diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-12 16:47:40 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-12 16:47:40 +0100 |
| commit | a6f4445f1ffbaf51ce7f257364ac14d16cdcb3cd (patch) | |
| tree | 0e1d664aae72c9cca6487d3f29b5305113653086 | |
| parent | 6c271b337ce5c410d7b9c9bd90d216e12cb34c86 (diff) | |
| download | vulns-a6f4445f1ffbaf51ce7f257364ac14d16cdcb3cd.tar.gz | |
more test records created to test filters and version information.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 files changed, 474 insertions, 2 deletions
diff --git a/cve/published/2023/CVE-2023-1851.json b/cve/published/2023/CVE-2023-1851.json index 7e4f8735..d1503729 100644 --- a/cve/published/2023/CVE-2023-1851.json +++ b/cve/published/2023/CVE-2023-1851.json @@ -74,7 +74,7 @@ ], "title": "nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local", "x_generator": { - "engine": "bippy-92010c6125e9" + "engine": "bippy-6c271b337ce5" } } }, diff --git a/cve/reserved/2023/CVE-2023-21657 b/cve/published/2023/CVE-2023-21657 index e69de29b..e69de29b 100644 --- a/cve/reserved/2023/CVE-2023-21657 +++ b/cve/published/2023/CVE-2023-21657 diff --git a/cve/published/2023/CVE-2023-21657.json b/cve/published/2023/CVE-2023-21657.json new file mode 100644 index 00000000..d4371727 --- /dev/null +++ b/cve/published/2023/CVE-2023-21657.json @@ -0,0 +1,84 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "kvm: initialize all of the kvm_debugregs structure before sending it to userspace\n\nWhen calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there\nmight be some unitialized portions of the kvm_debugregs structure that\ncould be copied to userspace. Prevent this as is done in the other kvm\nioctls, by setting the whole structure to 0 before copying anything into\nit.\n\nBonus is that this reduces the lines of code as the explicit flag\nsetting and reserved space zeroing out can be removed." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "versions": [ + { + "version": "0", + "lessThan": "4.14.306", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "4.19.273", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.4.232", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.10.169", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.15.95", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "6.1.13", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "6.2", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/torvalds/c/2c10b61421a28e95a46ab489fd56c0f442ff6952" + } + ], + "title": "kvm: initialize all of the kvm_debugregs structure before sending it to userspace", + "x_generator": { + "engine": "bippy-6c271b337ce5" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2023-21657", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2023/CVE-2023-21657.mbox b/cve/published/2023/CVE-2023-21657.mbox new file mode 100644 index 00000000..bb50bfc8 --- /dev/null +++ b/cve/published/2023/CVE-2023-21657.mbox @@ -0,0 +1,45 @@ +From: Linux Kernel CVE team <cve@kernel.org> +Subject: CVE-2023-21657: kvm: initialize all of the kvm_debugregs structure before sending it to userspace + +Description +=========== + +kvm: initialize all of the kvm_debugregs structure before sending it to userspace + +When calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there +might be some unitialized portions of the kvm_debugregs structure that +could be copied to userspace. Prevent this as is done in the other kvm +ioctls, by setting the whole structure to 0 before copying anything into +it. + +Bonus is that this reduces the lines of code as the explicit flag +setting and reserved space zeroing out can be removed. + +The Linux kernel CVE team has assigned CVE-2023-21657 to this issue. + + +Mitigation +========== + +The individual change to resolve this issue can be found at: + https://git.kernel.org/torvalds/c/2c10b61421a28e95a46ab489fd56c0f442ff6952 + + +Affected versions +================= + Fixed in 4.14.306 + Fixed in 4.19.273 + Fixed in 5.4.232 + Fixed in 5.10.169 + Fixed in 5.15.95 + Fixed