SUSE-SU-2025:0943-1 - Vulnerability-Lookup

SUSE-SU-2025:0943-1

Vulnerability from csaf_suse - Published: 2025-03-19 11:34 - Updated: 2025-03-19 11:34

Summary

Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues. The following security issues were fixed: - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)

Patchnames: SUSE-2025-936,SUSE-2025-943,SUSE-SLE-Module-Live-Patching-15-SP3-2025-943

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2021-47261

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2021-47496

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2022-48792

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2022-48911

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-46818

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-50302

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1227656	self
	https://bugzilla.suse.com/1227751	self
	https://bugzilla.suse.com/1228017	self
	https://bugzilla.suse.com/1229640	self
	https://bugzilla.suse.com/1231204	self
	https://bugzilla.suse.com/1233679	self
	https://www.suse.com/security/cve/CVE-2021-47261/	self
	https://www.suse.com/security/cve/CVE-2021-47496/	self
	https://www.suse.com/security/cve/CVE-2022-48792/	self
	https://www.suse.com/security/cve/CVE-2022-48911/	self
	https://www.suse.com/security/cve/CVE-2024-46818/	self
	https://www.suse.com/security/cve/CVE-2024-50302/	self
	https://www.suse.com/security/cve/CVE-2021-47261	external
	https://bugzilla.suse.com/1224954	external
	https://bugzilla.suse.com/1227751	external
	https://www.suse.com/security/cve/CVE-2021-47496	external
	https://bugzilla.suse.com/1225354	external
	https://bugzilla.suse.com/1227656	external
	https://www.suse.com/security/cve/CVE-2022-48792	external
	https://bugzilla.suse.com/1228013	external
	https://bugzilla.suse.com/1228017	external
	https://www.suse.com/security/cve/CVE-2022-48911	external
	https://bugzilla.suse.com/1229633	external
	https://bugzilla.suse.com/1229640	external
	https://www.suse.com/security/cve/CVE-2024-46818	external
	https://bugzilla.suse.com/1231203	external
	https://bugzilla.suse.com/1231204	external
	https://www.suse.com/security/cve/CVE-2024-50302	external
	https://bugzilla.suse.com/1233491	external
	https://bugzilla.suse.com/1233679	external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.  (bsc#1229640).\n- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-936,SUSE-2025-943,SUSE-SLE-Module-Live-Patching-15-SP3-2025-943",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0943-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0943-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250943-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0943-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020548.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227656",
        "url": "https://bugzilla.suse.com/1227656"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227751",
        "url": "https://bugzilla.suse.com/1227751"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228017",
        "url": "https://bugzilla.suse.com/1228017"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229640",
        "url": "https://bugzilla.suse.com/1229640"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1231204",
        "url": "https://bugzilla.suse.com/1231204"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233679",
        "url": "https://bugzilla.suse.com/1233679"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-47261 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-47261/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-47496 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-47496/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-48792 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-48792/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-48911 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-48911/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46818 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46818/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50302 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50302/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2025-03-19T11:34:03Z",
      "generator": {
        "date": "2025-03-19T11:34:03Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0943-1",
      "initial_release_date": "2025-03-19T11:34:03Z",
      "revision_history": [
        {
          "date": "2025-03-19T11:34:03Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-47261",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-47261"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix initializing CQ fragments buffer\n\nThe function init_cq_frag_buf() can be called to initialize the current CQ\nfragments buffer cq-\u003ebuf, or the temporary cq-\u003eresize_buf that is filled\nduring CQ resize operation.\n\nHowever, the offending commit started to use function get_cqe() for\ngetting the CQEs, the issue with this change is that get_cqe() always\nreturns CQEs from cq-\u003ebuf, which leads us to initialize the wrong buffer,\nand in case of enlarging the CQ we try to access elements beyond the size\nof the current cq-\u003ebuf and eventually hit a kernel panic.\n\n [exception RIP: init_cq_frag_buf+103]\n  [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib]\n  [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core]\n  [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt]\n  [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt]\n  [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt]\n  [ffff9f799ddcbec8] kthread at ffffffffa66c5da1\n  [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd\n\nFix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that\ntakes the correct source buffer as a parameter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-47261",
