Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0069
Vulnerability from certfr_avis - Published: 2025-01-24 - Updated: 2025-01-24
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2023-52904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52904"
},
{
"name": "CVE-2023-52532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52532"
},
{
"name": "CVE-2023-52621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52621"
},
{
"name": "CVE-2024-53238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53238"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-35951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35951"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-46855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46855"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-38632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38632"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-39463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39463"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-46859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46859"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-56757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56757"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-26947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26947"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2023-52639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52639"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-44942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44942"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-38667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38667"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-46852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46852"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-36893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36893"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-35904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35904"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-36968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36968"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38545"
}
],
"initial_release_date": "2025-01-24T00:00:00",
"last_revision_date": "2025-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0069",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7221-1",
"url": "https://ubuntu.com/security/notices/USN-7221-1"
},
{
"published_at": "2025-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7166-4",
"url": "https://ubuntu.com/security/notices/USN-7166-4"
}
]
}
CVE-2024-47735 (GCVE-0-2024-47735)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-12 11:58
VLAI
EPSS
Title
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
Fix missuse of spin_lock_irq()/spin_unlock_irq() when
spin_lock_irqsave()/spin_lock_irqrestore() was hold.
This was discovered through the lock debugging, and the corresponding
log is as follows:
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40
...
Call trace:
warn_bogus_irq_restore+0x30/0x40
_raw_spin_unlock_irqrestore+0x84/0xc8
add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]
hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]
hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]
create_qp+0x138/0x258
ib_create_qp_kernel+0x50/0xe8
create_mad_qp+0xa8/0x128
ib_mad_port_open+0x218/0x448
ib_mad_init_device+0x70/0x1f8
add_client_context+0xfc/0x220
enable_device_and_get+0xd0/0x140
ib_register_device.part.0+0xf4/0x1c8
ib_register_device+0x34/0x50
hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]
hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]
__hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]
hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9a4435375cd151e07c0c38fa601b00115986091b , < 07f0f643d7e570dbe8ef6f5c3367a43e3086a335
(git)
Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 29c0f546d3fd66238b42cf25bcd5f193bb1cf794 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 425589d4af09c49574bd71ac31f811362a5126c3 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 094a1821903f33fb91de4b71087773ee16aeb3a0 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 2656336a84fcb6802f6e6c233f4661891deea24f (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < a1a3403bb1826c8ec787f0d60c3e7b54f419129e (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 74d315b5af180220d561684d15897730135733a6 (git) |
|
| Linux | Linux |
Affected:
4.9
Unaffected: 0 , < 4.9 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:57.677353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:15.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:31.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:58:43.063Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07f0f643d7e570dbe8ef6f5c3367a43e3086a335",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "29c0f546d3fd66238b42cf25bcd5f193bb1cf794",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "425589d4af09c49574bd71ac31f811362a5126c3",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "094a1821903f33fb91de4b71087773ee16aeb3a0",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "2656336a84fcb6802f6e6c233f4661891deea24f",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "a1a3403bb1826c8ec787f0d60c3e7b54f419129e",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "74d315b5af180220d561684d15897730135733a6",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:44.234Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f0f643d7e570dbe8ef6f5c3367a43e3086a335"
},
{
"url": "https://git.kernel.org/stable/c/29c0f546d3fd66238b42cf25bcd5f193bb1cf794"
},
{
"url": "https://git.kernel.org/stable/c/425589d4af09c49574bd71ac31f811362a5126c3"
},
{
"url": "https://git.kernel.org/stable/c/094a1821903f33fb91de4b71087773ee16aeb3a0"
},
{
"url": "https://git.kernel.org/stable/c/2656336a84fcb6802f6e6c233f4661891deea24f"
},
{
"url": "https://git.kernel.org/stable/c/a1a3403bb1826c8ec787f0d60c3e7b54f419129e"
},
{
"url": "https://git.kernel.org/stable/c/74d315b5af180220d561684d15897730135733a6"
}
],
"title": "RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47735",
"datePublished": "2024-10-21T12:14:05.876Z",
"dateReserved": "2024-09-30T16:00:12.958Z",
"dateUpdated": "2026-05-12T11:58:43.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47737 (GCVE-0-2024-47737)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-12 11:58
VLAI
EPSS
Title
nfsd: call cache_put if xdr_reserve_space returns NULL
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call cache_put if xdr_reserve_space returns NULL
If not enough buffer space available, but idmap_lookup has triggered
lookup_fn which calls cache_get and returns successfully. Then we
missed to call cache_put here which pairs with cache_get.