in 6.1.13 + Fixed in 6.2 + + +Recomendation +============= +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are not tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. diff --git a/cve/published/2023/CVE-2023-21657.sha1 b/cve/published/2023/CVE-2023-21657.sha1 new file mode 100644 index 00000000..e69c5574 --- /dev/null +++ b/cve/published/2023/CVE-2023-21657.sha1 @@ -0,0 +1 @@ +2c10b61421a28e95a46ab489fd56c0f442ff6952 diff --git a/cve/reserved/2023/CVE-2023-21658 b/cve/published/2023/CVE-2023-21658 index e69de29b..e69de29b 100644 --- a/cve/reserved/2023/CVE-2023-21658 +++ b/cve/published/2023/CVE-2023-21658 diff --git a/cve/published/2023/CVE-2023-21658.json b/cve/published/2023/CVE-2023-21658.json new file mode 100644 index 00000000..dd3de251 --- /dev/null +++ b/cve/published/2023/CVE-2023-21658.json @@ -0,0 +1,90 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "memstick: fix memory leak if card device is never registered\n\nWhen calling dev_set_name() memory is allocated for the name for the\nstruct device. Once that structure device is registered, or attempted\nto be registerd, with the driver core, the driver core will handle\ncleaning up that memory when the device is removed from the system.\n\nUnfortunatly for the memstick code, there is an error path that causes\nthe struct device to never be registered, and so the memory allocated in\ndev_set_name will be leaked. Fix that leak by manually freeing it right\nbefore the memory for the device is freed." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "versions": [ + { + "version": "2.6.29", + "lessThan": "4.14.314", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "4.19.282", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "5.4.242", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "5.10.179", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "5.15.109", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "6.1.26", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "6.2.13", + "status": "affected", + "versionType": "custom" + }, + { + "version": "2.6.29", + "lessThan": "6.3", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/torvalds/c/4b6d621c9d859ff89e68cebf6178652592676013" + } + ], + "title": "memstick: fix memory leak if card device is never registered", + "x_generator": { + "engine": "bippy-6c271b337ce5" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2023-21658", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2023/CVE-2023-21658.mbox b/cve/published/2023/CVE-2023-21658.mbox new file mode 100644 index 00000000..1fc45a8b --- /dev/null +++ b/cve/published/2023/CVE-2023-21658.mbox @@ -0,0 +1,47 @@ +From: Linux Kernel CVE team <cve@kernel.org> +Subject: CVE-2023-21658: memstick: fix memory leak if card device is never registered + +Description +=========== + +memstick: fix memory leak if card device is never registered + +When calling dev_set_name() memory is allocated for the name for the +struct device. Once that structure device is registered, or attempted +to be registerd, with the driver core, the driver core will handle +cleaning up that memory when the device is removed from the system. + +Unfortunatly for the memstick code, there is an error path that causes +the struct device to never be registered, and so the memory allocated in +dev_set_name will be leaked. Fix that leak by manually freeing it right +before the memory for the device is freed. + +The Linux kernel CVE team has assigned CVE-2023-21658 to this issue. + + +Mitigation +========== + +The individual change to resolve this issue can be found at: + https://git.kernel.org/torvalds/c/4b6d621c9d859ff89e68cebf6178652592676013 + + +Affected versions +================= + Issue introduced in 2.6.29 and fixed in 4.14.314 + Issue introduced in 2.6.29 and fixed in 4.19.282 + Issue introduced in 2.6.29 and fixed in 5.4.242 + Issue introduced in 2.6.29 and fixed in 5.10.179 + Issue introduced in 2.6.29 and fixed in 5.15.109 + Issue introduced in 2.6.29 and fixed in 6.1.26 + Issue introduced in 2.6.29 and fixed