          "url": "https://www.suse.com/security/cve/CVE-2021-47261"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224954 for CVE-2021-47261",
          "url": "https://bugzilla.suse.com/1224954"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227751 for CVE-2021-47261",
          "url": "https://bugzilla.suse.com/1227751"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-19T11:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-47261"
    },
    {
      "cve": "CVE-2021-47496",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-47496"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: Fix flipped sign in tls_err_abort() calls\n\nsk-\u003esk_err appears to expect a positive value, a convention that ktls\ndoesn\u0027t always follow and that leads to memory corruption in other code.\nFor instance,\n\n    [kworker]\n    tls_encrypt_done(..., err=\u003cnegative error from crypto request\u003e)\n      tls_err_abort(.., err)\n        sk-\u003esk_err = err;\n\n    [task]\n    splice_from_pipe_feed\n      ...\n        tls_sw_do_sendpage\n          if (sk-\u003esk_err) {\n            ret = -sk-\u003esk_err;  // ret is positive\n\n    splice_from_pipe_feed (continued)\n      ret = actor(...)  // ret is still positive and interpreted as bytes\n                        // written, resulting in underflow of buf-\u003elen and\n                        // sd-\u003elen, leading to huge buf-\u003eoffset and bogus\n                        // addresses computed in later calls to actor()\n\nFix all tls_err_abort() callers to pass a negative error code\nconsistently and centralize the error-prone sign flip there, throwing in\na warning to catch future misuse and uninlining the function so it\nreally does only warn once.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-47496",
          "url": "https://www.suse.com/security/cve/CVE-2021-47496"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225354 for CVE-2021-47496",
          "url": "https://bugzilla.suse.com/1225354"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227656 for CVE-2021-47496",
          "url": "https://bugzilla.suse.com/1227656"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-19T11:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-47496"
    },
    {
      "cve": "CVE-2022-48792",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-48792"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n   the I/O.\n\n - Release driver resources associated with the sas_task in\n   pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-48792",
          "url": "https://www.suse.com/security/cve/CVE-2022-48792"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228013 for CVE-2022-48792",
          "url": "https://bugzilla.suse.com/1228013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228017 for CVE-2022-48792",
          "url": "https://bugzilla.suse.com/1228017"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-19T11:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-48792"
    },
    {
      "cve": "CVE-2022-48911",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-48911"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n  The sock_hold() side seems suspect, because there is no guarantee\n  that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror.  The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-48911",
          "url": "https://www.suse.com/security/cve/CVE-2022-48911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229633 for CVE-2022-48911",
          "url": "https://bugzilla.suse.com/1229633"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229640 for CVE-2022-48911",
          "url": "https://bugzilla.suse.com/1229640"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-19T11:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-48911"
    },
    {
      "cve": "CVE-2024-46818",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46818"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46818",
          "url": "https://www.suse.com/security/cve/CVE-2024-46818"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1231203 for CVE-2024-46818",
          "url": "https://bugzilla.suse.com/1231203"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1231204 for CVE-2024-46818",
          "url": "https://bugzilla.suse.com/1231204"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-19T11:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-46818"
    },
    {
      "cve": "CVE-2024-50302",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50302"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50302",
          "url": "https://www.suse.com/security/cve/CVE-2024-50302"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233491 for CVE-2024-50302",
          "url": "https://bugzilla.suse.com/1233491"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233679 for CVE-2024-50302",
          "url": "https://bugzilla.suse.com/1233679"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-19T11:34:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-50302"
    }
  ]
}

CVE-2022-48792 (GCVE-0-2022-48792)

Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-12-23 13:20

Title

scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fe9ac3eaa2e387a57…
	https://git.kernel.org/stable/c/d9d93f32534a0a80a…
	https://git.kernel.org/stable/c/f61f9fccb2cb4bb27…
	https://git.kernel.org/stable/c/df7abcaa1246e2537…

Impacted products

Vendor

Product

Version

Affected: 869ddbdcae3b4fb83b99889abae31544c149b210 , < fe9ac3eaa2e387a5742b380b73a5a6bc237bf184 (git)
Affected: 869ddbdcae3b4fb83b99889abae31544c149b210 , < d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2 (git)
Affected: 869ddbdcae3b4fb83b99889abae31544c149b210 , < f61f9fccb2cb4bb275674a79d638704db6bc2171 (git)
Affected: 869ddbdcae3b4fb83b99889abae31544c149b210 , < df7abcaa1246e2537ab4016077b5443bb3c09378 (git)

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.10.102 , ≤ 5.10.* (semver)
Unaffected: 5.15.25 , ≤ 5.15.* (semver)
Unaffected: 5.16.11 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:59:32.216009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:15.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/pm8001/pm80xx_hwi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fe9ac3eaa2e387a5742b380b73a5a6bc237bf184",
              "status": "affected",
              "version": "869ddbdcae3b4fb83b99889abae31544c149b210",
              "versionType": "git"
            },
            {
              "lessThan": "d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2",
              "status": "affected",
              "version": "869ddbdcae3b4fb83b99889abae31544c149b210",
              "versionType": "git"
            },
            {
              "lessThan": "f61f9fccb2cb4bb275674a79d638704db6bc2171",
              "status": "affected",
              "version": "869ddbdcae3b4fb83b99889abae31544c149b210",
              "versionType": "git"
            },
            {
              "lessThan": "df7abcaa1246e2537ab4016077b5443bb3c09378",
              "status": "affected",
              "version": "869ddbdcae3b4fb83b99889abae31544c149b210",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/pm8001/pm80xx_hwi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.25",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.102",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.25",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n   the I/O.\n\n - Release driver resources associated with the sas_task in\n   pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:20:30.466Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171"
        },
        {
          "url": "https://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378"
        }
      ],
      "title": "scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48792",
    "datePublished": "2024-07-16T11:43:48.026Z",
    "dateReserved": "2024-07-16T11:38:08.893Z",
    "dateUpdated": "2025-12-23T13:20:30.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46818 (GCVE-0-2024-46818)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:19

Title

drm/amd/display: Check gpio_id before used as array index

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8520fdc8ecc38f240…
	https://git.kernel.org/stable/c/40c2e8bc117cab8bc…
	https://git.kernel.org/stable/c/0184cca30cad74d88…
	https://git.kernel.org/stable/c/276e3fd93e3beb589…
	https://git.kernel.org/stable/c/08e7755f754e3d2ce…
	https://git.kernel.org/stable/c/3d4198ab612ad48f7…
	https://git.kernel.org/stable/c/2a5626eeb3b5eec7a…

Impacted products

Vendor

Product

Version

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8520fdc8ecc38f240a8e9e7af89cca6739c3e790 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 40c2e8bc117cab8bca8814735f28a8b121654a84 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0184cca30cad74d88f5c875d4e26999e26325700 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 276e3fd93e3beb5894eb1cc8480f9f417d51524d (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 08e7755f754e3d2cef7d3a7da538d33526bd6f7c (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3d4198ab612ad48f73383ad3bb5663e6f0cdf406 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (git)