Reviwed-by: Jeff Layton <jlayton@kernel.org>
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
14 references
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 3e8081ebff12bec1347deaceb6bce0765cce54df
(git)
Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < c6b16e700cf4d959af524bd9d3978407ff7ce462 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 9f03f0016ff797932551881c7e06ae50e9c39134 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 9803ab882d565a8fb2dde5999d98866d1c499dfd (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 81821617312988096f5deccf0f7da6f888e98056 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < a1afbbb5276f943ad7173d0b4c626b8c75a260da (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < e32ee6a61041925d1a05c14d10352dcfce9ef029 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 8d0765f86135e27f0bb5c950c136495719b4c834 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < d078cbf5c38de83bc31f83c47dcd2184c04a50c7 (git) |
|
| Linux | Linux |
Affected:
3.16
Unaffected: 0 , < 3.16 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:42.866272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:32.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:58:49.610Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4idmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3e8081ebff12bec1347deaceb6bce0765cce54df",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "c6b16e700cf4d959af524bd9d3978407ff7ce462",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "9f03f0016ff797932551881c7e06ae50e9c39134",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "9803ab882d565a8fb2dde5999d98866d1c499dfd",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "81821617312988096f5deccf0f7da6f888e98056",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "a1afbbb5276f943ad7173d0b4c626b8c75a260da",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "e32ee6a61041925d1a05c14d10352dcfce9ef029",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "8d0765f86135e27f0bb5c950c136495719b4c834",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "d078cbf5c38de83bc31f83c47dcd2184c04a50c7",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4idmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: call cache_put if xdr_reserve_space returns NULL\n\nIf not enough buffer space available, but idmap_lookup has triggered\nlookup_fn which calls cache_get and returns successfully. Then we\nmissed to call cache_put here which pairs with cache_get.\n\nReviwed-by: Jeff Layton \u003cjlayton@kernel.org\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:46.764Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e8081ebff12bec1347deaceb6bce0765cce54df"
},
{
"url": "https://git.kernel.org/stable/c/c6b16e700cf4d959af524bd9d3978407ff7ce462"
},
{
"url": "https://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134"
},
{
"url": "https://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd"
},
{
"url": "https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056"
},
{
"url": "https://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da"
},
{
"url": "https://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029"
},
{
"url": "https://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834"
},
{
"url": "https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7"
}
],
"title": "nfsd: call cache_put if xdr_reserve_space returns NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47737",
"datePublished": "2024-10-21T12:14:07.168Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2026-05-12T11:58:49.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47739 (GCVE-0-2024-47739)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:39
VLAI
EPSS
Title
padata: use integer wrap around to prevent deadlock on seq_nr overflow
Summary
In the Linux kernel, the following vulnerability has been resolved:
padata: use integer wrap around to prevent deadlock on seq_nr overflow
When submitting more than 2^32 padata objects to padata_do_serial, the
current sorting implementation incorrectly sorts padata objects with
overflowed seq_nr, causing them to be placed before existing objects in
the reorder list. This leads to a deadlock in the serialization process
as padata_find_next cannot match padata->seq_nr and pd->processed
because the padata instance with overflowed seq_nr will be selected
next.
To fix this, we use an unsigned integer wrap around to correctly sort
padata objects in scenarios with integer overflow.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < 46c4079460f4dcaf445860679558eedef4e1bc91
(git)
Affected: bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < 72164d5b648951684b1a593996b37a6083c61d7d (git) Affected: bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < ab205e1c3846326f162180e56825b4ba38ce9c30 (git) Affected: bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < 1b8cf11b3ca593a8802a51802cd0c28c38501428 (git) Affected: bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < 9e279e6c1f012b82628b89e1b9c65dbefa8ca25a (git) Affected: bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < 1bd712de96ad7167fe0d608e706cd60587579f16 (git) Affected: bfde23ce200e6d33291d29b9b8b60cc2f30f0805 , < 9a22b2812393d93d84358a760c347c21939029a6 (git) |
|
| Linux | Linux |
Affected:
5.4
Unaffected: 0 , < 5.4 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:27.799629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:35.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46c4079460f4dcaf445860679558eedef4e1bc91",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
},
{
"lessThan": "72164d5b648951684b1a593996b37a6083c61d7d",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
},
{
"lessThan": "ab205e1c3846326f162180e56825b4ba38ce9c30",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
},
{
"lessThan": "1b8cf11b3ca593a8802a51802cd0c28c38501428",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
},
{
"lessThan": "9e279e6c1f012b82628b89e1b9c65dbefa8ca25a",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
},
{
"lessThan": "1bd712de96ad7167fe0d608e706cd60587579f16",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
},
{
"lessThan": "9a22b2812393d93d84358a760c347c21939029a6",
"status": "affected",
