
Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < f5a5a5a0e95f36e2792d48e6e4b64e665eb01374 (git) Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < eaff392c1e34fb77cc61505a31b0191e5e46e271 (git) Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < d9d48d70e922b272875cda60d2ada89291c840cf (git) Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < ef80520be0ff78ae5ed44cb6eee1525e65bebe70 (git) Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < 62c2d63605ca25b5db78a347ed303c0a0a77d5b4 (git) Affected: 312416d9171a1460b7ed8d182b5b540c910ce80d , < f9bb896eab221618927ae6a2f1d566567999839d (git) |
|
| Linux | Linux |
Affected:
4.18
Unaffected: 0 , < 4.18 (semver) Unaffected: 5.4.283 , ≤ 5.4.* (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.108 , ≤ 6.1.* (semver) Unaffected: 6.6.49 , ≤ 6.6.* (semver) Unaffected: 6.10.8 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:07:23.732311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:07:38.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:27.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/cmd-db.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0ee9594c974368a17e85a431e9fe1c14fb65c278",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
},
{
"lessThan": "f5a5a5a0e95f36e2792d48e6e4b64e665eb01374",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
},
{
"lessThan": "eaff392c1e34fb77cc61505a31b0191e5e46e271",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
},
{
"lessThan": "d9d48d70e922b272875cda60d2ada89291c840cf",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
},
{
"lessThan": "ef80520be0ff78ae5ed44cb6eee1525e65bebe70",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
},
{
"lessThan": "62c2d63605ca25b5db78a347ed303c0a0a77d5b4",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
},
{
"lessThan": "f9bb896eab221618927ae6a2f1d566567999839d",
"status": "affected",
"version": "312416d9171a1460b7ed8d182b5b540c910ce80d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/cmd-db.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.108",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.49",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.8",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas \"write\" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:30.215Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278"
},
{
"url": "https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374"
},
{
"url": "https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271"
},
{
"url": "https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf"
},
{
"url": "https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70"
},
{
"url": "https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4"
},
{
"url": "https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d"
}
],
"title": "soc: qcom: cmd-db: Map shared memory as WC, not WB",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46689",
"datePublished": "2024-09-13T05:29:19.713Z",
"dateReserved": "2024-09-11T15:12:18.249Z",
"dateUpdated": "2026-05-11T20:34:30.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46694 (GCVE-0-2024-46694)
Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
drm/amd/display: avoid using null object of framebuffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: avoid using null object of framebuffer
Instead of using state->fb->obj[0] directly, get object from framebuffer
by calling drm_gem_fb_get_obj() and return error code when object is
null to avoid using null object of framebuffer.
(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5d945cbcd4b16a29d6470a80dfb19738f9a4319f , < 093ee72ed35c2338c87c26b6ba6f0b7789c9e14e
(git)
Affected: 5d945cbcd4b16a29d6470a80dfb19738f9a4319f , < f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0 (git) Affected: 5d945cbcd4b16a29d6470a80dfb19738f9a4319f , < 49e1b214f3239b78967c6ddb8f8ec47ae047b051 (git) Affected: 5d945cbcd4b16a29d6470a80dfb19738f9a4319f , < 3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.1.108 , ≤ 6.1.* (semver) Unaffected: 6.6.49 , ≤ 6.6.* (semver) Unaffected: 6.10.8 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:06:03.603728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:06:18.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:29.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "093ee72ed35c2338c87c26b6ba6f0b7789c9e14e",
"status": "affected",
"version": "5d945cbcd4b16a29d6470a80dfb19738f9a4319f",
"versionType": "git"
},
{
"lessThan": "f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0",
"status": "affected",
"version": "5d945cbcd4b16a29d6470a80dfb19738f9a4319f",
"versionType": "git"
},
{
"lessThan": "49e1b214f3239b78967c6ddb8f8ec47ae047b051",
"status": "affected",
"version": "5d945cbcd4b16a29d6470a80dfb19738f9a4319f",
"versionType": "git"
},
{
"lessThan": "3b9a33235c773c7a3768060cf1d2cf8a9153bc37",
"status": "affected",
"version": "5d945cbcd4b16a29d6470a80dfb19738f9a4319f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.108",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.49",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.8",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:36.058Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e"
},
{
"url": "https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0"
},
{
"url": "https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051"
},
{
"url": "https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37"
}
],
"title": "drm/amd/display: avoid using null object of framebuffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46694",
"datePublished": "2024-09-13T05:29:22.889Z",
"dateReserved": "2024-09-11T15:12:18.249Z",
"dateUpdated": "2026-05-11T20:34:36.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46702 (GCVE-0-2024-46702)
Vulnerability from cvelistv5 – Published: 2024-09-13 06:27 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
thunderbolt: Mark XDomain as unplugged when router is removed
Summary
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Mark XDomain as unplugged when router is removed
I noticed that when we do discrete host router NVM upgrade and it gets
hot-removed from the PCIe side as a result of NVM firmware authentication,
if there is another host connected with enabled paths we hang in tearing
them down. This is due to fact that the Thunderbolt networking driver
also tries to cleanup the paths and ends up blocking in
tb_disconnect_xdomain_paths() waiting for the domain lock.
