Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0387
Vulnerability from certfr_avis - Published: 2025-05-09 - Updated: 2025-05-09
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à l'intégrité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2023-52664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52664"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-56653",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56653"
},
{
"name": "CVE-2025-21813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21813"
},
{
"name": "CVE-2023-52927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52927"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2024-36934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36934"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2023-52741",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52741"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2025-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21953"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-26915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26915"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2025-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21971"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2021-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47219"
},
{
"name": "CVE-2024-36015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36015"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2022-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2021-47191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47191"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2024-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26996"
},
{
"name": "CVE-2021-47163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47163"
},
{
"name": "CVE-2025-21701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"name": "CVE-2021-47150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47150"
},
{
"name": "CVE-2024-26689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26689"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2025-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21703"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2025-21902",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21902"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
}
],
"initial_release_date": "2025-05-09T00:00:00",
"last_revision_date": "2025-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0387",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-05-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7475-1",
"url": "https://ubuntu.com/security/notices/USN-7475-1"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7500-1",
"url": "https://ubuntu.com/security/notices/USN-7500-1"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7495-2",
"url": "https://ubuntu.com/security/notices/USN-7495-2"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7491-1",
"url": "https://ubuntu.com/security/notices/USN-7491-1"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7500-2",
"url": "https://ubuntu.com/security/notices/USN-7500-2"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7496-4",
"url": "https://ubuntu.com/security/notices/USN-7496-4"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7489-1",
"url": "https://ubuntu.com/security/notices/USN-7489-1"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7496-5",
"url": "https://ubuntu.com/security/notices/USN-7496-5"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7492-2",
"url": "https://ubuntu.com/security/notices/USN-7492-2"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7494-5",
"url": "https://ubuntu.com/security/notices/USN-7494-5"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7494-2",
"url": "https://ubuntu.com/security/notices/USN-7494-2"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7496-3",
"url": "https://ubuntu.com/security/notices/USN-7496-3"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7492-1",
"url": "https://ubuntu.com/security/notices/USN-7492-1"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7495-1",
"url": "https://ubuntu.com/security/notices/USN-7495-1"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7493-1",
"url": "https://ubuntu.com/security/notices/USN-7493-1"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7494-3",
"url": "https://ubuntu.com/security/notices/USN-7494-3"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7498-1",
"url": "https://ubuntu.com/security/notices/USN-7498-1"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7499-1",
"url": "https://ubuntu.com/security/notices/USN-7499-1"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7489-2",
"url": "https://ubuntu.com/security/notices/USN-7489-2"
},
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7494-1",
"url": "https://ubuntu.com/security/notices/USN-7494-1"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7494-4",
"url": "https://ubuntu.com/security/notices/USN-7494-4"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7495-3",
"url": "https://ubuntu.com/security/notices/USN-7495-3"
},
{
"published_at": "2025-05-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7461-3",
"url": "https://ubuntu.com/security/notices/USN-7461-3"
}
]
}
CVE-2024-46771 (GCVE-0-2024-46771)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-05-11 20:36
VLAI
EPSS
Title
can: bcm: Remove proc entry when dev is unregistered.
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Remove proc entry when dev is unregistered.
syzkaller reported a warning in bcm_connect() below. [0]
The repro calls connect() to vxcan1, removes vxcan1, and calls
connect() with ifindex == 0.
Calling connect() for a BCM socket allocates a proc entry.
Then, bcm_sk(sk)->bound is set to 1 to prevent further connect().
However, removing the bound device resets bcm_sk(sk)->bound to 0
in bcm_notify().
The 2nd connect() tries to allocate a proc entry with the same
name and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the
original proc entry.
Since the proc entry is available only for connect()ed sockets,
let's clean up the entry when the bound netdev is unregistered.
