Vulnerability-Lookup

SUSE-SU-2025:1423-1

Vulnerability from csaf_suse - Published: 2025-05-01 16:11 - Updated: 2025-05-01 16:11

Summary

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues. The following security issues were fixed: - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227753). - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431).

Patchnames: SUSE-2025-1423,SUSE-SLE-Module-Live-Patching-15-SP3-2025-1423

CVE-2023-52885

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-50205

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-56650

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-updates/2025…	self
	https://bugzilla.suse.com/1227753	self
	https://bugzilla.suse.com/1233294	self
	https://bugzilla.suse.com/1235431	self
	https://www.suse.com/security/cve/CVE-2023-52885/	self
	https://www.suse.com/security/cve/CVE-2024-50205/	self
	https://www.suse.com/security/cve/CVE-2024-56650/	self
	https://www.suse.com/security/cve/CVE-2023-52885	external
	https://bugzilla.suse.com/1227750	external
	https://bugzilla.suse.com/1227753	external
	https://www.suse.com/security/cve/CVE-2024-50205	external
	https://bugzilla.suse.com/1233293	external
	https://bugzilla.suse.com/1233294	external
	https://www.suse.com/security/cve/CVE-2024-56650	external
	https://bugzilla.suse.com/1235430	external
	https://bugzilla.suse.com/1235431	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227753).\n- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294).\n- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-1423,SUSE-SLE-Module-Live-Patching-15-SP3-2025-1423",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1423-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:1423-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251423-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:1423-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039121.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227753",
        "url": "https://bugzilla.suse.com/1227753"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233294",
        "url": "https://bugzilla.suse.com/1233294"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235431",
        "url": "https://bugzilla.suse.com/1235431"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-52885 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-52885/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50205 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50205/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56650 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56650/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2025-05-01T16:11:35Z",
      "generator": {
        "date": "2025-05-01T16:11:35Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:1423-1",
      "initial_release_date": "2025-05-01T16:11:35Z",
      "revision_history": [
        {
          "date": "2025-05-01T16:11:35Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-preempt-12-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-preempt-12-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-preempt-12-150300.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52885",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-52885"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n  Read of size 8 at addr ffff888139d96228 by task nc/102553\n  CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n  Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n  Call Trace:\n   \u003cIRQ\u003e\n   dump_stack_lvl+0x33/0x50\n   print_address_description.constprop.0+0x27/0x310\n   print_report+0x3e/0x70\n   kasan_report+0xae/0xe0\n   svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n   tcp_data_queue+0x9f4/0x20e0\n   tcp_rcv_established+0x666/0x1f60\n   tcp_v4_do_rcv+0x51c/0x850\n   tcp_v4_rcv+0x23fc/0x2e80\n   ip_protocol_deliver_rcu+0x62/0x300\n   ip_local_deliver_finish+0x267/0x350\n   ip_local_deliver+0x18b/0x2d0\n   ip_rcv+0x2fb/0x370\n   __netif_receive_skb_one_core+0x166/0x1b0\n   process_backlog+0x24c/0x5e0\n   __napi_poll+0xa2/0x500\n   net_rx_action+0x854/0xc90\n   __do_softirq+0x1bb/0x5de\n   do_softirq+0xcb/0x100\n   \u003c/IRQ\u003e\n   \u003cTASK\u003e\n   ...\n   \u003c/TASK\u003e\n\n  Allocated by task 102371:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   __kasan_kmalloc+0x7b/0x90\n   svc_setup_socket+0x52/0x4f0 [sunrpc]\n   svc_addsock+0x20d/0x400 [sunrpc]\n   __write_ports_addfd+0x209/0x390 [nfsd]\n   write_ports+0x239/0x2c0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n  Freed by task 102551:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   kasan_save_free_info+0x2a/0x50\n   __kasan_slab_free+0x106/0x190\n   __kmem_cache_free+0x133/0x270\n   svc_xprt_free+0x1e2/0x350 [sunrpc]\n   svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n   nfsd_put+0x125/0x240 [nfsd]\n   nfsd_svc+0x2cb/0x3c0 [nfsd]\n   write_threads+0x1ac/0x2a0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-52885",
          "url": "https://www.suse.com/security/cve/CVE-2023-52885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227750 for CVE-2023-52885",
          "url": "https://bugzilla.suse.com/1227750"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227753 for CVE-2023-52885",
          "url": "https://bugzilla.suse.com/1227753"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T16:11:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-52885"
    },
    {
      "cve": "CVE-2024-50205",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50205"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it\u0027s not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50205",
          "url": "https://www.suse.com/security/cve/CVE-2024-50205"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233293 for CVE-2024-50205",
          "url": "https://bugzilla.suse.com/1233293"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233294 for CVE-2024-50205",
          "url": "https://bugzilla.suse.com/1233294"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T16:11:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-50205"
    },
    {
      "cve": "CVE-2024-56650",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56650"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nSince an invalid (without \u0027\\0\u0027 byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to \u0027kstrdup()\u0027 and further.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56650",
          "url": "https://www.suse.com/security/cve/CVE-2024-56650"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235430 for CVE-2024-56650",
          "url": "https://bugzilla.suse.com/1235430"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235431 for CVE-2024-56650",
          "url": "https://bugzilla.suse.com/1235431"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-01T16:11:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56650"
    }
  ]
}