However, at this point we already cleaned the paths in tb_stop() so
there is really no need for tb_disconnect_xdomain_paths() to do that
anymore. Furthermore it already checks if the XDomain is unplugged and
bails out early so take advantage of that and mark the XDomain as
unplugged when we remove the parent router.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
16603153666d22df544ae9f9b3764fd18da28eeb , < 747bc154577de6e6af4bc99abfa859b8419bb4d8
(git)
Affected: 16603153666d22df544ae9f9b3764fd18da28eeb , < 23ce6ba3b95488a2b9e9f6d43b340da0c15395dc (git) Affected: 16603153666d22df544ae9f9b3764fd18da28eeb , < 80ac8d194831eca0c2f4fd862f7925532fda320c (git) Affected: 16603153666d22df544ae9f9b3764fd18da28eeb , < 18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d (git) Affected: 16603153666d22df544ae9f9b3764fd18da28eeb , < 7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1 (git) Affected: 16603153666d22df544ae9f9b3764fd18da28eeb , < e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (git) |
|
| Linux | Linux |
Affected:
3.17
Unaffected: 0 , < 3.17 (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:03:56.451430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:04:10.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:33.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thunderbolt/switch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "747bc154577de6e6af4bc99abfa859b8419bb4d8",
"status": "affected",
"version": "16603153666d22df544ae9f9b3764fd18da28eeb",
"versionType": "git"
},
{
"lessThan": "23ce6ba3b95488a2b9e9f6d43b340da0c15395dc",
"status": "affected",
"version": "16603153666d22df544ae9f9b3764fd18da28eeb",
"versionType": "git"
},
{
"lessThan": "80ac8d194831eca0c2f4fd862f7925532fda320c",
"status": "affected",
"version": "16603153666d22df544ae9f9b3764fd18da28eeb",
"versionType": "git"
},
{
"lessThan": "18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d",
"status": "affected",
"version": "16603153666d22df544ae9f9b3764fd18da28eeb",
"versionType": "git"
},
{
"lessThan": "7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1",
"status": "affected",
"version": "16603153666d22df544ae9f9b3764fd18da28eeb",
"versionType": "git"
},
{
"lessThan": "e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d",
"status": "affected",
"version": "16603153666d22df544ae9f9b3764fd18da28eeb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thunderbolt/switch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:44.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8"
},
{
"url": "https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc"
},
{
"url": "https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c"
},
{
"url": "https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d"
},
{
"url": "https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1"
},
{
"url": "https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d"
}
],
"title": "thunderbolt: Mark XDomain as unplugged when router is removed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46702",
"datePublished": "2024-09-13T06:27:30.550Z",
"dateReserved": "2024-09-11T15:12:18.251Z",
"dateUpdated": "2026-05-11T20:34:44.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46707 (GCVE-0-2024-46707)
Vulnerability from cvelistv5 – Published: 2024-09-13 06:27 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
On a system with a GICv3, if a guest hasn't been configured with
GICv3 and that the host is not capable of GICv2 emulation,
a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.