[0]:
proc_dir_entry 'can-bcm/2456' already registered
WARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375
Modules linked in:
CPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
RIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375
Code: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48
RSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246
RAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0
R10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec
FS: 00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220
bcm_connect+0x472/0x840 net/can/bcm.c:1673
__sys_connect_file net/socket.c:2049 [inline]
__sys_connect+0x5d2/0x690 net/socket.c:2066
__do_sys_connect net/socket.c:2076 [inline]
__se_sys_connect net/socket.c:2073 [inline]
__x64_sys_connect+0x8f/0x100 net/socket.c:2073
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7fbd708b0e5d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d
RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040
R10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098
R13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000
</TASK>
remove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/5c680022c4e28ba18… | |
| https://git.kernel.org/stable/c/33ed4ba73caae39f3… | |
| https://git.kernel.org/stable/c/aec92dbebdbec7567… | |
| https://git.kernel.org/stable/c/10bfacbd5e8d82101… | |
| https://git.kernel.org/stable/c/3b39dc2901aa7a679… | |
| https://git.kernel.org/stable/c/4377b79323df62eb5… | |
| https://git.kernel.org/stable/c/abb0a615569ec008e… | |
| https://git.kernel.org/stable/c/76fe372ccb81b0c89… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 5c680022c4e28ba18ea500f3e29f0428271afa92
(git)
Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 33ed4ba73caae39f34ab874ba79138badc2c65dd (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < aec92dbebdbec7567d9f56d7c9296a572b8fd849 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 10bfacbd5e8d821011d857bee73310457c9c989a (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 3b39dc2901aa7a679a5ca981a3de9f8d5658afe8 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 4377b79323df62eb5d310354f19b4d130ff58d50 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < abb0a615569ec008e8a93d9f3ab2d5b418ea94d4 (git) Affected: ffd980f976e7fd666c2e61bf8ab35107efd11828 , < 76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (git) |
|
| Linux | Linux |
Affected:
2.6.25
Unaffected: 0 , < 2.6.25 (semver) Unaffected: 4.19.322 , ≤ 4.19.* (semver) Unaffected: 5.4.284 , ≤ 5.4.* (semver) Unaffected: 5.10.226 , ≤ 5.10.* (semver) Unaffected: 5.15.167 , ≤ 5.15.* (semver) Unaffected: 6.1.110 , ≤ 6.1.* (semver) Unaffected: 6.6.51 , ≤ 6.6.* (semver) Unaffected: 6.10.10 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:40:41.261064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:40:55.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:13.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/bcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c680022c4e28ba18ea500f3e29f0428271afa92",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "33ed4ba73caae39f34ab874ba79138badc2c65dd",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "aec92dbebdbec7567d9f56d7c9296a572b8fd849",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "10bfacbd5e8d821011d857bee73310457c9c989a",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "3b39dc2901aa7a679a5ca981a3de9f8d5658afe8",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "4377b79323df62eb5d310354f19b4d130ff58d50",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "abb0a615569ec008e8a93d9f3ab2d5b418ea94d4",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
},
{
"lessThan": "76fe372ccb81b0c89b6cd2fec26e2f38c958be85",
"status": "affected",
"version": "ffd980f976e7fd666c2e61bf8ab35107efd11828",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/bcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)-\u003ebound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)-\u003ebound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)-\u003ebcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet\u0027s clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry \u0027can-bcm/2456\u0027 already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 \u003c0f\u003e 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS: 00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n \u003c/TASK\u003e\nremove_proc_entry: removing non-empty directory \u0027net/can-bcm\u0027, leaking at least \u00272456\u0027"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:36:09.878Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92"
},
{
"url": "https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd"
},
{
"url": "https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849"
},
{
"url": "https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a"
},
{
"url": "https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8"
},
{
"url": "https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50"
},
{
"url": "https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4"
},
{
"url": "https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85"
}
],
"title": "can: bcm: Remove proc entry when dev is unregistered.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46771",
"datePublished": "2024-09-18T07:12:29.363Z",
"dateReserved": "2024-09-11T15:12:18.274Z",
"dateUpdated": "2026-05-11T20:36:09.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46780 (GCVE-0-2024-46780)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-05-11 20:36
VLAI
EPSS
Title
nilfs2: protect references to superblock parameters exposed in sysfs
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect references to superblock parameters exposed in sysfs
The superblock buffers of nilfs2 can not only be overwritten at runtime
for modifications/repairs, but they are also regularly swapped, replaced
during resizing, and even abandoned when degrading to one side due to
backing device issues. So, accessing them requires mutual exclusion using
the reader/writer semaphore "nilfs->ns_sem".