"version": "bfde23ce200e6d33291d29b9b8b60cc2f30f0805",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: use integer wrap around to prevent deadlock on seq_nr overflow\n\nWhen submitting more than 2^32 padata objects to padata_do_serial, the\ncurrent sorting implementation incorrectly sorts padata objects with\noverflowed seq_nr, causing them to be placed before existing objects in\nthe reorder list. This leads to a deadlock in the serialization process\nas padata_find_next cannot match padata-\u003eseq_nr and pd-\u003eprocessed\nbecause the padata instance with overflowed seq_nr will be selected\nnext.\n\nTo fix this, we use an unsigned integer wrap around to correctly sort\npadata objects in scenarios with integer overflow."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:49.107Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46c4079460f4dcaf445860679558eedef4e1bc91"
},
{
"url": "https://git.kernel.org/stable/c/72164d5b648951684b1a593996b37a6083c61d7d"
},
{
"url": "https://git.kernel.org/stable/c/ab205e1c3846326f162180e56825b4ba38ce9c30"
},
{
"url": "https://git.kernel.org/stable/c/1b8cf11b3ca593a8802a51802cd0c28c38501428"
},
{
"url": "https://git.kernel.org/stable/c/9e279e6c1f012b82628b89e1b9c65dbefa8ca25a"
},
{
"url": "https://git.kernel.org/stable/c/1bd712de96ad7167fe0d608e706cd60587579f16"
},
{
"url": "https://git.kernel.org/stable/c/9a22b2812393d93d84358a760c347c21939029a6"
}
],
"title": "padata: use integer wrap around to prevent deadlock on seq_nr overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47739",
"datePublished": "2024-10-21T12:14:08.495Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2026-05-11T20:39:49.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47740 (GCVE-0-2024-47740)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:39
VLAI
EPSS
Title
f2fs: Require FMODE_WRITE for atomic write ioctls
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: Require FMODE_WRITE for atomic write ioctls
The F2FS ioctls for starting and committing atomic writes check for
inode_owner_or_capable(), but this does not give LSMs like SELinux or
Landlock an opportunity to deny the write access - if the caller's FSUID
matches the inode's UID, inode_owner_or_capable() immediately returns true.
There are scenarios where LSMs want to deny a process the ability to write
particular files, even files that the FSUID of the process owns; but this
can currently partially be bypassed using atomic write ioctls in two ways:
- F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can
truncate an inode to size 0
- F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert
changes another process concurrently made to a file
Fix it by requiring FMODE_WRITE for these operations, just like for
F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these
ioctls when intending to write into the file, that seems unlikely to break
anything.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
88b88a66797159949cec32eaab12b4968f6fae2d , < 700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653
(git)
Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 4ce87674c3a6b4d3b3d45f85b584ab8618a3cece (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 000bab8753ae29a259feb339b99ee759795a48ac (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 88ff021e1fea2d9b40b2d5efd9013c89f7be04ac (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 32f348ecc149e9ca70a1c424ae8fa9b6919d2713 (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 5e0de753bfe87768ebe6744d869caa92f35e5731 (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < f3bfac2cabf5333506b263bc0c8497c95302f32d (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 4583290898c13c2c2e5eb8773886d153c2c5121d (git) Affected: 88b88a66797159949cec32eaab12b4968f6fae2d , < 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e (git) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:19.414286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:36.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "4ce87674c3a6b4d3b3d45f85b584ab8618a3cece",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "000bab8753ae29a259feb339b99ee759795a48ac",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "88ff021e1fea2d9b40b2d5efd9013c89f7be04ac",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "32f348ecc149e9ca70a1c424ae8fa9b6919d2713",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "5e0de753bfe87768ebe6744d869caa92f35e5731",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "f3bfac2cabf5333506b263bc0c8497c95302f32d",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "4583290898c13c2c2e5eb8773886d153c2c5121d",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
},
{
"lessThan": "4f5a100f87f32cb65d4bb1ad282a08c92f6f591e",
"status": "affected",
"version": "88b88a66797159949cec32eaab12b4968f6fae2d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: Require FMODE_WRITE for atomic write ioctls\n\nThe F2FS ioctls for starting and committing atomic writes check for\ninode_owner_or_capable(), but this does not give LSMs like SELinux or\nLandlock an opportunity to deny the write access - if the caller\u0027s FSUID\nmatches the inode\u0027s UID, inode_owner_or_capable() immediately returns true.\n\nThere are scenarios where LSMs want to deny a process the ability to write\nparticular files, even files that the FSUID of the process owns; but this\ncan currently partially be bypassed using atomic write ioctls in two ways:\n\n - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can\n truncate an inode to size 0\n - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert\n changes another process concurrently made to a file\n\nFix it by requiring FMODE_WRITE for these operations, just like for\nF2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these\nioctls when intending to write into the file, that seems unlikely to break\nanything."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:50.226Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653"
},
{
"url": "https://git.kernel.org/stable/c/4ce87674c3a6b4d3b3d45f85b584ab8618a3cece"
},
{
"url": "https://git.kernel.org/stable/c/000bab8753ae29a259feb339b99ee759795a48ac"
},
{
"url": "https://git.kernel.org/stable/c/88ff021e1fea2d9b40b2d5efd9013c89f7be04ac"
},
{
"url": "https://git.kernel.org/stable/c/32f348ecc149e9ca70a1c424ae8fa9b6919d2713"
},
{