CVE-2024-56650 (GCVE-0-2024-56650)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

netfilter: x_tables: fix LED ID check in led_tg_check()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dump_stack_lvl+0x241/0x360 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? _printk+0xd5/0x120 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 print_report+0x169/0x550 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x45f/0x530 ? __phys_addr+0xba/0x170 ? strlen+0x58/0x70 kasan_report+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 led_tg_check+0x18b/0x3c0 xt_check_target+0x3bb/0xa40 ? __pfx_xt_check_target+0x10/0x10 ? stack_depot_save_flags+0x6e4/0x830 ? nft_target_init+0x174/0xc30 nft_target_init+0x82d/0xc30 ? __pfx_nft_target_init+0x10/0x10 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? rcu_is_watching+0x15/0xb0 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? __kmalloc_noprof+0x21a/0x400 nf_tables_newrule+0x1860/0x2980 ? __pfx_nf_tables_newrule+0x10/0x10 ? __nla_parse+0x40/0x60 nfnetlink_rcv+0x14e5/0x2ab0 ? __pfx_validate_chain+0x10/0x10 ? __pfx_nfnetlink_rcv+0x10/0x10 ? __lock_acquire+0x1384/0x2050 ? netlink_deliver_tap+0x2e/0x1b0 ? __pfx_lock_release+0x10/0x10 ? netlink_deliver_tap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfx_netlink_unicast+0x10/0x10 ? __virt_addr_valid+0x183/0x530 ? __check_object_size+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfx_netlink_sendmsg+0x10/0x10 ? aa_sock_msg_perm+0x91/0x160 ? __pfx_netlink_sendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____sys_sendmsg+0x52a/0x7e0 ? __pfx_____sys_sendmsg+0x10/0x10 __sys_sendmsg+0x292/0x380 ? __pfx___sys_sendmsg+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? exc_page_fault+0x590/0x8c0 ? do_syscall_64+0xb6/0x230 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/147a42bb02de8735c…
	https://git.kernel.org/stable/c/ad28612ebae1fcc11…
	https://git.kernel.org/stable/c/36a9d94dac28beef6…
	https://git.kernel.org/stable/c/ab9916321c95f5280…
	https://git.kernel.org/stable/c/a9bcc0b70d9baf3ff…
	https://git.kernel.org/stable/c/c40c96d98e536fc1d…
	https://git.kernel.org/stable/c/04317f4eb2aad312a…

