Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0906
Vulnerability from certfr_avis - Published: 2024-10-18 - Updated: 2024-10-18
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2024-27051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27051"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-26984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26984"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-38583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38583"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-39480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39480"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2022-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48791"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2023-52527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52527"
},
{
"name": "CVE-2024-26880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26880"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2022-48863",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48863"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42160"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-45001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45001"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2023-52510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52510"
},
{
"name": "CVE-2024-27436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27436"
},
{
"name": "CVE-2024-38570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38570"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-38630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38630"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2024-38611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38611"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2021-47188",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47188"
},
{
"name": "CVE-2024-38621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38621"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-26641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26641"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
}
],
"initial_release_date": "2024-10-18T00:00:00",
"last_revision_date": "2024-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0906",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7072-1",
"url": "https://ubuntu.com/security/notices/USN-7072-1"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7071-1",
"url": "https://ubuntu.com/security/notices/USN-7071-1"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7028-2",
"url": "https://ubuntu.com/security/notices/USN-7028-2"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7073-1",
"url": "https://ubuntu.com/security/notices/USN-7073-1"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7076-1",
"url": "https://ubuntu.com/security/notices/USN-7076-1"
},
{
"published_at": "2024-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7020-4",
"url": "https://ubuntu.com/security/notices/USN-7020-4"
},
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7069-1",
"url": "https://ubuntu.com/security/notices/USN-7069-1"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7073-2",
"url": "https://ubuntu.com/security/notices/USN-7073-2"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7069-2",
"url": "https://ubuntu.com/security/notices/USN-7069-2"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7074-1",
"url": "https://ubuntu.com/security/notices/USN-7074-1"
}
]
}
CVE-2024-41009 (GCVE-0-2024-41009)
Vulnerability from cvelistv5 – Published: 2024-07-17 06:10 – Updated: 2026-05-11 20:24
VLAI
EPSS
Title
bpf: Fix overrunning reservations in ringbuf
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
457f44363a8894135c85b7a9afd2bd8196db24ab , < be35504b959f2749bab280f4671e8df96dcf836f
(git)
Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < 0f98f40eb1ed52af8b81f61901b6c0289ff59de4 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < d1b9df0435bc61e0b44f578846516df8ef476686 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < 511804ab701c0503b72eac08217eabfd366ba069 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < 47416c852f2a04d348ea66ee451cbdcf8119f225 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < cfa1a2329a691ffd991fcf7248a57d752e712881 (git) |
|
| Linux | Linux |
Affected:
5.8
Unaffected: 0 , < 5.8 (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.97 , ≤ 6.1.* (semver) Unaffected: 6.6.37 , ≤ 6.6.* (semver) Unaffected: 6.9.8 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:13.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:25:12.740807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:06.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/ringbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be35504b959f2749bab280f4671e8df96dcf836f",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "0f98f40eb1ed52af8b81f61901b6c0289ff59de4",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "d1b9df0435bc61e0b44f578846516df8ef476686",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "511804ab701c0503b72eac08217eabfd366ba069",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "47416c852f2a04d348ea66ee451cbdcf8119f225",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "cfa1a2329a691ffd991fcf7248a57d752e712881",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/ringbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:24:16.044Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686"
},
{
"url": "https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069"
},
{
"url": "https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225"
},
{
"url": "https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881"
}
],
"title": "bpf: Fix overrunning reservations in ringbuf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41009",
"datePublished": "2024-07-17T06:10:11.351Z",
"dateReserved": "2024-07-12T12:17:45.610Z",
"dateUpdated": "2026-05-11T20:24:16.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41073 (GCVE-0-2024-41073)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