"url": "https://git.kernel.org/stable/c/5e0de753bfe87768ebe6744d869caa92f35e5731"
},
{
"url": "https://git.kernel.org/stable/c/f3bfac2cabf5333506b263bc0c8497c95302f32d"
},
{
"url": "https://git.kernel.org/stable/c/4583290898c13c2c2e5eb8773886d153c2c5121d"
},
{
"url": "https://git.kernel.org/stable/c/4f5a100f87f32cb65d4bb1ad282a08c92f6f591e"
}
],
"title": "f2fs: Require FMODE_WRITE for atomic write ioctls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47740",
"datePublished": "2024-10-21T12:14:09.171Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2026-05-11T20:39:50.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47742 (GCVE-0-2024-47742)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:39
VLAI
EPSS
Title
firmware_loader: Block path traversal
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal
Most firmware names are hardcoded strings, or are constructed from fairly
constrained format strings where the dynamic parts are just some hex
numbers or such.
However, there are a couple codepaths in the kernel where firmware file
names contain string components that are passed through from a device or
semi-privileged userspace; the ones I could find (not counting interfaces
that require root privileges) are:
- lpfc_sli4_request_firmware_update() seems to construct the firmware
filename from "ModelName", a string that was previously parsed out of
some descriptor ("Vital Product Data") in lpfc_fill_vpd()
- nfp_net_fw_find() seems to construct a firmware filename from a model
name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I
think parses some descriptor that was read from the device.
(But this case likely isn't exploitable because the format string looks
like "netronome/nic_%s", and there shouldn't be any *folders* starting
with "netronome/nic_". The previous case was different because there,
the "%s" is *at the start* of the format string.)
- module_flash_fw_schedule() is reachable from the
ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as
GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is
enough to pass the privilege check), and takes a userspace-provided
firmware name.
(But I think to reach this case, you need to have CAP_NET_ADMIN over a
network namespace that a special kind of ethernet device is mapped into,
so I think this is not a viable attack path in practice.)
Fix it by rejecting any firmware names containing ".." path components.
For what it's worth, I went looking and haven't found any USB device
drivers that use the firmware loader dangerously.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
abb139e75c2cdbb955e840d6331cb5863e409d0e , < d1768e5535d3ded59f888637016e6f821f4e069f
(git)
Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 9b1ca33ebd05b3acef5b976c04e5e791af93ce1b (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < c30558e6c5c9ad6c86459d9acce1520ceeab9ea6 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < a77fc4acfd49fc6076e565445b2bc5fdc3244da4 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 3d2411f4edcb649eaf232160db459bb4770b5251 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 7420c1bf7fc784e587b87329cc6dfa3dca537aa4 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 6c4e13fdfcab34811c3143a0a03c05fec4e870ec (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < f0e5311aa8022107d63c54e2f03684ec097d1394 (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:04.060717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:38.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/firmware_loader/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1768e5535d3ded59f888637016e6f821f4e069f",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "9b1ca33ebd05b3acef5b976c04e5e791af93ce1b",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "c30558e6c5c9ad6c86459d9acce1520ceeab9ea6",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "a77fc4acfd49fc6076e565445b2bc5fdc3244da4",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "3d2411f4edcb649eaf232160db459bb4770b5251",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "7420c1bf7fc784e587b87329cc6dfa3dca537aa4",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "6c4e13fdfcab34811c3143a0a03c05fec4e870ec",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "f0e5311aa8022107d63c54e2f03684ec097d1394",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/firmware_loader/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf-\u003ehwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn\u0027t exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn\u0027t be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it\u0027s worth, I went looking and haven\u0027t found any USB device\ndrivers that use the firmware loader dangerously."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:52.617Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1768e5535d3ded59f888637016e6f821f4e069f"
},
{
"url": "https://git.kernel.org/stable/c/9b1ca33ebd05b3acef5b976c04e5e791af93ce1b"
},
{
"url": "https://git.kernel.org/stable/c/c30558e6c5c9ad6c86459d9acce1520ceeab9ea6"
},
{
"url": "https://git.kernel.org/stable/c/a77fc4acfd49fc6076e565445b2bc5fdc3244da4"
},
{
"url": "https://git.kernel.org/stable/c/3d2411f4edcb649eaf232160db459bb4770b5251"
},
{
"url": "https://git.kernel.org/stable/c/7420c1bf7fc784e587b87329cc6dfa3dca537aa4"
},
{
"url": "https://git.kernel.org/stable/c/28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb"
},
{
"url": "https://git.kernel.org/stable/c/6c4e13fdfcab34811c3143a0a03c05fec4e870ec"
},
{
"url": "https://git.kernel.org/stable/c/f0e5311aa8022107d63c54e2f03684ec097d1394"
}
],
"title": "firmware_loader: Block path traversal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47742",
"datePublished": "2024-10-21T12:14:10.499Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2026-05-11T20:39:52.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47747 (GCVE-0-2024-47747)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-12 11:58
VLAI
EPSS
Title
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
In the ether3_probe function, a timer is initialized with a callback
function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is
started, there is a risk of a race condition if the module or device
is removed, triggering the ether3_remove function to perform cleanup.