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.109 , ≤ 6.1.* (semver)
Unaffected: 6.6.50 , ≤ 6.6.* (semver)
Unaffected: 6.10.9 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46818",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:15:06.184629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:15:15.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:05.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8520fdc8ecc38f240a8e9e7af89cca6739c3e790",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "40c2e8bc117cab8bca8814735f28a8b121654a84",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "0184cca30cad74d88f5c875d4e26999e26325700",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "276e3fd93e3beb5894eb1cc8480f9f417d51524d",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "08e7755f754e3d2cef7d3a7da538d33526bd6f7c",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "3d4198ab612ad48f73383ad3bb5663e6f0cdf406",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "2a5626eeb3b5eec7a36886f9556113dd93ec8ed6",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.109",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.50",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:20:43.164Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790"
        },
        {
          "url": "https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84"
        },
        {
          "url": "https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700"
        },
        {
          "url": "https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d"
        },
        {
          "url": "https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6"
        }
      ],
      "title": "drm/amd/display: Check gpio_id before used as array index",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46818",
    "datePublished": "2024-09-27T12:35:59.187Z",
    "dateReserved": "2024-09-11T15:12:18.284Z",
    "dateUpdated": "2025-11-03T22:19:05.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47496 (GCVE-0-2021-47496)

Vulnerability from cvelistv5 – Published: 2024-05-22 08:19 – Updated: 2025-05-04 07:12

Title

net/tls: Fix flipped sign in tls_err_abort() calls

Summary

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, [kworker] tls_encrypt_done(..., err=<negative error from crypto request>) tls_err_abort(.., err) sk->sk_err = err; [task] splice_from_pipe_feed ... tls_sw_do_sendpage if (sk->sk_err) { ret = -sk->sk_err; // ret is positive splice_from_pipe_feed (continued) ret = actor(...) // ret is still positive and interpreted as bytes // written, resulting in underflow of buf->len and // sd->len, leading to huge buf->offset and bogus // addresses computed in later calls to actor() Fix all tls_err_abort() callers to pass a negative error code consistently and centralize the error-prone sign flip there, throwing in a warning to catch future misuse and uninlining the function so it really does only warn once.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e0cfd5159f314d6b3…
	https://git.kernel.org/stable/c/f3dec7e7ace38224f…
	https://git.kernel.org/stable/c/e41473543f75f7dbc…
	https://git.kernel.org/stable/c/da353fac65fede6b8…

Impacted products

Vendor

Product

Version

Affected: c46234ebb4d1eee5e09819f49169e51cfc6eb909 , < e0cfd5159f314d6b304d030363650b06a2299cbb (git)
Affected: c46234ebb4d1eee5e09819f49169e51cfc6eb909 , < f3dec7e7ace38224f82cf83f0049159d067c2e19 (git)
Affected: c46234ebb4d1eee5e09819f49169e51cfc6eb909 , < e41473543f75f7dbc5d605007e6f883f1bd13b9a (git)
Affected: c46234ebb4d1eee5e09819f49169e51cfc6eb909 , < da353fac65fede6b8b4cfe207f0d9408e3121105 (git)