We therefore try to emulate the SGI access, only to hit a NULL
pointer as no private interrupt is allocated (no GIC, remember?).
The obvious fix is to give the guest what it deserves, in the
shape of a UNDEF exception.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 15818af2f7aa55eff375333cb7689df15d3f24ef
(git)
Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 96b076e8ee5bc3a1126848c8add0f74bd30dc9d1 (git) Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d (git) Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92 (git) Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 2073132f6ed3079369e857a8deb33d11bdd983bc (git) Affected: 6211753fdfd05af9e08f54c8d0ba3ee516034878 , < 3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (git) |
|
| Linux | Linux |
Affected:
3.11
Unaffected: 0 , < 3.11 (semver) Unaffected: 5.10.225 , ≤ 5.10.* (semver) Unaffected: 5.15.166 , ≤ 5.15.* (semver) Unaffected: 6.1.107 , ≤ 6.1.* (semver) Unaffected: 6.6.48 , ≤ 6.6.* (semver) Unaffected: 6.10.7 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:02:32.191138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:02:47.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:36.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/sys_regs.c",
"arch/arm64/kvm/vgic/vgic.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15818af2f7aa55eff375333cb7689df15d3f24ef",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "96b076e8ee5bc3a1126848c8add0f74bd30dc9d1",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "2073132f6ed3079369e857a8deb33d11bdd983bc",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
},
{
"lessThan": "3e6245ebe7ef341639e9a7e402b3ade8ad45a19f",
"status": "affected",
"version": "6211753fdfd05af9e08f54c8d0ba3ee516034878",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/sys_regs.c",
"arch/arm64/kvm/vgic/vgic.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn\u0027t been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:49.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef"
},
{
"url": "https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1"
},
{
"url": "https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d"
},
{
"url": "https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92"
},
{
"url": "https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc"
},
{
"url": "https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f"
}
],
"title": "KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46707",
"datePublished": "2024-09-13T06:27:33.709Z",
"dateReserved": "2024-09-11T15:12:18.252Z",
"dateUpdated": "2026-05-11T20:34:49.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46711 (GCVE-0-2024-46711)
Vulnerability from cvelistv5 – Published: 2024-09-13 06:33 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
mptcp: pm: fix ID 0 endp usage after multiple re-creations
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: fix ID 0 endp usage after multiple re-creations
'local_addr_used' and 'add_addr_accepted' are decremented for addresses
not related to the initial subflow (ID0), because the source and
destination addresses of the initial subflows are known from the
beginning: they don't count as "additional local address being used" or
"ADD_ADDR being accepted".
It is then required not to increment them when the entrypoint used by
the initial subflow is removed and re-added during a connection. Without
this modification, this entrypoint cannot be removed and re-added more
than once.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3ad14f54bd7448384458e69f0183843f683ecce8 , < c9c744666f7308a4daba520191e29d395260bcfe
(git)
Affected: 3ad14f54bd7448384458e69f0183843f683ecce8 , < 53e2173172d26c0617b29dd83618b71664bed1fb (git) Affected: 3ad14f54bd7448384458e69f0183843f683ecce8 , < 119806ae4e46cf239db8e6ad92bc2fd3daae86dc (git) Affected: 3ad14f54bd7448384458e69f0183843f683ecce8 , < 9366922adc6a71378ca01f898c41be295309f044 (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.1.109 , ≤ 6.1.* (semver) Unaffected: 6.6.49 , ≤ 6.6.* (semver) Unaffected: 6.10.8 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:59:30.987140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:59:46.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:39.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c9c744666f7308a4daba520191e29d395260bcfe",
"status": "affected",
"version": "3ad14f54bd7448384458e69f0183843f683ecce8",
"versionType": "git"
},
{
"lessThan": "53e2173172d26c0617b29dd83618b71664bed1fb",
"status": "affected",
"version": "3ad14f54bd7448384458e69f0183843f683ecce8",
"versionType": "git"
},
{
"lessThan": "119806ae4e46cf239db8e6ad92bc2fd3daae86dc",
"status": "affected",
"version": "3ad14f54bd7448384458e69f0183843f683ecce8",
"versionType": "git"
},
{
"lessThan": "9366922adc6a71378ca01f898c41be295309f044",
"status": "affected",