in 6.2.13 + Issue introduced in 2.6.29 and fixed in 6.3 + + +Recomendation +============= +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are not tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. diff --git a/cve/published/2023/CVE-2023-21658.sha1 b/cve/published/2023/CVE-2023-21658.sha1 new file mode 100644 index 00000000..65c2cf6d --- /dev/null +++ b/cve/published/2023/CVE-2023-21658.sha1 @@ -0,0 +1 @@ +4b6d621c9d859ff89e68cebf6178652592676013 diff --git a/cve/reserved/2023/CVE-2023-21659 b/cve/published/2023/CVE-2023-21659 index e69de29b..e69de29b 100644 --- a/cve/reserved/2023/CVE-2023-21659 +++ b/cve/published/2023/CVE-2023-21659 diff --git a/cve/published/2023/CVE-2023-21659.json b/cve/published/2023/CVE-2023-21659.json new file mode 100644 index 00000000..a03fe436 --- /dev/null +++ b/cve/published/2023/CVE-2023-21659.json @@ -0,0 +1,48 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "fs: sysfs_emit_at: Remove PAGE_SIZE alignment check\n\n\n[No upstream commit because this fixes a bug in a backport.]\n\nBefore upstream commit 59bb47985c1d (\"mm, sl[aou]b: guarantee natural\nalignment for kmalloc(power-of-two)\") which went into v5.4, kmalloc did\n*not* always guarantee that PAGE_SIZE allocations are PAGE_SIZE-aligned.\n\nUpstream commit 2efc459d06f1 (\"sysfs: Add sysfs_emit and sysfs_emit_at\nto format sysfs output\") added two WARN()s that trigger when PAGE_SIZE\nallocations are not PAGE_SIZE-aligned. This was backported to old\nkernels that don't guarantee PAGE_SIZE alignment.\n\nCommit 10ddfb495232 (\"fs: sysfs_emit: Remove PAGE_SIZE alignment check\")\nin 4.19.y, and its equivalent in 4.14.y and 4.9.y, tried to fix this\nbug. However, only it handled sysfs_emit(), not sysfs_emit_at().\n\nFix it in sysfs_emit_at() too.\n\nA reproducer is to build the kernel with the following options:\n\n\tCONFIG_SLUB=y\n\tCONFIG_SLUB_DEBUG=y\n\tCONFIG_SLUB_DEBUG_ON=y\n\tCONFIG_PM=y\n\tCONFIG_SUSPEND=y\n\tCONFIG_PM_WAKELOCKS=y\n\nThen run:\n\n\techo foo > /sys/power/wake_lock && cat /sys/power/wake_lock" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "versions": [ + { + "version": "0", + "lessThan": "4.19.279", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/torvalds/c/2a8664583d4d3655cfe5d36cf03f56b11530b69b" + } + ], + "title": "fs: sysfs_emit_at: Remove PAGE_SIZE alignment check", + "x_generator": { + "engine": "bippy-6c271b337ce5" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2023-21659", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2023/CVE-2023-21659.mbox b/cve/published/2023/CVE-2023-21659.mbox new file mode 100644 index 00000000..5e8b69ef --- /dev/null +++ b/cve/published/2023/CVE-2023-21659.mbox @@ -0,0 +1,61 @@ +From: Linux Kernel CVE team <cve@kernel.org> +Subject: CVE-2023-21659: fs: sysfs_emit_at: Remove PAGE_SIZE alignment check + +Description +=========== + +fs: sysfs_emit_at: Remove PAGE_SIZE alignment check + + +[No upstream commit because this fixes a bug in a backport.] + +Before upstream commit 59bb47985c1d ("mm, sl[aou]b: guarantee natural +alignment for kmalloc(power-of-two)") which went into v5.4, kmalloc did +*not* always guarantee that PAGE_SIZE allocations are PAGE_SIZE-aligned. + +Upstream commit 2efc459d06f1 ("sysfs: Add sysfs_emit and sysfs_emit_at +to format sysfs output") added two WARN()s that trigger when PAGE_SIZE +allocations are not PAGE_SIZE-aligned. This was backported to old +kernels that don't guarantee PAGE_SIZE alignment. + +Commit 10ddfb495232 ("fs: sysfs_emit: Remove PAGE_SIZE alignment check") +in 4.19.y, and its equivalent in 4.14.y and 4.9.y, tried to fix this +bug. However, only it handled sysfs_emit(), not sysfs_emit_at(). + +Fix it in sysfs_emit_at() too. + +A reproducer is to build the kernel with the following options: + + CONFIG_SLUB=y + CONFIG_SLUB_DEBUG=y + CONFIG_SLUB_DEBUG_ON=y + CONFIG_PM=y + CONFIG_SUSPEND=y + CONFIG_PM_WAKELOCKS=y + +Then run: + + echo foo > /sys/power/wake_lock && cat /sys/power/wake_lock + +The Linux kernel CVE team has assigned CVE-2023-21659 to this