Some sysfs attribute show methods read this superblock buffer without the
necessary mutual exclusion, which can cause problems with pointer
dereferencing and memory access, so fix it.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/b90beafac05931cbf… | |
| https://git.kernel.org/stable/c/ba97ba173f9625d5f… | |
| https://git.kernel.org/stable/c/157c0d94b4c408873… | |
| https://git.kernel.org/stable/c/b14e7260bb691d7f5… | |
| https://git.kernel.org/stable/c/19cfeba0e4b8eda51… | |
| https://git.kernel.org/stable/c/8c6e43b3d5f109cf9… | |
| https://git.kernel.org/stable/c/962562d4c70c5cdeb… | |
| https://git.kernel.org/stable/c/683408258917541bd… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
da7141fb78db915680616e15677539fc8140cf53 , < b90beafac05931cbfcb6b1bd4f67c1923f47040e
(git)
Affected: da7141fb78db915680616e15677539fc8140cf53 , < ba97ba173f9625d5f34a986088979eae8b80d38e (git) Affected: da7141fb78db915680616e15677539fc8140cf53 , < 157c0d94b4c40887329418c70ef4edd1a8d6b4ed (git) Affected: da7141fb78db915680616e15677539fc8140cf53 , < b14e7260bb691d7f563f61da07d61e3c8b59a614 (git) Affected: da7141fb78db915680616e15677539fc8140cf53 , < 19cfeba0e4b8eda51484fcf8cf7d150418e1d880 (git) Affected: da7141fb78db915680616e15677539fc8140cf53 , < 8c6e43b3d5f109cf9c61bc188fcc8175404e924f (git) Affected: da7141fb78db915680616e15677539fc8140cf53 , < 962562d4c70c5cdeb4e955d63ff2017c4eca1aad (git) Affected: da7141fb78db915680616e15677539fc8140cf53 , < 683408258917541bdb294cd717c210a04381931e (git) |
|
| Linux | Linux |
Affected:
3.17
Unaffected: 0 , < 3.17 (semver) Unaffected: 4.19.322 , ≤ 4.19.* (semver) Unaffected: 5.4.284 , ≤ 5.4.* (semver) Unaffected: 5.10.226 , ≤ 5.10.* (semver) Unaffected: 5.15.167 , ≤ 5.15.* (semver) Unaffected: 6.1.110 , ≤ 6.1.* (semver) Unaffected: 6.6.51 , ≤ 6.6.* (semver) Unaffected: 6.10.10 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:38:16.059134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:38:30.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:20.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b90beafac05931cbfcb6b1bd4f67c1923f47040e",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "ba97ba173f9625d5f34a986088979eae8b80d38e",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "157c0d94b4c40887329418c70ef4edd1a8d6b4ed",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "b14e7260bb691d7f563f61da07d61e3c8b59a614",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "19cfeba0e4b8eda51484fcf8cf7d150418e1d880",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "8c6e43b3d5f109cf9c61bc188fcc8175404e924f",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "962562d4c70c5cdeb4e955d63ff2017c4eca1aad",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
},
{
"lessThan": "683408258917541bdb294cd717c210a04381931e",
"status": "affected",
"version": "da7141fb78db915680616e15677539fc8140cf53",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues. So, accessing them requires mutual exclusion using\nthe reader/writer semaphore \"nilfs-\u003ens_sem\".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:36:20.212Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e"
},
{
"url": "https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e"
},
{
"url": "https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed"
},
{
"url": "https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614"
},
{
"url": "https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880"
},
{
"url": "https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f"
},
{
"url": "https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad"
},
{
"url": "https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e"
}
],
"title": "nilfs2: protect references to superblock parameters exposed in sysfs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46780",
"datePublished": "2024-09-18T07:12:36.736Z",
"dateReserved": "2024-09-11T15:12:18.276Z",
"dateUpdated": "2026-05-11T20:36:20.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46826 (GCVE-0-2024-46826)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-05-11 20:37
VLAI
EPSS
Title
ELF: fix kernel.randomize_va_space double read
Summary
In the Linux kernel, the following vulnerability has been resolved:
ELF: fix kernel.randomize_va_space double read
ELF loader uses "randomize_va_space" twice. It is sysctl and can change
at any moment, so 2 loads could see 2 different values in theory with
unpredictable consequences.
Issue exactly one load for consistent value across one exec.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
32a932332c8bad842804842eaf9651ad6268e637 , < 1f81d51141a234ad0a3874b4d185dc27a521cd27
(git)
Affected: 32a932332c8bad842804842eaf9651ad6268e637 , < 53f17409abf61f66b6f05aff795e938e5ba811d1 (git) Affected: 32a932332c8bad842804842eaf9651ad6268e637 , < 1cf8cd80903073440b6ea055811d04edd24fe4f7 (git) Affected: 32a932332c8bad842804842eaf9651ad6268e637 , < 2a97388a807b6ab5538aa8f8537b2463c6988bd2 (git) |
|
| Linux | Linux |
Affected:
2.6.25
Unaffected: 0 , < 2.6.25 (semver) Unaffected: 6.1.110 , ≤ 6.1.* (semver) Unaffected: 6.6.51 , ≤ 6.6.* (semver) Unaffected: 6.10.10 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:12:53.943216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:13:04.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:13.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/binfmt_elf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f81d51141a234ad0a3874b4d185dc27a521cd27",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
},
{
"lessThan": "53f17409abf61f66b6f05aff795e938e5ba811d1",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
},
{
"lessThan": "1cf8cd80903073440b6ea055811d04edd24fe4f7",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
},
{
"lessThan": "2a97388a807b6ab5538aa8f8537b2463c6988bd2",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/binfmt_elf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses \"randomize_va_space\" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:37:18.165Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27"
},
{
"url": "https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1"
},
{
"url": "https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7"
},
{
"url": "https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2"
}
],
"title": "ELF: fix kernel.randomize_va_space double read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46826",
"datePublished": "2024-09-27T12:39:25.860Z",
"dateReserved": "2024-09-11T15:12:18.285Z",
"dateUpdated": "2026-05-11T20:37:18.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49925 (GCVE-0-2024-49925)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-06-01 16:04
VLAI
EPSS
Title
fbdev: efifb: Register sysfs groups through driver core
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: efifb: Register sysfs groups through driver core
The driver core can register and cleanup sysfs groups already.