Impacted products

Vendor

Product

Version

Linux

Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < 147a42bb02de8735cb08476be6d0917987d022c2 (git)
Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < ad28612ebae1fcc1104bd432e99e99d87f6bfe09 (git)
Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < 36a9d94dac28beef6b8abba46ba8874320d3e800 (git)
Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < ab9916321c95f5280b72b4c5055e269f98627efe (git)
Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < a9bcc0b70d9baf3ff005874489a0dc9d023b54c3 (git)
Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < c40c96d98e536fc1daaa125c2332b988615e30a4 (git)
Affected: 268cb38e1802db560c73167e643f14a3dcb4b07c , < 04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:22.683789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:11.150Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:56.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/xt_LED.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "147a42bb02de8735cb08476be6d0917987d022c2",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            },
            {
              "lessThan": "ad28612ebae1fcc1104bd432e99e99d87f6bfe09",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            },
            {
              "lessThan": "36a9d94dac28beef6b8abba46ba8874320d3e800",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            },
            {
              "lessThan": "ab9916321c95f5280b72b4c5055e269f98627efe",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            },
            {
              "lessThan": "a9bcc0b70d9baf3ff005874489a0dc9d023b54c3",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            },
            {
              "lessThan": "c40c96d98e536fc1daaa125c2332b988615e30a4",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            },
            {
              "lessThan": "04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7",
              "status": "affected",
              "version": "268cb38e1802db560c73167e643f14a3dcb4b07c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/xt_LED.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nSince an invalid (without \u0027\\0\u0027 byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to \u0027kstrdup()\u0027 and further."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:01:03.454Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/147a42bb02de8735cb08476be6d0917987d022c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad28612ebae1fcc1104bd432e99e99d87f6bfe09"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a9d94dac28beef6b8abba46ba8874320d3e800"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab9916321c95f5280b72b4c5055e269f98627efe"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9bcc0b70d9baf3ff005874489a0dc9d023b54c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c40c96d98e536fc1daaa125c2332b988615e30a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7"
        }
      ],
      "title": "netfilter: x_tables: fix LED ID check in led_tg_check()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56650",
    "datePublished": "2024-12-27T15:02:50.098Z",
    "dateReserved": "2024-12-27T15:00:39.840Z",
    "dateUpdated": "2025-11-03T20:51:56.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52885 (GCVE-0-2023-52885)

Vulnerability from cvelistv5 – Published: 2024-07-14 07:11 – Updated: 2025-05-04 07:45

Title

SUNRPC: Fix UAF in svc_tcp_listen_data_ready()

Summary

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent. In the race window, if data is received on the newsock, we will observe use-after-free report in svc_tcp_listen_data_ready(). Reproduce by two tasks: 1. while :; do rpc.nfsd 0 ; rpc.nfsd; done 2. while :; do echo "" | ncat -4 127.0.0.1 2049 ; done KASAN report: ================================================================== BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc] Read of size 8 at addr ffff888139d96228 by task nc/102553 CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: <IRQ> dump_stack_lvl+0x33/0x50 print_address_description.constprop.0+0x27/0x310 print_report+0x3e/0x70 kasan_report+0xae/0xe0 svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc] tcp_data_queue+0x9f4/0x20e0 tcp_rcv_established+0x666/0x1f60 tcp_v4_do_rcv+0x51c/0x850 tcp_v4_rcv+0x23fc/0x2e80 ip_protocol_deliver_rcu+0x62/0x300 ip_local_deliver_finish+0x267/0x350 ip_local_deliver+0x18b/0x2d0 ip_rcv+0x2fb/0x370 __netif_receive_skb_one_core+0x166/0x1b0 process_backlog+0x24c/0x5e0 __napi_poll+0xa2/0x500 net_rx_action+0x854/0xc90 __do_softirq+0x1bb/0x5de do_softirq+0xcb/0x100 </IRQ> <TASK> ... </TASK> Allocated by task 102371: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x7b/0x90 svc_setup_socket+0x52/0x4f0 [sunrpc] svc_addsock+0x20d/0x400 [sunrpc] __write_ports_addfd+0x209/0x390 [nfsd] write_ports+0x239/0x2c0 [nfsd] nfsctl_transaction_write+0xac/0x110 [nfsd] vfs_write+0x1c3/0xae0 ksys_write+0xed/0x1c0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Freed by task 102551: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x50 __kasan_slab_free+0x106/0x190 __kmem_cache_free+0x133/0x270 svc_xprt_free+0x1e2/0x350 [sunrpc] svc_xprt_destroy_all+0x25a/0x440 [sunrpc] nfsd_put+0x125/0x240 [nfsd] nfsd_svc+0x2cb/0x3c0 [nfsd] write_threads+0x1ac/0x2a0 [nfsd] nfsctl_transaction_write+0xac/0x110 [nfsd] vfs_write+0x1c3/0xae0 ksys_write+0xed/0x1c0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Fix the UAF by simply doing nothing in svc_tcp_listen_data_ready() if state != TCP_LISTEN, that will avoid dereferencing svsk for all child socket.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c7b8c2d06e4376396…
	https://git.kernel.org/stable/c/dfc896c4a75cb8cd7…
	https://git.kernel.org/stable/c/42725e5c1b181b757…
	https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e2…
	https://git.kernel.org/stable/c/fbf4ace39b2e4f383…
	https://git.kernel.org/stable/c/ef047411887ff0845…
	https://git.kernel.org/stable/c/7e1f989055622fd08…
	https://git.kernel.org/stable/c/fc80fc2d4e3913786…