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 5.4.157 , ≤ 5.4.* (semver)
Unaffected: 5.10.77 , ≤ 5.10.* (semver)
Unaffected: 5.14.16 , ≤ 5.14.* (semver)
Unaffected: 5.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.752Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0cfd5159f314d6b304d030363650b06a2299cbb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3dec7e7ace38224f82cf83f0049159d067c2e19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e41473543f75f7dbc5d605007e6f883f1bd13b9a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/da353fac65fede6b8b4cfe207f0d9408e3121105"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47496",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:35:52.280096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:23.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/tls.h",
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e0cfd5159f314d6b304d030363650b06a2299cbb",
              "status": "affected",
              "version": "c46234ebb4d1eee5e09819f49169e51cfc6eb909",
              "versionType": "git"
            },
            {
              "lessThan": "f3dec7e7ace38224f82cf83f0049159d067c2e19",
              "status": "affected",
              "version": "c46234ebb4d1eee5e09819f49169e51cfc6eb909",
              "versionType": "git"
            },
            {
              "lessThan": "e41473543f75f7dbc5d605007e6f883f1bd13b9a",
              "status": "affected",
              "version": "c46234ebb4d1eee5e09819f49169e51cfc6eb909",
              "versionType": "git"
            },
            {
              "lessThan": "da353fac65fede6b8b4cfe207f0d9408e3121105",
              "status": "affected",
              "version": "c46234ebb4d1eee5e09819f49169e51cfc6eb909",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/tls.h",
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.157",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.77",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14.16",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: Fix flipped sign in tls_err_abort() calls\n\nsk-\u003esk_err appears to expect a positive value, a convention that ktls\ndoesn\u0027t always follow and that leads to memory corruption in other code.\nFor instance,\n\n    [kworker]\n    tls_encrypt_done(..., err=\u003cnegative error from crypto request\u003e)\n      tls_err_abort(.., err)\n        sk-\u003esk_err = err;\n\n    [task]\n    splice_from_pipe_feed\n      ...\n        tls_sw_do_sendpage\n          if (sk-\u003esk_err) {\n            ret = -sk-\u003esk_err;  // ret is positive\n\n    splice_from_pipe_feed (continued)\n      ret = actor(...)  // ret is still positive and interpreted as bytes\n                        // written, resulting in underflow of buf-\u003elen and\n                        // sd-\u003elen, leading to huge buf-\u003eoffset and bogus\n                        // addresses computed in later calls to actor()\n\nFix all tls_err_abort() callers to pass a negative error code\nconsistently and centralize the error-prone sign flip there, throwing in\na warning to catch future misuse and uninlining the function so it\nreally does only warn once."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:12:17.959Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e0cfd5159f314d6b304d030363650b06a2299cbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3dec7e7ace38224f82cf83f0049159d067c2e19"
        },
        {
          "url": "https://git.kernel.org/stable/c/e41473543f75f7dbc5d605007e6f883f1bd13b9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/da353fac65fede6b8b4cfe207f0d9408e3121105"
        }
      ],
      "title": "net/tls: Fix flipped sign in tls_err_abort() calls",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47496",
    "datePublished": "2024-05-22T08:19:43.489Z",
    "dateReserved": "2024-05-22T06:20:56.202Z",
    "dateUpdated": "2025-05-04T07:12:17.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48911 (GCVE-0-2022-48911)

Vulnerability from cvelistv5 – Published: 2024-08-22 01:31 – Updated: 2025-05-04 08:25

Title

netfilter: nf_queue: fix possible use-after-free

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21b27b2baa2742328…
	https://git.kernel.org/stable/c/ef97921ccdc243170…
	https://git.kernel.org/stable/c/34dc4a6a7f261736e…
	https://git.kernel.org/stable/c/43c25da41e3091b31…
	https://git.kernel.org/stable/c/4d05239203fa38ea8…
	https://git.kernel.org/stable/c/dd648bd1b33a828f6…
	https://git.kernel.org/stable/c/dcc3cb920bf7ba66a…
	https://git.kernel.org/stable/c/c3873070247d9e3c7…

Impacted products

Vendor

Product

Version

Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 21b27b2baa27423286e9b8d3f0b194d587083d95 (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < ef97921ccdc243170fcef857ba2a17cf697aece5 (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 34dc4a6a7f261736ef7183868a5bddad31c7f9e3 (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 43c25da41e3091b31a906651a43e80a2719aa1ff (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 4d05239203fa38ea8a6f31e228460da4cb17a71a (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < dd648bd1b33a828f62befa696b206c688da0ec43 (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee (git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < c3873070247d9e3c7a6b0cf9bf9b45e8018427b1 (git)