"version": "3ad14f54bd7448384458e69f0183843f683ecce8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.49",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.8",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\u0027local_addr_used\u0027 and \u0027add_addr_accepted\u0027 are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\u0027t count as \"additional local address being used\" or\n\"ADD_ADDR being accepted\".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:54.538Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe"
},
{
"url": "https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb"
},
{
"url": "https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc"
},
{
"url": "https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044"
}
],
"title": "mptcp: pm: fix ID 0 endp usage after multiple re-creations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46711",
"datePublished": "2024-09-13T06:33:42.956Z",
"dateReserved": "2024-09-11T15:12:18.252Z",
"dateUpdated": "2026-05-11T20:34:54.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46713 (GCVE-0-2024-46713)
Vulnerability from cvelistv5 – Published: 2024-09-13 14:49 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
perf/aux: Fix AUX buffer serialization
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/aux: Fix AUX buffer serialization
Ole reported that event->mmap_mutex is strictly insufficient to
serialize the AUX buffer, add a per RB mutex to fully serialize it.
Note that in the lock order comment the perf_event::mmap_mutex order
was already wrong, that is, it nesting under mmap_lock is not new with
this patch.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
45bfb2e50471abbbfd83d40d28c986078b0d24ff , < 7882923f1cb88dc1a17f2bf0c81b1fc80d44db82
(git)
Affected: 45bfb2e50471abbbfd83d40d28c986078b0d24ff , < 52d13d224fdf1299c8b642807fa1ea14d693f5ff (git) Affected: 45bfb2e50471abbbfd83d40d28c986078b0d24ff , < 9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d (git) Affected: 45bfb2e50471abbbfd83d40d28c986078b0d24ff , < c4b69bee3f4ef76809288fe6827bc14d4ae788ef (git) Affected: 45bfb2e50471abbbfd83d40d28c986078b0d24ff , < b9b6882e243b653d379abbeaa64a500182aba370 (git) Affected: 45bfb2e50471abbbfd83d40d28c986078b0d24ff , < 2ab9d830262c132ab5db2f571003d80850d56b2a (git) |
|
| Linux | Linux |
Affected:
4.1
Unaffected: 0 , < 4.1 (semver) Unaffected: 5.10.226 , ≤ 5.10.* (semver) Unaffected: 5.15.167 , ≤ 5.15.* (semver) Unaffected: 6.1.110 , ≤ 6.1.* (semver) Unaffected: 6.6.51 , ≤ 6.6.* (semver) Unaffected: 6.10.10 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:58:57.910208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:59:13.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:42.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c",
"kernel/events/internal.h",
"kernel/events/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7882923f1cb88dc1a17f2bf0c81b1fc80d44db82",
"status": "affected",
"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
"versionType": "git"
},
{
"lessThan": "52d13d224fdf1299c8b642807fa1ea14d693f5ff",
"status": "affected",
"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
"versionType": "git"
},
{
"lessThan": "9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d",
"status": "affected",
"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
"versionType": "git"
},
{
"lessThan": "c4b69bee3f4ef76809288fe6827bc14d4ae788ef",
"status": "affected",
"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
"versionType": "git"
},
{
"lessThan": "b9b6882e243b653d379abbeaa64a500182aba370",
"status": "affected",
"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
"versionType": "git"
},
{
"lessThan": "2ab9d830262c132ab5db2f571003d80850d56b2a",
"status": "affected",
"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c",
"kernel/events/internal.h",
"kernel/events/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event-\u003emmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:56.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82"
},
{
"url": "https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff"
},
{
"url": "https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d"
},
{
"url": "https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef"
},
{
"url": "https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370"
},
{
"url": "https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a"
}
],
"title": "perf/aux: Fix AUX buffer serialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46713",
"datePublished": "2024-09-13T14:49:13.691Z",
"dateReserved": "2024-09-11T15:12:18.254Z",
"dateUpdated": "2026-05-11T20:34:56.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46714 (GCVE-0-2024-46714)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
Callers can pass null in filter (i.e. from returned from the function
wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is
not the case.