Impacted products

Vendor

Product

Version

Linux

Affected: fa9251afc33c81606d70cfe91800a779096442ec , < c7b8c2d06e437639694abe76978e915cfb73f428 (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254 (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < 42725e5c1b181b757ba11d804443922982334d9b (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < cd5ec3ee52ce4b7e283cc11facfa420c297c8065 (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < fbf4ace39b2e4f3833236afbb2336edbafd75eee (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < ef047411887ff0845afd642d6a687819308e1a4e (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < 7e1f989055622fd086c5dfb291fc72adf5660b6f (git)
Affected: fa9251afc33c81606d70cfe91800a779096442ec , < fc80fc2d4e39137869da3150ee169b40bf879287 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 4.14.322 , ≤ 4.14.* (semver)
Unaffected: 4.19.291 , ≤ 4.19.* (semver)
Unaffected: 5.4.251 , ≤ 5.4.* (semver)
Unaffected: 5.10.188 , ≤ 5.10.* (semver)
Unaffected: 5.15.121 , ≤ 5.15.* (semver)
Unaffected: 6.1.39 , ≤ 6.1.* (semver)
Unaffected: 6.4.4 , ≤ 6.4.* (semver)
Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:00:55.699629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:18.417Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/svcsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c7b8c2d06e437639694abe76978e915cfb73f428",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "42725e5c1b181b757ba11d804443922982334d9b",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "cd5ec3ee52ce4b7e283cc11facfa420c297c8065",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "fbf4ace39b2e4f3833236afbb2336edbafd75eee",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "ef047411887ff0845afd642d6a687819308e1a4e",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "7e1f989055622fd086c5dfb291fc72adf5660b6f",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            },
            {
              "lessThan": "fc80fc2d4e39137869da3150ee169b40bf879287",
              "status": "affected",
              "version": "fa9251afc33c81606d70cfe91800a779096442ec",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/svcsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.322",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.291",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n  Read of size 8 at addr ffff888139d96228 by task nc/102553\n  CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n  Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n  Call Trace:\n   \u003cIRQ\u003e\n   dump_stack_lvl+0x33/0x50\n   print_address_description.constprop.0+0x27/0x310\n   print_report+0x3e/0x70\n   kasan_report+0xae/0xe0\n   svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n   tcp_data_queue+0x9f4/0x20e0\n   tcp_rcv_established+0x666/0x1f60\n   tcp_v4_do_rcv+0x51c/0x850\n   tcp_v4_rcv+0x23fc/0x2e80\n   ip_protocol_deliver_rcu+0x62/0x300\n   ip_local_deliver_finish+0x267/0x350\n   ip_local_deliver+0x18b/0x2d0\n   ip_rcv+0x2fb/0x370\n   __netif_receive_skb_one_core+0x166/0x1b0\n   process_backlog+0x24c/0x5e0\n   __napi_poll+0xa2/0x500\n   net_rx_action+0x854/0xc90\n   __do_softirq+0x1bb/0x5de\n   do_softirq+0xcb/0x100\n   \u003c/IRQ\u003e\n   \u003cTASK\u003e\n   ...\n   \u003c/TASK\u003e\n\n  Allocated by task 102371:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   __kasan_kmalloc+0x7b/0x90\n   svc_setup_socket+0x52/0x4f0 [sunrpc]\n   svc_addsock+0x20d/0x400 [sunrpc]\n   __write_ports_addfd+0x209/0x390 [nfsd]\n   write_ports+0x239/0x2c0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n  Freed by task 102551:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   kasan_save_free_info+0x2a/0x50\n   __kasan_slab_free+0x106/0x190\n   __kmem_cache_free+0x133/0x270\n   svc_xprt_free+0x1e2/0x350 [sunrpc]\n   svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n   nfsd_put+0x125/0x240 [nfsd]\n   nfsd_svc+0x2cb/0x3c0 [nfsd]\n   write_threads+0x1ac/0x2a0 [nfsd]\n   nfsctl_transaction_write+0xac/0x110 [nfsd]\n   vfs_write+0x1c3/0xae0\n   ksys_write+0xed/0x1c0\n   do_syscall_64+0x38/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:45:19.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254"
        },
        {
          "url": "https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287"
        }
      ],
      "title": "SUNRPC: Fix UAF in svc_tcp_listen_data_ready()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52885",
    "datePublished": "2024-07-14T07:11:28.548Z",
    "dateReserved": "2024-05-21T15:35:00.782Z",
    "dateUpdated": "2025-05-04T07:45:19.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50205 (GCVE-0-2024-50205)