The sequence of operations that may lead to a UAF bug is as follows:
CPU0 CPU1
| ether3_ledoff
ether3_remove |
free_netdev(dev); |
put_devic |
kfree(dev); |
| ether3_outw(priv(dev)->regs.config2 |= CFG2_CTRLO, REG_CONFIG2);
| // use dev
Fix it by ensuring that the timer is canceled before proceeding with
the cleanup in ether3_remove.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
12 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 25d559ed2beec9b34045886100dac46d1ad92eba
(git)
Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 338a0582b28e69460df03af50e938b86b4206353 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 822c7bb1f6f8b0331e8d1927151faf8db3b33afd (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 1c57d61a43293252ad732007c7070fdb112545fd (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < d2abc379071881798d20e2ac1d332ad855ae22f3 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 516dbc6d16637430808c39568cbb6b841d32b55b (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 77a77331cef0a219b8dd91361435eeef04cb741c (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < b5109b60ee4fcb2f2bb24f589575e10cc5283ad4 (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:25.330423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:41.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:58:50.849Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/seeq/ether3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25d559ed2beec9b34045886100dac46d1ad92eba",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "338a0582b28e69460df03af50e938b86b4206353",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "822c7bb1f6f8b0331e8d1927151faf8db3b33afd",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "1c57d61a43293252ad732007c7070fdb112545fd",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "d2abc379071881798d20e2ac1d332ad855ae22f3",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "516dbc6d16637430808c39568cbb6b841d32b55b",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "77a77331cef0a219b8dd91361435eeef04cb741c",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "b5109b60ee4fcb2f2bb24f589575e10cc5283ad4",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/seeq/ether3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | ether3_ledoff\nether3_remove |\n free_netdev(dev); |\n put_devic |\n kfree(dev); |\n | ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:58.607Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25d559ed2beec9b34045886100dac46d1ad92eba"
},
{
"url": "https://git.kernel.org/stable/c/b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9"
},
{
"url": "https://git.kernel.org/stable/c/338a0582b28e69460df03af50e938b86b4206353"
},
{
"url": "https://git.kernel.org/stable/c/822c7bb1f6f8b0331e8d1927151faf8db3b33afd"
},
{
"url": "https://git.kernel.org/stable/c/1c57d61a43293252ad732007c7070fdb112545fd"
},
{
"url": "https://git.kernel.org/stable/c/d2abc379071881798d20e2ac1d332ad855ae22f3"
},
{
"url": "https://git.kernel.org/stable/c/516dbc6d16637430808c39568cbb6b841d32b55b"
},
{
"url": "https://git.kernel.org/stable/c/77a77331cef0a219b8dd91361435eeef04cb741c"
},
{
"url": "https://git.kernel.org/stable/c/b5109b60ee4fcb2f2bb24f589575e10cc5283ad4"
}
],
"title": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47747",
"datePublished": "2024-10-21T12:14:13.783Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2026-05-12T11:58:50.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47748 (GCVE-0-2024-47748)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:39
VLAI
EPSS
Title
vhost_vdpa: assign irq bypass producer token correctly
Summary
In the Linux kernel, the following vulnerability has been resolved:
vhost_vdpa: assign irq bypass producer token correctly
We used to call irq_bypass_unregister_producer() in
vhost_vdpa_setup_vq_irq() which is problematic as we don't know if the
token pointer is still valid or not.