nvme: avoid double free special payload
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme: avoid double free special payload
If a discard request needs to be retried, and that retry may fail before
a new special payload is added, a double free will result. Clear the
RQF_SPECIAL_LOAD when the request is cleaned.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f9d03f96b988002027d4b28ea1b7a24729a4c9b5 , < 882574942a9be8b9d70d13462ddacc80c4b385ba
(git)
Affected: f9d03f96b988002027d4b28ea1b7a24729a4c9b5 , < c5942a14f795de957ae9d66027aac8ff4fe70057 (git) Affected: f9d03f96b988002027d4b28ea1b7a24729a4c9b5 , < f3ab45aacd25d957547fb6d115c1574c20964b3b (git) Affected: f9d03f96b988002027d4b28ea1b7a24729a4c9b5 , < ae84383c96d6662c24697ab6b44aae855ab670aa (git) Affected: f9d03f96b988002027d4b28ea1b7a24729a4c9b5 , < 1b9fd1265fac85916f90b4648de02adccdb7220b (git) Affected: f9d03f96b988002027d4b28ea1b7a24729a4c9b5 , < e5d574ab37f5f2e7937405613d9b1a724811e5ad (git) |
|
| Linux | Linux |
Affected:
4.10
Unaffected: 0 , < 4.10 (semver) Unaffected: 5.10.237 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.101 , ≤ 6.1.* (semver) Unaffected: 6.6.42 , ≤ 6.6.* (semver) Unaffected: 6.9.11 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:26.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:30.593926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:00.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "882574942a9be8b9d70d13462ddacc80c4b385ba",
"status": "affected",
"version": "f9d03f96b988002027d4b28ea1b7a24729a4c9b5",
"versionType": "git"
},
{
"lessThan": "c5942a14f795de957ae9d66027aac8ff4fe70057",
"status": "affected",
"version": "f9d03f96b988002027d4b28ea1b7a24729a4c9b5",
"versionType": "git"
},
{
"lessThan": "f3ab45aacd25d957547fb6d115c1574c20964b3b",
"status": "affected",
"version": "f9d03f96b988002027d4b28ea1b7a24729a4c9b5",
"versionType": "git"
},
{
"lessThan": "ae84383c96d6662c24697ab6b44aae855ab670aa",
"status": "affected",
"version": "f9d03f96b988002027d4b28ea1b7a24729a4c9b5",
"versionType": "git"
},
{
"lessThan": "1b9fd1265fac85916f90b4648de02adccdb7220b",
"status": "affected",
"version": "f9d03f96b988002027d4b28ea1b7a24729a4c9b5",
"versionType": "git"
},
{
"lessThan": "e5d574ab37f5f2e7937405613d9b1a724811e5ad",
"status": "affected",
"version": "f9d03f96b988002027d4b28ea1b7a24729a4c9b5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:39.715Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/882574942a9be8b9d70d13462ddacc80c4b385ba"
},
{
"url": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057"
},
{
"url": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b"
},
{
"url": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa"
},
{
"url": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b"
},
{
"url": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad"
}
],
"title": "nvme: avoid double free special payload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41073",
"datePublished": "2024-07-29T14:57:33.253Z",
"dateReserved": "2024-07-12T12:17:45.631Z",
"dateUpdated": "2026-05-11T20:25:39.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41097 (GCVE-0-2024-41097)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
Syzbot is still reporting quite an old issue [1] that occurs due to
incomplete checking of present usb endpoints. As such, wrong
endpoints types may be used at urb sumbitting stage which in turn
triggers a warning in usb_submit_urb().
Fix the issue by verifying that required endpoint types are present
for both in and out endpoints, taking into account cmd endpoint type.
Unfortunately, this patch has not been tested on real hardware.
[1] Syzbot report:
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
...
Call Trace:
cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649
cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760
cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209
usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055
cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363
usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x23c/0xcd0 drivers/base/dd.c:595
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
__device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
__device_attach+0x228/0x4a0 drivers/base/dd.c:965
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
device_add+0xc2f/0x2180 drivers/base/core.c:3354
usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
902ffc3c707c1d459ea57428a619a807cbe412f9 , < 5159a81924311c1ec786ad9fdef784ead8676a6a
(git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 23926d316d2836315cb113569f91393266eb5b47 (git) Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 75ddbf776dd04a09fb9e5267ead5d0c989f84506 (git) Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 1aac4be1aaa5177506219f01dce5e29194e5e95a (git) Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 5584c776a1af7807ca815ee6265f2c1429fc5727 (git) Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < f536f09eb45e4de8d1b9accee9d992aa1846f1d4 (git) Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < ac9007520e392541a29daebaae8b9109007bc781 (git) Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 2eabb655a968b862bc0c31629a09f0fbf3c80d51 (git) Affected: aef30a0bfdf6c10565285fff1ae8400b34ee0d81 (git) Affected: 2.6.35.5 , < 2.6.36 (semver) |
|
| Linux | Linux |
Affected:
2.6.36
Unaffected: 0 , < 2.6.36 (semver) Unaffected: 4.19.317 , ≤ 4.19.* (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.97 , ≤ 6.1.* (semver) Unaffected: 6.6.37 , ≤ 6.6.* (semver) Unaffected: 6.9.8 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:55.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:18.903942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/atm/cxacru.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5159a81924311c1ec786ad9fdef784ead8676a6a",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "23926d316d2836315cb113569f91393266eb5b47",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "75ddbf776dd04a09fb9e5267ead5d0c989f84506",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "1aac4be1aaa5177506219f01dce5e29194e5e95a",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "5584c776a1af7807ca815ee6265f2c1429fc5727",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "f536f09eb45e4de8d1b9accee9d992aa1846f1d4",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "ac9007520e392541a29daebaae8b9109007bc781",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "2eabb655a968b862bc0c31629a09f0fbf3c80d51",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"status": "affected",