This fixes 4 NULL_RETURNS issues reported by Coverity.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0364f1f17a86d89dc39040beea4f099e60189f1b
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c083c8be6bdd046049884bec076660d4ec9a19ca (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6d94c05a13fadd80c3e732f14c83b2632ebfaa50 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1726914cb17cedab233820d26b86764dc08857b4 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e3a95f29647ae45d1ec9541cd7df64f40bf2120a (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 54834585e91cab13e9f82d3a811deb212a4df786 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4d31653c03b90e51515b1380115d1aedad925dd (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 5.4.284 , ≤ 5.4.* (semver) Unaffected: 5.10.226 , ≤ 5.10.* (semver) Unaffected: 5.15.167 , ≤ 5.15.* (semver) Unaffected: 6.1.109 , ≤ 6.1.* (semver) Unaffected: 6.6.50 , ≤ 6.6.* (semver) Unaffected: 6.10.9 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:58:41.401345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:58:56.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:45.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0364f1f17a86d89dc39040beea4f099e60189f1b",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c083c8be6bdd046049884bec076660d4ec9a19ca",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6d94c05a13fadd80c3e732f14c83b2632ebfaa50",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "1726914cb17cedab233820d26b86764dc08857b4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e3a95f29647ae45d1ec9541cd7df64f40bf2120a",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "54834585e91cab13e9f82d3a811deb212a4df786",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c4d31653c03b90e51515b1380115d1aedad925dd",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:57.991Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b"
},
{
"url": "https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca"
},
{
"url": "https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50"
},
{
"url": "https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4"
},
{
"url": "https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a"
},
{
"url": "https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786"
},
{
"url": "https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd"
}
],
"title": "drm/amd/display: Skip wbscl_set_scaler_filter if filter is null",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46714",
"datePublished": "2024-09-18T06:32:14.852Z",
"dateReserved": "2024-09-11T15:12:18.254Z",
"dateUpdated": "2026-05-11T20:34:57.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46715 (GCVE-0-2024-46715)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-05-11 20:34
VLAI
EPSS
Title
driver: iio: add missing checks on iio_info's callback access
Summary
In the Linux kernel, the following vulnerability has been resolved:
driver: iio: add missing checks on iio_info's callback access
Some callbacks from iio_info structure are accessed without any check, so
if a driver doesn't implement them trying to access the corresponding
sysfs entries produce a kernel oops such as:
[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute
[...]