Actually, we use the eventfd_ctx as the token so the life cycle of the
token should be bound to the VHOST_SET_VRING_CALL instead of
vhost_vdpa_setup_vq_irq() which could be called by set_status().
Fixing this by setting up irq bypass producer's token when handling
VHOST_SET_VRING_CALL and un-registering the producer before calling
vhost_vring_ioctl() to prevent a possible use after free as eventfd
could have been released in vhost_vring_ioctl(). And such registering
and unregistering will only be done if DRIVER_OK is set.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0
(git)
Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 927a2580208e0f9b0b47b08f1c802b7233a7ba3c (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < ec5f1b54ceb23475049ada6e7a43452cf4df88d1 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < ca64edd7ae93402af2596a952e0d94d545e2b9c0 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < fae9b1776f53aab93ab345bdbf653b991aed717d (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 7cf2fb51175cafe01df8c43fa15a06194a59c6e2 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 02e9e9366fefe461719da5d173385b6685f70319 (git) |
|
| Linux | Linux |
Affected:
5.9
Unaffected: 0 , < 5.9 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:17.248658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:42.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "927a2580208e0f9b0b47b08f1c802b7233a7ba3c",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "ec5f1b54ceb23475049ada6e7a43452cf4df88d1",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "ca64edd7ae93402af2596a952e0d94d545e2b9c0",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "fae9b1776f53aab93ab345bdbf653b991aed717d",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "7cf2fb51175cafe01df8c43fa15a06194a59c6e2",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "02e9e9366fefe461719da5d173385b6685f70319",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: assign irq bypass producer token correctly\n\nWe used to call irq_bypass_unregister_producer() in\nvhost_vdpa_setup_vq_irq() which is problematic as we don\u0027t know if the\ntoken pointer is still valid or not.\n\nActually, we use the eventfd_ctx as the token so the life cycle of the\ntoken should be bound to the VHOST_SET_VRING_CALL instead of\nvhost_vdpa_setup_vq_irq() which could be called by set_status().\n\nFixing this by setting up irq bypass producer\u0027s token when handling\nVHOST_SET_VRING_CALL and un-registering the producer before calling\nvhost_vring_ioctl() to prevent a possible use after free as eventfd\ncould have been released in vhost_vring_ioctl(). And such registering\nand unregistering will only be done if DRIVER_OK is set."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:39:59.727Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0"
},
{
"url": "https://git.kernel.org/stable/c/927a2580208e0f9b0b47b08f1c802b7233a7ba3c"
},
{
"url": "https://git.kernel.org/stable/c/ec5f1b54ceb23475049ada6e7a43452cf4df88d1"
},
{
"url": "https://git.kernel.org/stable/c/ca64edd7ae93402af2596a952e0d94d545e2b9c0"
},
{
"url": "https://git.kernel.org/stable/c/fae9b1776f53aab93ab345bdbf653b991aed717d"
},
{
"url": "https://git.kernel.org/stable/c/7cf2fb51175cafe01df8c43fa15a06194a59c6e2"
},
{
"url": "https://git.kernel.org/stable/c/02e9e9366fefe461719da5d173385b6685f70319"
}
],
"title": "vhost_vdpa: assign irq bypass producer token correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47748",
"datePublished": "2024-10-21T12:14:14.448Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2026-05-11T20:39:59.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47749 (GCVE-0-2024-47749)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:40
VLAI
EPSS
Title
RDMA/cxgb4: Added NULL check for lookup_atid
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid
The lookup_atid() function can return NULL if the ATID is
invalid or does not exist in the identifier table, which
could lead to dereferencing a null pointer without a
check in the `act_establish()` and `act_open_rpl()` functions.
