diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-21 11:45:36 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-21 11:45:36 +0100 |
commit | 77594979b5e2bf1473741d8c1e566f9e56b4bd47 (patch) | |
tree | f54f8e16a05defb15132610813f85facde11f0ec | |
parent | 2fb11c7020b71df27407f74bea989035b0435e8a (diff) | |
download | vulns-77594979b5e2bf1473741d8c1e566f9e56b4bd47.tar.gz |
some CVEs published as requested
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | cve/published/2023/CVE-2023-52620 (renamed from cve/reserved/2023/CVE-2023-52620) | 0 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-52620.json | 93 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-52620.mbox | 66 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-52620.sha1 | 1 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26642 (renamed from cve/reserved/2024/CVE-2024-26642) | 0 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26642.json | 73 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26642.mbox | 63 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26642.sha1 | 1 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26643 (renamed from cve/reserved/2024/CVE-2024-26643) | 0 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26643.json | 73 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26643.mbox | 77 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26643.sha1 | 1 |
12 files changed, 448 insertions, 0 deletions
diff --git a/cve/reserved/2023/CVE-2023-52620 b/cve/published/2023/CVE-2023-52620 index e69de29b..e69de29b 100644 --- a/cve/reserved/2023/CVE-2023-52620 +++ b/cve/published/2023/CVE-2023-52620 diff --git a/cve/published/2023/CVE-2023-52620.json b/cve/published/2023/CVE-2023-52620.json new file mode 100644 index 00000000..ea37d856 --- /dev/null +++ b/cve/published/2023/CVE-2023-52620.json @@ -0,0 +1,93 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "1da177e4c3f4", + "lessThan": "00b19ee0dcc1", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "b7be6c737a17", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "e26d3009efda", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.15.151", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.81", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.4", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e" + }, + { + "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b" + }, + { + "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab" + } + ], + "title": "netfilter: nf_tables: disallow timeout for anonymous sets", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2023-52620", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2023/CVE-2023-52620.mbox b/cve/published/2023/CVE-2023-52620.mbox new file mode 100644 index 00000000..66562cbe --- /dev/null +++ b/cve/published/2023/CVE-2023-52620.mbox @@ -0,0 +1,66 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2023-52620: netfilter: nf_tables: disallow timeout for anonymous sets +Message-Id: <2024032147-CVE-2023-52620-11a9@gregkh> +Content-Length: 1672 +Lines: 49 +X-Developer-Signature: v=1; a=openpgp-sha256; l=1722; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=QnpSgSVVqr+Orp0h3E3vHGER1zSmO/2tGKhrE9a7h2c=; + b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+FMYk2OmiDstdsz+/eClEOP3Lfx8O27/6TlvGZpX7 + KwW1f6qI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACaSfp5hnvGL7Tv81e9UrJok + p658jF1ZoOjtBoYFXfdWq8wXZCqcPO+B5bFr+3SXnvooCQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +netfilter: nf_tables: disallow timeout for anonymous sets + +Never used from userspace, disallow these parameters. + +The Linux kernel CVE team has assigned CVE-2023-52620 to this issue. + + +Affected and fixed versions +=========================== + + Fixed in 5.15.151 with commit 00b19ee0dcc1 + Fixed in 6.1.81 with commit b7be6c737a17 + Fixed in 6.4 with commit e26d3009efda + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2023-52620 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nf_tables_api.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e + https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b + https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab diff --git a/cve/published/2023/CVE-2023-52620.sha1 b/cve/published/2023/CVE-2023-52620.sha1 new file mode 100644 index 00000000..e8396de2 --- /dev/null +++ b/cve/published/2023/CVE-2023-52620.sha1 @@ -0,0 +1 @@ +e26d3009efda338f19016df4175f354a9bd0a4ab diff --git a/cve/reserved/2024/CVE-2024-26642 b/cve/published/2024/CVE-2024-26642 index e69de29b..e69de29b 100644 --- a/cve/reserved/2024/CVE-2024-26642 +++ b/cve/published/2024/CVE-2024-26642 diff --git a/cve/published/2024/CVE-2024-26642.json b/cve/published/2024/CVE-2024-26642.json new file mode 100644 index 00000000..9a533e80 --- /dev/null +++ b/cve/published/2024/CVE-2024-26642.json @@ -0,0 +1,73 