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.9.305 , ≤ 4.9.* (semver)
Unaffected: 4.14.270 , ≤ 4.14.* (semver)
Unaffected: 4.19.233 , ≤ 4.19.* (semver)
Unaffected: 5.4.183 , ≤ 5.4.* (semver)
Unaffected: 5.10.104 , ≤ 5.10.* (semver)
Unaffected: 5.15.27 , ≤ 5.15.* (semver)
Unaffected: 5.16.13 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:34:00.950489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:02.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_queue.h",
            "net/netfilter/nf_queue.c",
            "net/netfilter/nfnetlink_queue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21b27b2baa27423286e9b8d3f0b194d587083d95",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "ef97921ccdc243170fcef857ba2a17cf697aece5",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "34dc4a6a7f261736ef7183868a5bddad31c7f9e3",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "43c25da41e3091b31a906651a43e80a2719aa1ff",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "4d05239203fa38ea8a6f31e228460da4cb17a71a",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "dd648bd1b33a828f62befa696b206c688da0ec43",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            },
            {
              "lessThan": "c3873070247d9e3c7a6b0cf9bf9b45e8018427b1",
              "status": "affected",
              "version": "271b72c7fa82c2c7a795bc16896149933110672d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_queue.h",
            "net/netfilter/nf_queue.c",
            "net/netfilter/nfnetlink_queue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.305",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.183",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.305",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.270",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.233",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.183",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.104",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.27",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n  The sock_hold() side seems suspect, because there is no guarantee\n  that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror.  The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:25:56.793Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5"
        },
        {
          "url": "https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1"
        }
      ],
      "title": "netfilter: nf_queue: fix possible use-after-free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48911",
    "datePublished": "2024-08-22T01:31:07.463Z",
    "dateReserved": "2024-08-21T06:06:23.294Z",
    "dateUpdated": "2025-05-04T08:25:56.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50302 (GCVE-0-2024-50302)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:28

Title

HID: core: zero-initialize the report buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e7ea60184e1e88a3c…
	https://git.kernel.org/stable/c/3f9e88f2672c46359…
	https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3…
	https://git.kernel.org/stable/c/05ade5d4337867929…
	https://git.kernel.org/stable/c/1884ab3d22536a5c1…
	https://git.kernel.org/stable/c/9d9f5c75c0c7f3176…
	https://git.kernel.org/stable/c/492015e6249fbcd42…
	https://git.kernel.org/stable/c/177f25d1292c7e16e…

Impacted products

Vendor

Product

Version

Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 3f9e88f2672c4635960570ee9741778d4135ecf5 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 492015e6249fbcd42138b49de3c588d826dd9648 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 177f25d1292c7e16e1199b39c85480f7f8815552 (git)
Affected: b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 (git)
Affected: fe6c9b48ebc920ff21c10c50ab2729440c734254 (git)

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50302",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T04:55:26.718337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:35.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-04T00:00:00.000Z",
            "value": "CVE-2024-50302 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:19.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "492015e6249fbcd42138b49de3c588d826dd9648",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe6c9b48ebc920ff21c10c50ab2729440c734254",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.11.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:14.113Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
        },
        {
          "url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
        },
        {
          "url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
        },
        {
          "url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
        }
      ],
      "title": "HID: core: zero-initialize the report buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50302",
    "datePublished": "2024-11-19T01:30:51.300Z",
    "dateReserved": "2024-10-21T19:36:19.987Z",
    "dateUpdated": "2025-11-03T22:28:19.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47261 (GCVE-0-2021-47261)

Vulnerability from cvelistv5 – Published: 2024-05-21 14:19 – Updated: 2025-05-04 07:07

Title

IB/mlx5: Fix initializing CQ fragments buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize operation. However, the offending commit started to use function get_cqe() for getting the CQEs, the issue with this change is that get_cqe() always returns CQEs from cq->buf, which leads us to initialize the wrong buffer, and in case of enlarging the CQ we try to access elements beyond the size of the current cq->buf and eventually hit a kernel panic. [exception RIP: init_cq_frag_buf+103] [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib] [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core] [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt] [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt] [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt] [ffff9f799ddcbec8] kthread at ffffffffa66c5da1 [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd Fix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that takes the correct source buffer as a parameter.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1ec2dcd680c71d0d3…
	https://git.kernel.org/stable/c/e3ecd9c09fcc10cf6…
	https://git.kernel.org/stable/c/91f7fdc4cc10542ca…
	https://git.kernel.org/stable/c/3e670c54eda238cb8…
	https://git.kernel.org/stable/c/2ba0aa2feebda680e…