[ 2203.783416] Call trace:
[ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48
[ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120
[ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4
[ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0
[ 2203.802236] vfs_read from ksys_read+0xa4/0xd4
[ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54
[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)
[ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000
[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000
[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0
[ 2203.830363] Code: bad PC value
[ 2203.832695] ---[ end trace 0000000000000000 ]---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
51239600074bc9979b0a0e83b72c726d7dcc3132 , < 2b961d5786b4b31c367c719a2f918569b444c007
(git)
Affected: 51239600074bc9979b0a0e83b72c726d7dcc3132 , < 0cc7e0ee31e5c44904e98e2229d591e093282a70 (git) Affected: 51239600074bc9979b0a0e83b72c726d7dcc3132 , < 72f022ebb9deac28663fa4c04ba315ed5d6654d1 (git) Affected: 51239600074bc9979b0a0e83b72c726d7dcc3132 , < dc537a72f64890d883d24ae4ac58733fc5bc523d (git) Affected: 51239600074bc9979b0a0e83b72c726d7dcc3132 , < c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (git) |
|
| Linux | Linux |
Affected:
4.10
Unaffected: 0 , < 4.10 (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.109 , ≤ 6.1.* (semver) Unaffected: 6.6.50 , ≤ 6.6.* (semver) Unaffected: 6.10.9 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:58:24.856339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:58:39.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:46.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/industrialio-core.c",
"drivers/iio/industrialio-event.c",
"drivers/iio/inkern.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b961d5786b4b31c367c719a2f918569b444c007",
"status": "affected",
"version": "51239600074bc9979b0a0e83b72c726d7dcc3132",
"versionType": "git"
},
{
"lessThan": "0cc7e0ee31e5c44904e98e2229d591e093282a70",
"status": "affected",
"version": "51239600074bc9979b0a0e83b72c726d7dcc3132",
"versionType": "git"
},
{
"lessThan": "72f022ebb9deac28663fa4c04ba315ed5d6654d1",
"status": "affected",
"version": "51239600074bc9979b0a0e83b72c726d7dcc3132",
"versionType": "git"
},
{
"lessThan": "dc537a72f64890d883d24ae4ac58733fc5bc523d",
"status": "affected",
"version": "51239600074bc9979b0a0e83b72c726d7dcc3132",
"versionType": "git"
},
{
"lessThan": "c4ec8dedca961db056ec85cb7ca8c9f7e2e92252",
"status": "affected",
"version": "51239600074bc9979b0a0e83b72c726d7dcc3132",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/industrialio-core.c",
"drivers/iio/industrialio-event.c",
"drivers/iio/inkern.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info\u0027s callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn\u0027t implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236] vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:34:59.156Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b961d5786b4b31c367c719a2f918569b444c007"
},
{
"url": "https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70"
},
{
"url": "https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1"
},
{
"url": "https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d"
},
{
"url": "https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252"
}
],
"title": "driver: iio: add missing checks on iio_info\u0027s callback access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46715",
"datePublished": "2024-09-18T06:32:15.466Z",
"dateReserved": "2024-09-11T15:12:18.254Z",
"dateUpdated": "2026-05-11T20:34:59.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46716 (GCVE-0-2024-46716)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-05-11 20:35
VLAI
EPSS
Title
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Remove list_del call in msgdma_chan_desc_cleanup, this should be the role
of msgdma_free_descriptor. In consequence replace list_add_tail with
list_move_tail in msgdma_free_descriptor.
This fixes the path:
msgdma_free_chan_resources -> msgdma_free_descriptors ->
msgdma_free_desc_list -> msgdma_free_descriptor
which does not correctly free the descriptors as first nodes were not
removed from the list.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a85c6f1b2921cbd2f54666a52804f407c4a064fe , < a3480e59fdbe5585d2d1eff0bed7671583acf725
(git)
Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < 20bf2920a869f9dbda0ef8c94c87d1901a64a716 (git) Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < db67686676c7becc1910bf1d6d51505876821863 (git) Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < 54e4ada1a4206f878e345ae01cf37347d803d1b1 (git) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 6.1.109 , ≤ 6.1.* (semver) Unaffected: 6.6.50 , ≤ 6.6.* (semver) Unaffected: 6.10.9 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:58:09.271369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:58:23.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:48.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/altera-msgdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a3480e59fdbe5585d2d1eff0bed7671583acf725",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "20bf2920a869f9dbda0ef8c94c87d1901a64a716",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "db67686676c7becc1910bf1d6d51505876821863",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "54e4ada1a4206f878e345ae01cf37347d803d1b1",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/altera-msgdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n msgdma_free_chan_resources -\u003e msgdma_free_descriptors -\u003e\n msgdma_free_desc_list -\u003e msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:35:00.373Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725"
},
{
"url": "https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716"
},
{
"url": "https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863"
},
{
"url": "https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1"
}
],
"title": "dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46716",
"datePublished": "2024-09-18T06:32:16.084Z",
"dateReserved": "2024-09-11T15:12:18.254Z",
"dateUpdated": "2026-05-11T20:35:00.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…