Make use of that functionality to simplify the error handling and
cleanup.
Also avoid a UAF race during unregistering where the sysctl attributes
were usable after the info struct was freed.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/2d97b85eb5a86766a… | |
| https://git.kernel.org/stable/c/2a9c40c72097b583b… | |
| https://git.kernel.org/stable/c/36bfefb6baaa8e46d… | |
| https://git.kernel.org/stable/c/872cd2d029d2c970a… | |
| https://git.kernel.org/stable/c/4684d69b9670a8399… | |
| https://git.kernel.org/stable/c/95cdd538e0e5677ef… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
753375a881caa01112b7cec2c796749154e0bb23 , < 2d97b85eb5a86766ad0f8ea3d121e6ae144e3ed8
(git)
Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 2a9c40c72097b583b23aeb2a26d429ccfc81fbc1 (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 36bfefb6baaa8e46de44f4fd919ce4347337620f (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 872cd2d029d2c970a8a1eea88b48dab2b3f2e93a (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 4684d69b9670a83992189f6271dc0fcdec4ed0d7 (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 95cdd538e0e5677efbdf8aade04ec098ab98f457 (git) |
|
| Linux | Linux |
Affected:
4.10
Unaffected: 0 , < 4.10 (semver) Unaffected: 5.15.209 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:39:49.983687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:44.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:42:00.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/efifb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d97b85eb5a86766ad0f8ea3d121e6ae144e3ed8",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "2a9c40c72097b583b23aeb2a26d429ccfc81fbc1",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "36bfefb6baaa8e46de44f4fd919ce4347337620f",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "872cd2d029d2c970a8a1eea88b48dab2b3f2e93a",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "4684d69b9670a83992189f6271dc0fcdec4ed0d7",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "95cdd538e0e5677efbdf8aade04ec098ab98f457",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/efifb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.209",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:04:43.571Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d97b85eb5a86766ad0f8ea3d121e6ae144e3ed8"
},
{
"url": "https://git.kernel.org/stable/c/2a9c40c72097b583b23aeb2a26d429ccfc81fbc1"
},
{
"url": "https://git.kernel.org/stable/c/36bfefb6baaa8e46de44f4fd919ce4347337620f"
},
{
"url": "https://git.kernel.org/stable/c/872cd2d029d2c970a8a1eea88b48dab2b3f2e93a"
},
{
"url": "https://git.kernel.org/stable/c/4684d69b9670a83992189f6271dc0fcdec4ed0d7"
},
{
"url": "https://git.kernel.org/stable/c/95cdd538e0e5677efbdf8aade04ec098ab98f457"
}
],
"title": "fbdev: efifb: Register sysfs groups through driver core",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49925",
"datePublished": "2024-10-21T18:01:49.732Z",
"dateReserved": "2024-10-21T12:17:06.036Z",
"dateUpdated": "2026-06-01T16:04:43.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49944 (GCVE-0-2024-49944)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-12 11:59
VLAI
EPSS
Title
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
Summary
In the Linux kernel, the following vulnerability has been resolved:
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
In sctp_listen_start() invoked by sctp_inet_listen(), it should set the
sk_state back to CLOSED if sctp_autobind() fails due to whatever reason.
Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse
is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will
be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash
is NULL.
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617
Call Trace:
<TASK>
__sys_listen_socket net/socket.c:1883 [inline]
__sys_listen+0x1b7/0x230 net/socket.c:1894
__do_sys_listen net/socket.c:1902 [inline]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/89bbead9d897c77d0… | |
| https://git.kernel.org/stable/c/0e4e2e60556c6ed00… | |
| https://git.kernel.org/stable/c/dd70c8a89ef99c3d5… | |
| https://git.kernel.org/stable/c/e7a8442195e8ebd97… | |
| https://git.kernel.org/stable/c/9230a59eda0878d7e… | |
| https://git.kernel.org/stable/c/7f64cb5b4d8c87229… | |
| https://git.kernel.org/stable/c/f032e1dac30b3376c… | |
| https://git.kernel.org/stable/c/e914bf68dab88815a… | |
| https://git.kernel.org/stable/c/8beee4d8dee76b67c… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5e8f3f703ae4e4af65e2695e486b3cd198328863 , < 89bbead9d897c77d0b566349c8643030ff2abeba
(git)
Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < 0e4e2e60556c6ed00e8450b720f106a268d23062 (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < dd70c8a89ef99c3d53127fe19e51ef47c3f860fa (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < e7a8442195e8ebd97df467ce4742980ab57edcce (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < 9230a59eda0878d7ecaa901d876aec76f57bd455 (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < 7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7 (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < f032e1dac30b3376c7d6026fb01a8c403c47a80d (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5 (git) Affected: 5e8f3f703ae4e4af65e2695e486b3cd198328863 , < 8beee4d8dee76b67c75dc91fd8185d91e845c160 (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:37:19.751679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:50.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:25.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:59:06.092Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sctp/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89bbead9d897c77d0b566349c8643030ff2abeba",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "0e4e2e60556c6ed00e8450b720f106a268d23062",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "dd70c8a89ef99c3d53127fe19e51ef47c3f860fa",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "e7a8442195e8ebd97df467ce4742980ab57edcce",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "9230a59eda0878d7ecaa901d876aec76f57bd455",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "f032e1dac30b3376c7d6026fb01a8c403c47a80d",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