issue. + + +Mitigation +========== + +The individual change to resolve this issue can be found at: + https://git.kernel.org/torvalds/c/2a8664583d4d3655cfe5d36cf03f56b11530b69b + + +Affected versions +================= + Fixed in 4.19.279 + + +Recomendation +============= +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are not tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. diff --git a/cve/published/2023/CVE-2023-21659.sha1 b/cve/published/2023/CVE-2023-21659.sha1 new file mode 100644 index 00000000..63852f18 --- /dev/null +++ b/cve/published/2023/CVE-2023-21659.sha1 @@ -0,0 +1 @@ +2a8664583d4d3655cfe5d36cf03f56b11530b69b diff --git a/cve/published/2024/CVE-2024-0052.json b/cve/published/2024/CVE-2024-0052.json index 1505a17b..b7e285e5 100644 --- a/cve/published/2024/CVE-2024-0052.json +++ b/cve/published/2024/CVE-2024-0052.json @@ -38,7 +38,7 @@ ], "title": "mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval", "x_generator": { - "engine": "bippy-92010c6125e9" + "engine": "bippy-6c271b337ce5" } } }, diff --git a/cve/reserved/2024/CVE-2024-20607 b/cve/published/2024/CVE-2024-20607 index a158f8a3..a158f8a3 100644 --- a/cve/reserved/2024/CVE-2024-20607 +++ b/cve/published/2024/CVE-2024-20607 diff --git a/cve/published/2024/CVE-2024-20607.json b/cve/published/2024/CVE-2024-20607.json new file mode 100644 index 00000000..99f939d4 --- /dev/null +++ b/cve/published/2024/CVE-2024-20607.json @@ -0,0 +1,54 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "pds_core: Prevent health thread from running during reset/remove\n\nThe PCIe reset handlers can run at the same time as the\nhealth thread. This can cause the health thread to\nstomp on the PCIe reset. Fix this by preventing the\nhealth thread from running while a PCIe reset is happening.\n\nAs part of this use timer_shutdown_sync() during reset and\nremove to make sure the timer doesn't ever get rearmed." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "versions": [ + { + "version": "6.7", + "lessThan": "6.6.16", + "status": "affected", + "versionType": "custom" + }, + { + "version": "6.7", + "lessThan": "6.7.4", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/torvalds/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8" + } + ], + "title": "pds_core: Prevent health thread from running during reset/remove", + "x_generator": { + "engine": "bippy-6c271b337ce5" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-20607", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-20607.mbox b/cve/published/2024/CVE-2024-20607.mbox new file mode 100644 index 00000000..7b50b361 --- /dev/null +++ b/cve/published/2024/CVE-2024-20607.mbox @@ -0,0 +1,39 @@ +From: Linux Kernel CVE team <cve@kernel.org> +Subject: CVE-2024-20607: pds_core: Prevent health thread from running during reset/remove + +Description +=========== + +pds_core: Prevent health thread from running during reset/remove + +The PCIe reset handlers can run at the same time as the +health thread. This can cause the health thread to +stomp on the PCIe reset. Fix this by preventing the +health thread from running while a PCIe reset is happening. + +As part of this use timer_shutdown_sync() during reset and +remove to make sure the timer doesn't ever get rearmed. + +The Linux kernel CVE team has assigned CVE-2024-20607 to this issue. + + +Mitigation +========== + +The individual change to resolve this issue can be found at: + https://git.kernel.org/torvalds/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8 + + +Affected versions +================= + Issue introduced in 6.7 and fixed in 6.6.16 + Issue introduced in 6.7 and fixed in 6.7.4 + + +Recomendation +============= +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are not tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. diff --git a/cve/published/2024/CVE-2024-20607.sha1 b/cve/published/2024/CVE-2024-20607.sha1 new file mode 100644 index 00000000..d8c25e97 --- /dev/null +++ b/cve/published/2024/CVE-2024-20607.sha1 @@ -0,0 +1 @@ +d9407ff11809c6812bb84fe7be9c1367d758e5c8 |