Add a NULL check to prevent null pointer dereferencing.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cfdda9d764362ab77b11a410bb928400e6520d57 , < b12e25d91c7f97958341538c7dc63ee49d01548f
(git)
Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 4e1fe68d695af367506ea3c794c5969630f21697 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < dd598ac57dcae796cb58551074660c39b43fb155 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < b11318dc8a1ec565300bb1a9073095af817cc508 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 39cb9f39913566ec5865581135f3e8123ad1aee1 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 0d50ae281a1712b9b2ca72830a96b8f11882358d (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 54aaa3ed40972511e423b604324b881425b9ff1e (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < b9c94c8ba5a713817cffd74c4bacc05187469624 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < e766e6a92410ca269161de059fff0843b8ddd65f (git) |
|
| Linux | Linux |
Affected:
2.6.35
Unaffected: 0 , < 2.6.35 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:09.975914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:44.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/cxgb4/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b12e25d91c7f97958341538c7dc63ee49d01548f",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "4e1fe68d695af367506ea3c794c5969630f21697",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "dd598ac57dcae796cb58551074660c39b43fb155",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "b11318dc8a1ec565300bb1a9073095af817cc508",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "39cb9f39913566ec5865581135f3e8123ad1aee1",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "0d50ae281a1712b9b2ca72830a96b8f11882358d",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "54aaa3ed40972511e423b604324b881425b9ff1e",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "b9c94c8ba5a713817cffd74c4bacc05187469624",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "e766e6a92410ca269161de059fff0843b8ddd65f",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/cxgb4/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:40:01.025Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f"
},
{
"url": "https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697"
},
{
"url": "https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155"
},
{
"url": "https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508"
},
{
"url": "https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1"
},
{
"url": "https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d"
},
{
"url": "https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e"
},
{
"url": "https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624"
},
{
"url": "https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f"
}
],
"title": "RDMA/cxgb4: Added NULL check for lookup_atid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47749",
"datePublished": "2024-10-21T12:14:15.126Z",
"dateReserved": "2024-09-30T16:00:12.961Z",
"dateUpdated": "2026-05-11T20:40:01.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47756 (GCVE-0-2024-47756)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-23 15:53
VLAI
EPSS
Title
PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
This code accidentally uses && where || was intended. It potentially
results in a NULL dereference.
Thus, fix the if-statement expression to use the correct condition.
[kwilczynski: commit log]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cfb006e185f64edbbdf7869eac352442bc76b8f6 , < 9c9afc3e75069fcfb067727973242cfbf00dd7eb
(git)
Affected: ebbdbbc580c1695dec283d0ba6448729dc993246 , < c289903b7a216df5ea6e1850ddf1b958eea9921d (git) Affected: 135843c351c08df72bdd4b4ebea53c8052a76881 , < dc5aeba07395c8dfa29bb878c8ce4d5180427221 (git) Affected: af218c803fe298ddf00abef331aa526b20d7ea61 , < 23838bef2adb714ec37b2d6141dccf4a3a70bdef (git) Affected: 576d0fb6f8d4bd4695e70eee173a1b9c7bae9572 , < e85ab507882db165c10a858d7f685a0a38f0312e (git) Affected: dd47051c76c8acd8cb983f01b4d1265da29cb66a , < 72210e52e19a27f615e0b5273d2bf012d0dc318d (git) Affected: 86f271f22bbb6391410a07e08d6ca3757fda01fa , < 2171c5cb2fbc3e03af7e8116cd58736c09328655 (git) Affected: 86f271f22bbb6391410a07e08d6ca3757fda01fa , < 6188a1c762eb9bbd444f47696eda77a5eae6207a (git) Affected: 5.4.284 , < 5.4.285 (semver) Affected: 5.10.226 , < 5.10.227 (semver) Affected: 5.15.167 , < 5.15.168 (semver) Affected: 6.1.110 , < 6.1.113 (semver) Affected: 6.6.51 , < 6.6.54 (semver) Affected: 6.10.10 , < 6.10.13 (semver) |
|
| Linux | Linux |
Affected:
6.11
Unaffected: 0 , < 6.11 (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:57:17.860429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:12.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:48.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/dwc/pci-keystone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9c9afc3e75069fcfb067727973242cfbf00dd7eb",
"status": "affected",
"version": "cfb006e185f64edbbdf7869eac352442bc76b8f6",
"versionType": "git"
},
{
"lessThan": "c289903b7a216df5ea6e1850ddf1b958eea9921d",
"status": "affected",
"version": "ebbdbbc580c1695dec283d0ba6448729dc993246",
"versionType": "git"
},
{
"lessThan": "dc5aeba07395c8dfa29bb878c8ce4d5180427221",
"status": "affected",
"version": "135843c351c08df72bdd4b4ebea53c8052a76881",
"versionType": "git"
},
{
"lessThan": "23838bef2adb714ec37b2d6141dccf4a3a70bdef",
"status": "affected",
"version": "af218c803fe298ddf00abef331aa526b20d7ea61",
"versionType": "git"
},
{
"lessThan": "e85ab507882db165c10a858d7f685a0a38f0312e",
"status": "affected",
"version": "576d0fb6f8d4bd4695e70eee173a1b9c7bae9572",
"versionType": "git"
},
{
"lessThan": "72210e52e19a27f615e0b5273d2bf012d0dc318d",
"status": "affected",
"version": "dd47051c76c8acd8cb983f01b4d1265da29cb66a",
"versionType": "git"
},
{
"lessThan": "2171c5cb2fbc3e03af7e8116cd58736c09328655",
"status": "affected",