},
{
"lessThan": "8beee4d8dee76b67c75dc91fd8185d91e845c160",
"status": "affected",
"version": "5e8f3f703ae4e4af65e2695e486b3cd198328863",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sctp/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \u003cTASK\u003e\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:42:33.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba"
},
{
"url": "https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062"
},
{
"url": "https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa"
},
{
"url": "https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce"
},
{
"url": "https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455"
},
{
"url": "https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7"
},
{
"url": "https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d"
},
{
"url": "https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5"
},
{
"url": "https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160"
}
],
"title": "sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49944",
"datePublished": "2024-10-21T18:02:02.457Z",
"dateReserved": "2024-10-21T12:17:06.044Z",
"dateUpdated": "2026-05-12T11:59:06.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49974 (GCVE-0-2024-49974)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-11 20:43
VLAI
EPSS
Title
NFSD: Limit the number of concurrent async COPY operations
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
Nothing appears to limit the number of concurrent async COPY
operations that clients can start. In addition, AFAICT each async
COPY can copy an unlimited number of 4MB chunks, so can run for a
long time. Thus IMO async COPY can become a DoS vector.
Add a restriction mechanism that bounds the number of concurrent
background COPY operations. Start simple and try to be fair -- this
patch implements a per-namespace limit.
An async COPY request that occurs while this limit is exceeded gets
NFS4ERR_DELAY. The requesting client can choose to send the request
again after a delay or fall back to a traditional read/write style
copy.
If there is need to make the mechanism more sophisticated, we can
visit that in future patches.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/9e52ff544e0bfa09e… | |
| https://git.kernel.org/stable/c/43e46ee5efc03990b… | |
| https://git.kernel.org/stable/c/7ea9260874b779637… | |
| https://git.kernel.org/stable/c/ae267989b7b7933df… | |
| https://git.kernel.org/stable/c/b4e21431a0db4854b… | |
| https://git.kernel.org/stable/c/6a488ad7745b8f646… | |
| https://git.kernel.org/stable/c/aadc3bbea163b6caa… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 9e52ff544e0bfa09ee339fd7b0937ee3c080c24e
(git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 7ea9260874b779637aff6d24c344b8ef4ac862a0 (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < ae267989b7b7933dfedcd26468d0a88fc3a9da9e (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < b4e21431a0db4854b5023cd5af001be557e6c3db (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 6a488ad7745b8f64625c6d3a24ce7e448e83f11b (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < aadc3bbea163b6caaaebfdd2b6c4667fbc726752 (git) |
|
| Linux | Linux |
Affected:
4.20
Unaffected: 0 , < 4.20 (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.119 , ≤ 6.1.* (semver) Unaffected: 6.6.63 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:33:23.238318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:45.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:54.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/netns.h",
"fs/nfsd/nfs4proc.c",
"fs/nfsd/nfs4state.c",
"fs/nfsd/xdr4.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9e52ff544e0bfa09ee339fd7b0937ee3c080c24e",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "7ea9260874b779637aff6d24c344b8ef4ac862a0",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "ae267989b7b7933dfedcd26468d0a88fc3a9da9e",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "b4e21431a0db4854b5023cd5af001be557e6c3db",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "6a488ad7745b8f64625c6d3a24ce7e448e83f11b",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "aadc3bbea163b6caaaebfdd2b6c4667fbc726752",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/netns.h",
"fs/nfsd/nfs4proc.c",
"fs/nfsd/nfs4state.c",
"fs/nfsd/xdr4.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.63",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:43:08.284Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e"
},
{
"url": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf"
},
{
"url": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0"
},
{
"url": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e"
},
{
"url": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db"
},
{
"url": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b"
},
{
"url": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752"
}
],
"title": "NFSD: Limit the number of concurrent async COPY operations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49974",
"datePublished": "2024-10-21T18:02:22.392Z",
"dateReserved": "2024-10-21T12:17:06.052Z",
"dateUpdated": "2026-05-11T20:43:08.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50237 (GCVE-0-2024-50237)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
Avoid potentially crashing in the driver because of uninitialized private data