"version": "aef30a0bfdf6c10565285fff1ae8400b34ee0d81",
"versionType": "git"
},
{
"lessThan": "2.6.36",
"status": "affected",
"version": "2.6.35.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/atm/cxacru.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.36"
},
{
"lessThan": "2.6.36",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.35.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:55.945Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a"
},
{
"url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47"
},
{
"url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506"
},
{
"url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a"
},
{
"url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727"
},
{
"url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4"
},
{
"url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781"
},
{
"url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51"
}
],
"title": "usb: atm: cxacru: fix endpoint checking in cxacru_bind()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41097",
"datePublished": "2024-07-29T15:48:10.175Z",
"dateReserved": "2024-07-12T12:17:45.637Z",
"dateUpdated": "2026-05-23T15:51:55.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42089 (GCVE-0-2024-42089)
Vulnerability from cvelistv5 – Published: 2024-07-29 16:26 – Updated: 2026-05-11 20:26
VLAI
EPSS
Title
ASoC: fsl-asoc-card: set priv->pdev before using it
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: fsl-asoc-card: set priv->pdev before using it
priv->pdev pointer was set after being used in
fsl_asoc_card_audmux_init().
Move this assignment at the start of the probe function, so
sub-functions can correctly use pdev through priv.
fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the
dev struct, used with dev_err macros.
As priv is zero-initialised, there would be a NULL pointer dereference.
Note that if priv->dev is dereferenced before assignment but never used,
for example if there is no error to be printed, the driver won't crash
probably due to compiler optimisations.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
708b4351f08c08ea93f773fb9197bdd3f3b08273 , < ae81535ce2503aabc4adab3472f4338070cdeb6a
(git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 8896e18b7c366f8faf9344abfd0971435f1c723a (git) Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 3662eb2170e59b58ad479982dc1084889ba757b9 (git) Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 544ab46b7ece6d6bebbdee5d5659c0a0f804a99a (git) Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 8faf91e58425c2f6ce773250dfd995f1c2d461ac (git) Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed (git) Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 7c18b4d89ff9c810b6e562408afda5ce165c4ea6 (git) Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 90f3feb24172185f1832636264943e8b5e289245 (git) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 4.19.317 , ≤ 4.19.* (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.97 , ≤ 6.1.* (semver) Unaffected: 6.6.37 , ≤ 6.6.* (semver) Unaffected: 6.9.8 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:01:21.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:44.318855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:01.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/fsl-asoc-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae81535ce2503aabc4adab3472f4338070cdeb6a",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "8896e18b7c366f8faf9344abfd0971435f1c723a",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "3662eb2170e59b58ad479982dc1084889ba757b9",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "544ab46b7ece6d6bebbdee5d5659c0a0f804a99a",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "8faf91e58425c2f6ce773250dfd995f1c2d461ac",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "7c18b4d89ff9c810b6e562408afda5ce165c4ea6",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "90f3feb24172185f1832636264943e8b5e289245",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/fsl-asoc-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv-\u003epdev before using it\n\npriv-\u003epdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv-\u003epdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv-\u003edev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won\u0027t crash\nprobably due to compiler optimisations."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:26:46.996Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"
},
{
"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"
},
{
"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"
},
{
"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"
},
{
"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"
},
{
"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"
},
{
"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"
},
{
"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"
}
],
"title": "ASoC: fsl-asoc-card: set priv-\u003epdev before using it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42089",
"datePublished": "2024-07-29T16:26:29.288Z",
"dateReserved": "2024-07-29T15:50:41.171Z",
"dateUpdated": "2026-05-11T20:26:46.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42154 (GCVE-0-2024-42154)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-05-11 20:28
VLAI
EPSS
Title
tcp_metrics: validate source addr length
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long, and the policy doesn't have an entry
for this attribute at all (neither does it for IPv6 but v6 is
manually validated).