Vulnerability from cvelistv5 – Published: 2024-11-08 06:07 – Updated: 2025-11-03 22:27

Title

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The observed behavior was introduced by commit 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), and it is difficult to show that any of the interval parameters will satisfy the snd_interval_test() condition with data from the amdtp_rate_table[] table. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-369 - Divide By Zero

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d575414361630b8b0…
	https://git.kernel.org/stable/c/5e431f85c87bbffd9…
	https://git.kernel.org/stable/c/7d4eb9e22131ec154…
	https://git.kernel.org/stable/c/d2826873db70a6719…
	https://git.kernel.org/stable/c/4bdc21506f12b2d43…
	https://git.kernel.org/stable/c/3452d39c4704aa125…
	https://git.kernel.org/stable/c/72cafe63b35d06b5c…

Impacted products

Vendor

Product

Version

Linux

Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < d575414361630b8b0523912532fcd7c79e43468c (git)
Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < 5e431f85c87bbffd93a9830d5a576586f9855291 (git)
Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < 7d4eb9e22131ec154e638cbd56629195c9bcbe9a (git)
Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < d2826873db70a6719cdd9212a6739f3e6234cfc4 (git)
Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < 4bdc21506f12b2d432b1f2667e5ff4c75eee58e3 (git)
Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < 3452d39c4704aa12504e4190298c721fb01083c3 (git)
Affected: 826b5de90c0bca4e9de6231da9e1730480621588 , < 72cafe63b35d06b5cfbaf807e90ae657907858da (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.229 , ≤ 5.10.* (semver)
Unaffected: 5.15.170 , ≤ 5.15.* (semver)
Unaffected: 6.1.115 , ≤ 6.1.* (semver)
Unaffected: 6.6.59 , ≤ 6.6.* (semver)
Unaffected: 6.11.6 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50205",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:17:39.245341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-369",
                "description": "CWE-369 Divide By Zero",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:27:06.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:27:00.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/firewire/amdtp-stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d575414361630b8b0523912532fcd7c79e43468c",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            },
            {
              "lessThan": "5e431f85c87bbffd93a9830d5a576586f9855291",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            },
            {
              "lessThan": "7d4eb9e22131ec154e638cbd56629195c9bcbe9a",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            },
            {
              "lessThan": "d2826873db70a6719cdd9212a6739f3e6234cfc4",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            },
            {
              "lessThan": "4bdc21506f12b2d432b1f2667e5ff4c75eee58e3",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            },
            {
              "lessThan": "3452d39c4704aa12504e4190298c721fb01083c3",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            },
            {
              "lessThan": "72cafe63b35d06b5cfbaf807e90ae657907858da",
              "status": "affected",
              "version": "826b5de90c0bca4e9de6231da9e1730480621588",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/firewire/amdtp-stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.229",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.170",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.115",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.59",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.6",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it\u0027s not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:48:41.353Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d575414361630b8b0523912532fcd7c79e43468c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e431f85c87bbffd93a9830d5a576586f9855291"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d4eb9e22131ec154e638cbd56629195c9bcbe9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2826873db70a6719cdd9212a6739f3e6234cfc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4bdc21506f12b2d432b1f2667e5ff4c75eee58e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/3452d39c4704aa12504e4190298c721fb01083c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/72cafe63b35d06b5cfbaf807e90ae657907858da"
        }
      ],
      "title": "ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50205",
    "datePublished": "2024-11-08T06:07:55.993Z",
    "dateReserved": "2024-10-21T19:36:19.969Z",
    "dateUpdated": "2025-11-03T22:27:00.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2025:1423-1

CVE-2024-56650 (GCVE-0-2024-56650)

CVE-2023-52885 (GCVE-0-2023-52885)

CVE-2024-50205 (GCVE-0-2024-50205)

Tags

Sightings

Nomenclature