"version": "86f271f22bbb6391410a07e08d6ca3757fda01fa",
"versionType": "git"
},
{
"lessThan": "6188a1c762eb9bbd444f47696eda77a5eae6207a",
"status": "affected",
"version": "86f271f22bbb6391410a07e08d6ca3757fda01fa",
"versionType": "git"
},
{
"lessThan": "5.4.285",
"status": "affected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThan": "5.10.227",
"status": "affected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThan": "5.15.168",
"status": "affected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThan": "6.1.113",
"status": "affected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThan": "6.6.54",
"status": "affected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThan": "6.10.13",
"status": "affected",
"version": "6.10.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/dwc/pci-keystone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.6.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.10.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix if-statement expression in ks_pcie_quirk()\n\nThis code accidentally uses \u0026\u0026 where || was intended. It potentially\nresults in a NULL dereference.\n\nThus, fix the if-statement expression to use the correct condition.\n\n[kwilczynski: commit log]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:53:53.217Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9c9afc3e75069fcfb067727973242cfbf00dd7eb"
},
{
"url": "https://git.kernel.org/stable/c/c289903b7a216df5ea6e1850ddf1b958eea9921d"
},
{
"url": "https://git.kernel.org/stable/c/dc5aeba07395c8dfa29bb878c8ce4d5180427221"
},
{
"url": "https://git.kernel.org/stable/c/23838bef2adb714ec37b2d6141dccf4a3a70bdef"
},
{
"url": "https://git.kernel.org/stable/c/e85ab507882db165c10a858d7f685a0a38f0312e"
},
{
"url": "https://git.kernel.org/stable/c/72210e52e19a27f615e0b5273d2bf012d0dc318d"
},
{
"url": "https://git.kernel.org/stable/c/2171c5cb2fbc3e03af7e8116cd58736c09328655"
},
{
"url": "https://git.kernel.org/stable/c/6188a1c762eb9bbd444f47696eda77a5eae6207a"
}
],
"title": "PCI: keystone: Fix if-statement expression in ks_pcie_quirk()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47756",
"datePublished": "2024-10-21T12:14:19.768Z",
"dateReserved": "2024-09-30T16:00:12.962Z",
"dateUpdated": "2026-05-23T15:53:53.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47757 (GCVE-0-2024-47757)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:40
VLAI
EPSS
Title
nilfs2: fix potential oob read in nilfs_btree_check_delete()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
The function nilfs_btree_check_delete(), which checks whether degeneration
to direct mapping occurs before deleting a b-tree entry, causes memory
access outside the block buffer when retrieving the maximum key if the
root node has no entries.
This does not usually happen because b-tree mappings with 0 child nodes
are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen
if the b-tree root node read from a device is configured that way, so fix
this potential issue by adding a check for that case.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
17c76b0104e4a6513983777e1a17e0297a12b0c4 , < f3a9859767c7aea758976f5523903d247e585129
(git)
Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < ed76d381dae125b81d09934e365391a656249da8 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < d20674f31626e0596ae4c1d9401dfb6739b81b58 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < c4f8554996e8ada3be872dfb8f60e93bcf15fb27 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < a8abfda768b9f33630cfbc4af6c4214f1e5681b0 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < 257f9e5185eb6de83377caea686c306e22e871f2 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < a33e967b681e088a125b979975c93e3453e686cd (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < c4cbcc64bb31e67e02940ce060cc77f7180564cf (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < f9c96351aa6718b42a9f42eaf7adce0356bdb5e8 (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:57:10.388189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:12.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:50.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f3a9859767c7aea758976f5523903d247e585129",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "ed76d381dae125b81d09934e365391a656249da8",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "d20674f31626e0596ae4c1d9401dfb6739b81b58",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "c4f8554996e8ada3be872dfb8f60e93bcf15fb27",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "a8abfda768b9f33630cfbc4af6c4214f1e5681b0",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "257f9e5185eb6de83377caea686c306e22e871f2",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "a33e967b681e088a125b979975c93e3453e686cd",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "c4cbcc64bb31e67e02940ce060cc77f7180564cf",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "f9c96351aa6718b42a9f42eaf7adce0356bdb5e8",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:40:11.645Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129"
},
{
"url": "https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8"
},
{
"url": "https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58"
},
{
"url": "https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27"
},
{
"url": "https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0"
},
{
"url": "https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2"
},
{
"url": "https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd"
},
{
"url": "https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf"
},
{
"url": "https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8"
}
],
"title": "nilfs2: fix potential oob read in nilfs_btree_check_delete()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47757",
"datePublished": "2024-10-21T12:14:20.419Z",
"dateReserved": "2024-09-30T16:00:12.962Z",
"dateUpdated": "2026-05-11T20:40:11.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…