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < 19d997b59fa1fd7a02e770ee0881c0652b9c32c9
(git)
Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < 2a2e79dbe2236a1289412d2044994f7ab419b44c (git) Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < cdffc358717e436bb67122bb82c1a2a26e050f98 (git) Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < ef7c428b425beeb52b894e16f1c4b629d6cebfb6 (git) Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < 31f03bb04146c1c6df6c03e9f45401f5f5a985d3 (git) Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < 8c2debdd170e395934ac0e039748576dfde14e99 (git) Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < 3d550dd5418729a6e77fe7721d27adea7152e321 (git) Affected: 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 , < 66be40e622e177316ae81717aa30057ba9e61dff (git) |
|
| Linux | Linux |
Affected:
3.14
Unaffected: 0 , < 3.14 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.9 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:18.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240828-0010/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/24/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/24/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/25/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:15.159948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:34.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_metrics.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19d997b59fa1fd7a02e770ee0881c0652b9c32c9",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "2a2e79dbe2236a1289412d2044994f7ab419b44c",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "cdffc358717e436bb67122bb82c1a2a26e050f98",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "ef7c428b425beeb52b894e16f1c4b629d6cebfb6",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "31f03bb04146c1c6df6c03e9f45401f5f5a985d3",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "8c2debdd170e395934ac0e039748576dfde14e99",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "3d550dd5418729a6e77fe7721d27adea7152e321",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
},
{
"lessThan": "66be40e622e177316ae81717aa30057ba9e61dff",
"status": "affected",
"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_metrics.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don\u0027t see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn\u0027t have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated)."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:28:01.090Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"
},
{
"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"
},
{
"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"
},
{
"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"
},
{
"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"
},
{
"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"
},
{
"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"
},
{
"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"
}
],
"title": "tcp_metrics: validate source addr length",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42154",
"datePublished": "2024-07-30T07:46:51.456Z",
"dateReserved": "2024-07-29T15:50:41.194Z",
"dateUpdated": "2026-05-11T20:28:01.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42157 (GCVE-0-2024-42157)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-05-11 20:28
VLAI
EPSS
Title
s390/pkey: Wipe sensitive data on failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe sensitive data on failure
Wipe sensitive data from stack also if the copy_to_user() fails.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 6e2e374403bf73140d0efc9541cb1b3bea55ac02
(git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < b5eb9176ebd4697bc248bf8d145e66d782cf5250 (git) Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 93c034c4314bc4c4450a3869cd5da298502346ad (git) Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 4889f117755b2f18c23045a0f57977f3ec130581 (git) Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c51795885c801b6b7e976717e0d6d45b1e5be0f0 (git) Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 90a01aefb84b09ccb6024d75d85bb8f620bd3487 (git) Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c44a2151e5d21c66b070a056c26471f30719b575 (git) Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 1d8c270de5eb74245d72325d285894a577a945d9 (git) |
|
| Linux | Linux |
Affected:
4.11
Unaffected: 0 , < 4.11 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.9 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:19.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:05.289606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:34.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e2e374403bf73140d0efc9541cb1b3bea55ac02",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "b5eb9176ebd4697bc248bf8d145e66d782cf5250",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "93c034c4314bc4c4450a3869cd5da298502346ad",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "4889f117755b2f18c23045a0f57977f3ec130581",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "c51795885c801b6b7e976717e0d6d45b1e5be0f0",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "90a01aefb84b09ccb6024d75d85bb8f620bd3487",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "c44a2151e5d21c66b070a056c26471f30719b575",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "1d8c270de5eb74245d72325d285894a577a945d9",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:28:05.328Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
},
{
"url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
},
{
"url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
},
{
"url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
},
{
"url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
},
{
"url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
},
{