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "761da2935d6e", + "lessThan": "16603605b667", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.1", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.1", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1" + } + ], + "title": "netfilter: nf_tables: disallow anonymous set with timeout flag", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-26642", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-26642.mbox b/cve/published/2024/CVE-2024-26642.mbox new file mode 100644 index 00000000..974ac54e --- /dev/null +++ b/cve/published/2024/CVE-2024-26642.mbox @@ -0,0 +1,63 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2024-26642: netfilter: nf_tables: disallow anonymous set with timeout flag +Message-Id: <2024032150-CVE-2024-26642-3549@gregkh> +Content-Length: 1589 +Lines: 46 +X-Developer-Signature: v=1; a=openpgp-sha256; l=1636; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=j+7KmxAjGaKj6VQuNJURqHuROnpQxkNuJ3Cbt0QS7l4=; + b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+NOmRq95I/VnfaP40kaxTBu1pUZxLv0vZtr838pUv + 0N5scT6jlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZiIrBPDfF/HIkl+QbHnF5bu + mnrZOaVOdHHJHoYF0xwFzqvNEr3he89cvlp2ruCEzwtkAQ== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +netfilter: nf_tables: disallow anonymous set with timeout flag + +Anonymous sets are never used with timeout from userspace, reject this. +Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. + +The Linux kernel CVE team has assigned CVE-2024-26642 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.8 with commit 16603605b667 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2024-26642 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nf_tables_api.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1 diff --git a/cve/published/2024/CVE-2024-26642.sha1 b/cve/published/2024/CVE-2024-26642.sha1 new file mode 100644 index 00000000..b72528f4 --- /dev/null +++ b/cve/published/2024/CVE-2024-26642.sha1 @@ -0,0 +1 @@ +16603605b667b70da974bea8216c93e7db043bf1 diff --git a/cve/reserved/2024/CVE-2024-26643 b/cve/published/2024/CVE-2024-26643 index e69de29b..e69de29b 100644 --- a/cve/reserved/2024/CVE-2024-26643 +++ b/cve/published/2024/CVE-2024-26643 diff --git a/cve/published/2024/CVE-2024-26643.json b/cve/published/2024/CVE-2024-26643.json new file mode 100644 index 00000000..5ece75ed --- /dev/null +++ b/cve/published/2024/CVE-2024-26643.json @@ -0,0 +1,73 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5f68718b34a5", + "lessThan": "552705a3650b", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36" + } + ], + "title": "netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-26643", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-26643.mbox b/cve/published/2024/CVE-2024-26643.mbox new file mode 100644 index 00000000..b4bb451f --- /dev/null +++ b/cve/published/2024/CVE-2024-26643.mbox @@ -0,0 +1,77 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2024-26643: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout +Message-Id: <2024032150-CVE-2024-26643-4f9d@gregkh> +Content-Length: 2176 +Lines: 60 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2237; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=LZ7KSzv0gEaheJiU66c2JAGeF9vBkfTSiFAaWWmzdb8=; + b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+NMkZ91qYujzjeL3eWeYHGJqEu/j9lu6/+q+vWGbh + RK2BXd0xLIwCDIxyIopsnzZxnN0f8UhRS9D29Mwc1iZQIYwcHEKwEQcuhgWLOAtZDb9OedYBats + csniKf+Tz0s+YljQdEskzE7ugP6lhvc61/9GZHWtXjcJAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout + +While the rhashtable set gc runs asynchronously, a race allows it to +collect elements from anonymous sets with timeouts while it is being +released from the commit path. + +Mingi Cho originally reported this issue in a different path in 6.1.x +with a pipapo set with low timeouts which is not possible upstream since +7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set +element timeout"). + +Fix this by setting on the dead flag for anonymous sets to skip async gc +in this case. + +According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on +transaction abort"), Florian plans to accelerate abort path by releasing +objects via workqueue, therefore, this sets on the dead flag for abort +path too. + +The Linux kernel CVE team has assigned CVE-2024-26643 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.8 with commit 552705a3650b + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2024-26643 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nf_tables_api.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36 diff --git a/cve/published/2024/CVE-2024-26643.sha1 b/cve/published/2024/CVE-2024-26643.sha1 new file mode 100644 index 00000000..a08e0fda --- /dev/null +++ b/cve/published/2024/CVE-2024-26643.sha1 @@ -0,0 +1 @@ +552705a3650bbf46a22b1adedc1b04181490fc36 |