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/b0b862aa3dbcd16b3… | |
| https://git.kernel.org/stable/c/78b698fbf37208ee9… | |
| https://git.kernel.org/stable/c/c21efba8b5a86537c… | |
| https://git.kernel.org/stable/c/b2bcbe5450b20641f… | |
| https://git.kernel.org/stable/c/8f6cd4d5bb7406656… | |
| https://git.kernel.org/stable/c/ee35c423042c9e040… | |
| https://git.kernel.org/stable/c/3ccf525a73d48e814… | |
| https://git.kernel.org/stable/c/393b6bc174b0dd21b… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < b0b862aa3dbcd16b3c4715259a825f48ca540088
(git)
Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < 78b698fbf37208ee921ee4cedea75b5d33d6ea9f (git) Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < c21efba8b5a86537ccdf43f77536bad02f82776c (git) Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < b2bcbe5450b20641f512d6b26c6b256a5a4f847f (git) Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < 8f6cd4d5bb7406656835a90e4f1a2192607f0c21 (git) Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < ee35c423042c9e04079fdee3db545135d609d6ea (git) Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < 3ccf525a73d48e814634847f6d4a6150c6f0dffc (git) Affected: 5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 , < 393b6bc174b0dd21bb2a36c13b36e62fc3474a23 (git) |
|
| Linux | Linux |
Affected:
3.19
Unaffected: 0 , < 3.19 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.229 , ≤ 5.10.* (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:16:19.268377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:26.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:19.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b0b862aa3dbcd16b3c4715259a825f48ca540088",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "78b698fbf37208ee921ee4cedea75b5d33d6ea9f",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "c21efba8b5a86537ccdf43f77536bad02f82776c",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "b2bcbe5450b20641f512d6b26c6b256a5a4f847f",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "8f6cd4d5bb7406656835a90e4f1a2192607f0c21",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "ee35c423042c9e04079fdee3db545135d609d6ea",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "3ccf525a73d48e814634847f6d4a6150c6f0dffc",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
},
{
"lessThan": "393b6bc174b0dd21bb2a36c13b36e62fc3474a23",
"status": "affected",
"version": "5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:09.751Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b0b862aa3dbcd16b3c4715259a825f48ca540088"
},
{
"url": "https://git.kernel.org/stable/c/78b698fbf37208ee921ee4cedea75b5d33d6ea9f"
},
{
"url": "https://git.kernel.org/stable/c/c21efba8b5a86537ccdf43f77536bad02f82776c"
},
{
"url": "https://git.kernel.org/stable/c/b2bcbe5450b20641f512d6b26c6b256a5a4f847f"
},
{
"url": "https://git.kernel.org/stable/c/8f6cd4d5bb7406656835a90e4f1a2192607f0c21"
},
{
"url": "https://git.kernel.org/stable/c/ee35c423042c9e04079fdee3db545135d609d6ea"
},
{
"url": "https://git.kernel.org/stable/c/3ccf525a73d48e814634847f6d4a6150c6f0dffc"
},
{
"url": "https://git.kernel.org/stable/c/393b6bc174b0dd21bb2a36c13b36e62fc3474a23"
}
],
"title": "wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50237",
"datePublished": "2024-11-09T10:14:47.184Z",
"dateReserved": "2024-10-21T19:36:19.976Z",
"dateUpdated": "2026-05-11T20:48:09.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50248 (GCVE-0-2024-50248)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
ntfs3: Add bounds checking to mi_enum_attr()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: Add bounds checking to mi_enum_attr()
Added bounds checking to make sure that every attr don't stray beyond
valid memory region.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 386613a44b858304a88529ade2ccc1e079a5fc56
(git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 22cdf3be7d34f61a91b9e2966fec3a29f3871398 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 809f9b419c75f8042c58434d2bfe849140643e9d (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 556bdf27c2dd5c74a9caacbe524b943a6cd42d99 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:44:37.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/record.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "386613a44b858304a88529ade2ccc1e079a5fc56",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "22cdf3be7d34f61a91b9e2966fec3a29f3871398",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "809f9b419c75f8042c58434d2bfe849140643e9d",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "556bdf27c2dd5c74a9caacbe524b943a6cd42d99",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/record.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Add bounds checking to mi_enum_attr()\n\nAdded bounds checking to make sure that every attr don\u0027t stray beyond\nvalid memory region."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:22.775Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/386613a44b858304a88529ade2ccc1e079a5fc56"
},
{
"url": "https://git.kernel.org/stable/c/22cdf3be7d34f61a91b9e2966fec3a29f3871398"
},
{
"url": "https://git.kernel.org/stable/c/809f9b419c75f8042c58434d2bfe849140643e9d"
},
{
"url": "https://git.kernel.org/stable/c/556bdf27c2dd5c74a9caacbe524b943a6cd42d99"
}
],
"title": "ntfs3: Add bounds checking to mi_enum_attr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50248",
"datePublished": "2024-11-09T10:14:56.965Z",
"dateReserved": "2024-10-21T19:36:19.978Z",
"dateUpdated": "2026-05-11T20:48:22.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50256 (GCVE-0-2024-50256)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
I got a syzbot report without a repro [1] crashing in nf_send_reset6()
I think the issue is that dev->hard_header_len is zero, and we attempt
later to push an Ethernet header.