"url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
},
{
"url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
}
],
"title": "s390/pkey: Wipe sensitive data on failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42157",
"datePublished": "2024-07-30T07:46:59.362Z",
"dateReserved": "2024-07-29T15:50:41.194Z",
"dateUpdated": "2026-05-11T20:28:05.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42159 (GCVE-0-2024-42159)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2026-05-11 20:28
VLAI
EPSS
Title
scsi: mpi3mr: Sanitise num_phys
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Sanitise num_phys
Information is stored in mr_sas_port->phy_mask, values larger then size of
this field shouldn't be allowed.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fc7212fd3100920fea711a80482d967388a4603c , < b869ec89d2ee923d46608b76e54c006680c9b4df
(git)
Affected: fc7212fd3100920fea711a80482d967388a4603c , < 586b41060113ae43032ec6c4a16d518cef5da6e0 (git) Affected: fc7212fd3100920fea711a80482d967388a4603c , < c8707901b53a48106d7501bdbd0350cefaefa4cf (git) Affected: fc7212fd3100920fea711a80482d967388a4603c , < 3668651def2c1622904e58b0280ee93121f2b10b (git) |
|
| Linux | Linux |
Affected:
6.1
Unaffected: 0 , < 6.1 (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.9 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:21.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:58.820193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:33.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpi3mr/mpi3mr_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b869ec89d2ee923d46608b76e54c006680c9b4df",
"status": "affected",
"version": "fc7212fd3100920fea711a80482d967388a4603c",
"versionType": "git"
},
{
"lessThan": "586b41060113ae43032ec6c4a16d518cef5da6e0",
"status": "affected",
"version": "fc7212fd3100920fea711a80482d967388a4603c",
"versionType": "git"
},
{
"lessThan": "c8707901b53a48106d7501bdbd0350cefaefa4cf",
"status": "affected",
"version": "fc7212fd3100920fea711a80482d967388a4603c",
"versionType": "git"
},
{
"lessThan": "3668651def2c1622904e58b0280ee93121f2b10b",
"status": "affected",
"version": "fc7212fd3100920fea711a80482d967388a4603c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpi3mr/mpi3mr_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port-\u003ephy_mask, values larger then size of\nthis field shouldn\u0027t be allowed."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:28:07.661Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df"
},
{
"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0"
},
{
"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf"
},
{
"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b"
}
],
"title": "scsi: mpi3mr: Sanitise num_phys",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42159",
"datePublished": "2024-07-30T07:47:01.276Z",
"dateReserved": "2024-07-29T15:50:41.195Z",
"dateUpdated": "2026-05-11T20:28:07.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42160 (GCVE-0-2024-42160)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2026-05-11 20:28
VLAI
EPSS
Title
f2fs: check validation of fault attrs in f2fs_build_fault_attr()
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: check validation of fault attrs in f2fs_build_fault_attr()
- It missed to check validation of fault attrs in parse_options(),
let's fix to add check condition in f2fs_build_fault_attr().
- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 6e5b601706ce05d94338cad598736d96bb8096c8
(git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d (git) Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 44958ca9e400f57bd0478115519ffc350fcee61e (git) Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < ecb641f424d6d1f055d149a15b892edcc92c504b (git) Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 4ed886b187f47447ad559619c48c086f432d2b77 (git) |
|
| Linux | Linux |
Affected:
3.8
Unaffected: 0 , < 3.8 (semver) Unaffected: 5.15.181 , ≤ 5.15.* (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.9 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:22.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:55.625986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:33.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/f2fs.h",
"fs/f2fs/super.c",
"fs/f2fs/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e5b601706ce05d94338cad598736d96bb8096c8",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "44958ca9e400f57bd0478115519ffc350fcee61e",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "ecb641f424d6d1f055d149a15b892edcc92c504b",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "4ed886b187f47447ad559619c48c086f432d2b77",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/f2fs.h",
"fs/f2fs/super.c",
"fs/f2fs/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet\u0027s fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:28:08.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e5b601706ce05d94338cad598736d96bb8096c8"
},
{
"url": "https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d"
},
{
"url": "https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e"
},
{
"url": "https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b"
},
{
"url": "https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77"
}
],
"title": "f2fs: check validation of fault attrs in f2fs_build_fault_attr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42160",
"datePublished": "2024-07-30T07:47:02.208Z",
"dateReserved": "2024-07-29T15:50:41.196Z",
"dateUpdated": "2026-05-11T20:28:08.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42223 (GCVE-0-2024-42223)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2026-05-11 20:28
VLAI
EPSS
Title
media: dvb-frontends: tda10048: Fix integer overflow
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: tda10048: Fix integer overflow
state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer
when multiplied by pll_mfactor.