Impacted products

Vendor

Product

Version

Affected: 388ca8be00370db132464e27f745b8a0add19fcb , < 1ec2dcd680c71d0d36fa25638b327a468babd5c9 (git)
Affected: 388ca8be00370db132464e27f745b8a0add19fcb , < e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26 (git)
Affected: 388ca8be00370db132464e27f745b8a0add19fcb , < 91f7fdc4cc10542ca1045c06aad23365f0d067e0 (git)
Affected: 388ca8be00370db132464e27f745b8a0add19fcb , < 3e670c54eda238cb8a1ea93538a79ae89285c1c4 (git)
Affected: 388ca8be00370db132464e27f745b8a0add19fcb , < 2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a (git)

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.195 , ≤ 4.19.* (semver)
Unaffected: 5.4.126 , ≤ 5.4.* (semver)
Unaffected: 5.10.44 , ≤ 5.10.* (semver)
Unaffected: 5.12.11 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:50:22.252363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:42.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ec2dcd680c71d0d36fa25638b327a468babd5c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91f7fdc4cc10542ca1045c06aad23365f0d067e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e670c54eda238cb8a1ea93538a79ae89285c1c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/mlx5/cq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1ec2dcd680c71d0d36fa25638b327a468babd5c9",
              "status": "affected",
              "version": "388ca8be00370db132464e27f745b8a0add19fcb",
              "versionType": "git"
            },
            {
              "lessThan": "e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26",
              "status": "affected",
              "version": "388ca8be00370db132464e27f745b8a0add19fcb",
              "versionType": "git"
            },
            {
              "lessThan": "91f7fdc4cc10542ca1045c06aad23365f0d067e0",
              "status": "affected",
              "version": "388ca8be00370db132464e27f745b8a0add19fcb",
              "versionType": "git"
            },
            {
              "lessThan": "3e670c54eda238cb8a1ea93538a79ae89285c1c4",
              "status": "affected",
              "version": "388ca8be00370db132464e27f745b8a0add19fcb",
              "versionType": "git"
            },
            {
              "lessThan": "2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a",
              "status": "affected",
              "version": "388ca8be00370db132464e27f745b8a0add19fcb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/mlx5/cq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.126",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.195",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.126",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.44",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.11",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix initializing CQ fragments buffer\n\nThe function init_cq_frag_buf() can be called to initialize the current CQ\nfragments buffer cq-\u003ebuf, or the temporary cq-\u003eresize_buf that is filled\nduring CQ resize operation.\n\nHowever, the offending commit started to use function get_cqe() for\ngetting the CQEs, the issue with this change is that get_cqe() always\nreturns CQEs from cq-\u003ebuf, which leads us to initialize the wrong buffer,\nand in case of enlarging the CQ we try to access elements beyond the size\nof the current cq-\u003ebuf and eventually hit a kernel panic.\n\n [exception RIP: init_cq_frag_buf+103]\n  [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib]\n  [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core]\n  [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt]\n  [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt]\n  [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt]\n  [ffff9f799ddcbec8] kthread at ffffffffa66c5da1\n  [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd\n\nFix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that\ntakes the correct source buffer as a parameter."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:07:26.307Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1ec2dcd680c71d0d36fa25638b327a468babd5c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26"
        },
        {
          "url": "https://git.kernel.org/stable/c/91f7fdc4cc10542ca1045c06aad23365f0d067e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e670c54eda238cb8a1ea93538a79ae89285c1c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a"
        }
      ],
      "title": "IB/mlx5: Fix initializing CQ fragments buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47261",
    "datePublished": "2024-05-21T14:19:54.025Z",
    "dateReserved": "2024-05-21T13:27:52.126Z",
    "dateUpdated": "2025-05-04T07:07:26.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.