Use LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c.
[1]
skbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun
kernel BUG at net/core/skbuff.c:206 !
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]
RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216
Code: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3
RSP: 0018:ffffc900045269b0 EFLAGS: 00010282
RAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800
RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
RBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc
R10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140
R13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c
FS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
skb_push+0xe5/0x100 net/core/skbuff.c:2636
eth_header+0x38/0x1f0 net/ethernet/eth.c:83
dev_hard_header include/linux/netdevice.h:3208 [inline]
nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358
nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48
expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]
nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288
nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424
__netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562
__netif_receive_skb_one_core net/core/dev.c:5666 [inline]
__netif_receive_skb+0x12f/0x650 net/core/dev.c:5781
netif_receive_skb_internal net/core/dev.c:5867 [inline]
netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926
tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550
tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007
tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6d/0xc90 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdbeeb7d1ff
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
RSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff
RDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8
RBP: 00007fdbeebf12be R08: 0000000
---truncated---
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c8d7b98bec43faaa6583c3135030be5eb4693acb , < 4f7b586aae53c2ed820661803da8ce18b1361921
(git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < fef63832317d9d24e1214cdd8f204d02ebdf8499 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < f85b057e34419e5ec0583a65078a11ccc1d4540a (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 4ed234fe793f27a3b151c43d2106df2ff0d81aac (git) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:33.931486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:24.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:36.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f7b586aae53c2ed820661803da8ce18b1361921",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "fef63832317d9d24e1214cdd8f204d02ebdf8499",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "f85b057e34419e5ec0583a65078a11ccc1d4540a",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "4ed234fe793f27a3b151c43d2106df2ff0d81aac",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()\n\nI got a syzbot report without a repro [1] crashing in nf_send_reset6()\n\nI think the issue is that dev-\u003ehard_header_len is zero, and we attempt\nlater to push an Ethernet header.\n\nUse LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c.\n\n[1]\n\nskbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc900045269b0 EFLAGS: 00010282\nRAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800\nRDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000\nRBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc\nR10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140\nR13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c\nFS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_push+0xe5/0x100 net/core/skbuff.c:2636\n eth_header+0x38/0x1f0 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3208 [inline]\n nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358\n nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]\n br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424\n __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562\n __netif_receive_skb_one_core net/core/dev.c:5666 [inline]\n __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781\n netif_receive_skb_internal net/core/dev.c:5867 [inline]\n netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926\n tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550\n tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007\n tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053\n new_sync_write fs/read_write.c:590 [inline]\n vfs_write+0xa6d/0xc90 fs/read_write.c:683\n ksys_write+0x183/0x2b0 fs/read_write.c:736\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fdbeeb7d1ff\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48\nRSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff\nRDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8\nRBP: 00007fdbeebf12be R08: 0000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:36.108Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f7b586aae53c2ed820661803da8ce18b1361921"
},
{
"url": "https://git.kernel.org/stable/c/fef63832317d9d24e1214cdd8f204d02ebdf8499"
},
{
"url": "https://git.kernel.org/stable/c/f85b057e34419e5ec0583a65078a11ccc1d4540a"
},
{
"url": "https://git.kernel.org/stable/c/4ed234fe793f27a3b151c43d2106df2ff0d81aac"
}
],
"title": "netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50256",
"datePublished": "2024-11-09T10:15:09.551Z",
"dateReserved": "2024-10-21T19:36:19.980Z",
"dateUpdated": "2026-05-11T20:48:36.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50296 (GCVE-0-2024-50296)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-23 15:55
VLAI
EPSS
Title
net: hns3: fix kernel crash when uninstalling driver
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix kernel crash when uninstalling driver
When the driver is uninstalled and the VF is disabled concurrently, a
kernel crash occurs. The reason is that the two actions call function
pci_disable_sriov(). The num_VFs is checked to determine whether to
release the corresponding resources. During the second calling, num_VFs
is not 0 and the resource release function is called. However, the
corresponding resource has been released during the first invoking.
Therefore, the problem occurs:
[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
...
[15278.131557][T50670] Call trace:
[15278.134686][T50670] klist_put+0x28/0x12c
[15278.138682][T50670] klist_del+0x14/0x20
[15278.142592][T50670] device_del+0xbc/0x3c0
[15278.146676][T50670] pci_remove_bus_device+0x84/0x120
[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80
[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c
[15278.162485][T50670] sriov_disable+0x50/0x11c
[15278.166829][T50670] pci_disable_sriov+0x24/0x30
[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]
[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]
[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230
[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30
[15278.193848][T50670] invoke_syscall+0x50/0x11c
[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164
[15278.203837][T50670] do_el0_svc+0x34/0xcc
[15278.207834][T50670] el0_svc+0x20/0x30
For details, see the following figure.
rmmod hclge disable VFs
----------------------------------------------------
hclge_exit() sriov_numvfs_store()
... device_lock()
pci_disable_sriov() hns3_pci_sriov_configure()
pci_disable_sriov()
sriov_disable()
sriov_disable() if !num_VFs :
if !num_VFs : return;
return; sriov_del_vfs()
sriov_del_vfs() ...