Create a new 64 bit variable to hold the calculations.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d114153816ec188b20a37583e66da33d8b2798fe , < 8167e4d7dc086d4f7ca7897dcff3827e4d22c99a
(git)
Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 5c72587d024f087aecec0221eaff2fe850d856ce (git) Affected: d114153816ec188b20a37583e66da33d8b2798fe , < e1ba22618758e95e09c9fd30c69ccce38edf94c0 (git) Affected: d114153816ec188b20a37583e66da33d8b2798fe , < bd5620439959a7e02012588c724c6ff5143b80af (git) Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 1663e2474e4d777187d749a5c90ae83232db32bd (git) Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 8ac224e9371dc3c4eb666033e6b42d05cf5184a1 (git) Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8 (git) Affected: d114153816ec188b20a37583e66da33d8b2798fe , < 1aa1329a67cc214c3b7bd2a14d1301a795760b07 (git) |
|
| Linux | Linux |
Affected:
2.6.31
Unaffected: 0 , < 2.6.31 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.9 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:25.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:45.726631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/tda10048.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8167e4d7dc086d4f7ca7897dcff3827e4d22c99a",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "5c72587d024f087aecec0221eaff2fe850d856ce",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "e1ba22618758e95e09c9fd30c69ccce38edf94c0",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "bd5620439959a7e02012588c724c6ff5143b80af",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "1663e2474e4d777187d749a5c90ae83232db32bd",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "8ac224e9371dc3c4eb666033e6b42d05cf5184a1",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "1aa1329a67cc214c3b7bd2a14d1301a795760b07",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/tda10048.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:28:12.455Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a"
},
{
"url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce"
},
{
"url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0"
},
{
"url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af"
},
{
"url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd"
},
{
"url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1"
},
{
"url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8"
},
{
"url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07"
}
],
"title": "media: dvb-frontends: tda10048: Fix integer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42223",
"datePublished": "2024-07-30T07:47:04.861Z",
"dateReserved": "2024-07-30T07:40:12.249Z",
"dateUpdated": "2026-05-11T20:28:12.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42224 (GCVE-0-2024-42224)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2026-05-11 20:28
VLAI
EPSS
Title
net: dsa: mv88e6xxx: Correct check for empty list
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Correct check for empty list
Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO
busses") mv88e6xxx_default_mdio_bus() has checked that the
return value of list_first_entry() is non-NULL.
This appears to be intended to guard against the list chip->mdios being
empty. However, it is not the correct check as the implementation of
list_first_entry is not designed to return NULL for empty lists.
Instead, use list_first_entry_or_null() which does return NULL if the
list is empty.
Flagged by Smatch.
Compile tested only.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 47d28dde172696031c880c5778633cdca30394ee
(git)
Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 3bf8d70e1455f87856640c3433b3660a31001618 (git) Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 2a2fe25a103cef73cde356e6d09da10f607e93f5 (git) Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 8c2c3cca816d074c75a2801d1ca0dea7b0148114 (git) Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < aa03f591ef31ba603a4a99d05d25a0f21ab1cd89 (git) Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 3f25b5f1635449036692a44b771f39f772190c1d (git) Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < f75625db838ade28f032dacd0f0c8baca42ecde4 (git) Affected: a3c53be55c955b7150cda17874c3fcb4eeb97a89 , < 4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (git) |
|
| Linux | Linux |
Affected:
4.11
Unaffected: 0 , < 4.11 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.9 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:27.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:41.449489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:33.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/mv88e6xxx/chip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "47d28dde172696031c880c5778633cdca30394ee",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "3bf8d70e1455f87856640c3433b3660a31001618",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "2a2fe25a103cef73cde356e6d09da10f607e93f5",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "8c2c3cca816d074c75a2801d1ca0dea7b0148114",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "aa03f591ef31ba603a4a99d05d25a0f21ab1cd89",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "3f25b5f1635449036692a44b771f39f772190c1d",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "f75625db838ade28f032dacd0f0c8baca42ecde4",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/mv88e6xxx/chip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip-\u003emdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:28:13.633Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"
},
{
"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"
},
{
"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"
},
{
"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"
},
{
"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"
},
{
"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"
},
{
"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"
},
{
"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"
}
],
"title": "net: dsa: mv88e6xxx: Correct check for empty list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42224",
"datePublished": "2024-07-30T07:47:05.608Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2026-05-11T20:28:13.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…