... klist_put()
klist_put() ...
... num_VFs = 0;
num_VFs = 0; device_unlock();
In this patch, when driver is removing, we get the device_lock()
to protect num_VFs, just like sriov_numvfs_store().
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/a0df055775f30850c… | |
| https://git.kernel.org/stable/c/7ae4e56de7dbd0999… | |
| https://git.kernel.org/stable/c/590a4b2d4e0b73586… | |
| https://git.kernel.org/stable/c/e36482b222e00cc7a… | |
| https://git.kernel.org/stable/c/76b155e14d9b182ce… | |
| https://git.kernel.org/stable/c/719edd9f3372ce7fb… | |
| https://git.kernel.org/stable/c/b5c94e4d947d15d52… | |
| https://git.kernel.org/stable/c/df3dff8ab6d79edc9… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b06ad258e01389ca3ff13bc180f3fcd6a608f1cd , < a0df055775f30850c0da8f7dab40d67c0fd63908
(git)
Affected: c4b64011e458aa2b246cd4e42012cfd83d2d9a5c , < 7ae4e56de7dbd0999578246a536cf52a63f4056d (git) Affected: d36b15e3e7b5937cb1f6ac590a85facc3a320642 , < 590a4b2d4e0b73586e88bce9b8135b593355ec09 (git) Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < e36482b222e00cc7aeeea772fc0cf2943590bc4d (git) Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < 76b155e14d9b182ce83d32ada2d0d7219ea8c8dd (git) Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < 719edd9f3372ce7fb3b157647c6658672946874b (git) Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < b5c94e4d947d15d521e935ff10c5a22a7883dea5 (git) Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < df3dff8ab6d79edc942464999d06fbaedf8cdd18 (git) Affected: 9b5a29f0acefa3eb1dbe2fa302b393eeff64d933 (git) Affected: 4.19.214 , < 4.19.324 (semver) Affected: 5.4.156 , < 5.4.286 (semver) Affected: 5.10.76 , < 5.10.230 (semver) Affected: 5.14.15 , < 5.15 (semver) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:14:08.140052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:20.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:15.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hnae3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0df055775f30850c0da8f7dab40d67c0fd63908",
"status": "affected",
"version": "b06ad258e01389ca3ff13bc180f3fcd6a608f1cd",
"versionType": "git"
},
{
"lessThan": "7ae4e56de7dbd0999578246a536cf52a63f4056d",
"status": "affected",
"version": "c4b64011e458aa2b246cd4e42012cfd83d2d9a5c",
"versionType": "git"
},
{
"lessThan": "590a4b2d4e0b73586e88bce9b8135b593355ec09",
"status": "affected",
"version": "d36b15e3e7b5937cb1f6ac590a85facc3a320642",
"versionType": "git"
},
{
"lessThan": "e36482b222e00cc7aeeea772fc0cf2943590bc4d",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "76b155e14d9b182ce83d32ada2d0d7219ea8c8dd",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "719edd9f3372ce7fb3b157647c6658672946874b",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "b5c94e4d947d15d521e935ff10c5a22a7883dea5",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"lessThan": "df3dff8ab6d79edc942464999d06fbaedf8cdd18",
"status": "affected",
"version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
"versionType": "git"
},
{
"status": "affected",
"version": "9b5a29f0acefa3eb1dbe2fa302b393eeff64d933",
"versionType": "git"
},
{
"lessThan": "4.19.324",
"status": "affected",
"version": "4.19.214",
"versionType": "semver"
},
{
"lessThan": "5.4.286",
"status": "affected",
"version": "5.4.156",
"versionType": "semver"
},
{
"lessThan": "5.10.230",
"status": "affected",
"version": "5.10.76",
"versionType": "semver"
},
{
"lessThan": "5.15",
"status": "affected",
"version": "5.14.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hnae3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "4.19.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "5.4.156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.10.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:55:00.827Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908"
},
{
"url": "https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d"
},
{
"url": "https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09"
},
{
"url": "https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d"
},
{
"url": "https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd"
},
{
"url": "https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b"
},
{
"url": "https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5"
},
{
"url": "https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18"
}
],
"title": "net: hns3: fix kernel crash when uninstalling driver",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50296",
"datePublished": "2024-11-19T01:30:43.318Z",
"dateReserved": "2024-10-21T19:36:19.986Z",
"dateUpdated": "2026-05-23T15:55:00.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…