Skip to content

Commit

Permalink
Advisory Database Sync
Browse files Browse the repository at this point in the history
  • Loading branch information
@advisory-database
advisory-database[bot] committed Dec 28, 2024
1 parent d0a25b9 commit 8bc95a7
Show file tree
Hide file tree
Showing 33 changed files with 1,493 additions and 0 deletions.
49 changes: 49 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-2c9f-4h7m-wqr9/GHSA-2c9f-4h7m-wqr9.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2c9f-4h7m-wqr9",
"modified": "2024-12-28T12:30:48Z",
"published": "2024-12-28T12:30:48Z",
"aliases": [
"CVE-2024-56708"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Avoid segmentation fault on module unload\n\nThe segmentation fault happens because:\n\nDuring modprobe:\n1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()\n2. In igen6_register_mci(), mci->pvt_info will point to\n &igen6_pvt->imc[mc]\n\nDuring rmmod:\n1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)\n2. In igen6_remove(), it will kfree(igen6_pvt);\n\nFix this issue by setting mci->pvt_info to NULL to avoid the double\nkfree.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56708"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:20Z"
}
}
61 changes: 61 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-2hfg-4m2j-678g/GHSA-2hfg-4m2j-678g.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2hfg-4m2j-678g",
"modified": "2024-12-28T12:30:48Z",
"published": "2024-12-28T12:30:47Z",
"aliases": [
"CVE-2024-56700"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: wl128x: Fix atomicity violation in fmc_send_cmd()\n\nAtomicity violation occurs when the fmc_send_cmd() function is executed\nsimultaneously with the modification of the fmdev->resp_skb value.\nConsider a scenario where, after passing the validity check within the\nfunction, a non-null fmdev->resp_skb variable is assigned a null value.\nThis results in an invalid fmdev->resp_skb variable passing the validity\ncheck. As seen in the later part of the function, skb = fmdev->resp_skb;\nwhen the invalid fmdev->resp_skb passes the check, a null pointer\ndereference error may occur at line 478, evt_hdr = (void *)skb->data;\n\nTo address this issue, it is recommended to include the validity check of\nfmdev->resp_skb within the locked section of the function. This\nmodification ensures that the value of fmdev->resp_skb does not change\nduring the validation process, thereby maintaining its validity.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by our team. This tool analyzes the locking APIs\nto extract function pairs that can be concurrently executed, and then\nanalyzes the instructions in the paired functions to identify possible\nconcurrency bugs including data races and atomicity violations.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56700"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:17Z"
}
}
49 changes: 49 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-3gw3-c8c8-m6m2/GHSA-3gw3-c8c8-m6m2.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3gw3-c8c8-m6m2",
"modified": "2024-12-28T12:30:47Z",
"published": "2024-12-28T12:30:47Z",
"aliases": [
"CVE-2024-56679"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56679"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b88b202cf1ae79159a94fff9500f9be31559235"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52c63a6a27d3178fab533fcfb4baa2ed5b8608a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/785c6758ea32aca73ba9331f7d902f7ce9a25757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9265b6ee754226f61bd122ec57141a781d4e0dcb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4d5139d280f5837f16d116614c05c2b4eeaf28f"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:09Z"
}
}
37 changes: 37 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-4pr7-h3p8-c732/GHSA-4pr7-h3p8-c732.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4pr7-h3p8-c732",
"modified": "2024-12-28T12:30:47Z",
"published": "2024-12-28T12:30:47Z",
"aliases": [
"CVE-2024-56699"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix potential double remove of hotplug slot\n\nIn commit 6ee600bfbe0f (\"s390/pci: remove hotplug slot when releasing the\ndevice\") the zpci_exit_slot() was moved from zpci_device_reserved() to\nzpci_release_device() with the intention of keeping the hotplug slot\naround until the device is actually removed.\n\nNow zpci_release_device() is only called once all references are\ndropped. Since the zPCI subsystem only drops its reference once the\ndevice is in the reserved state it follows that zpci_release_device()\nmust only deal with devices in the reserved state. Despite that it\ncontains code to tear down from both configured and standby state. For\nthe standby case this already includes the removal of the hotplug slot\nso would cause a double removal if a device was ever removed in\neither configured or standby state.\n\nInstead of causing a potential double removal in a case that should\nnever happen explicitly WARN_ON() if a device in non-reserved state is\nreleased and get rid of the dead code cases.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56699"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/371bd905599d18da62d75e3974acbf6a41e315c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1489651071ab1be46d2af1da8adb15c9fc3c069"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4a585e952ca403a370586d3f16e8331a7564901"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:17Z"
}
}
41 changes: 41 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-4rq6-qv3v-654p/GHSA-4rq6-qv3v-654p.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4rq6-qv3v-654p",
"modified": "2024-12-28T12:30:47Z",
"published": "2024-12-28T12:30:47Z",
"aliases": [
"CVE-2024-56686"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race in buffer_head read fault injection\n\nWhen I enabled ext4 debug for fault injection testing, I encountered the\nfollowing warning:\n\n EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:\n Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051\n WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0\n\nThe root cause of the issue lies in the improper implementation of ext4's\nbuffer_head read fault injection. The actual completion of buffer_head\nread and the buffer_head fault injection are not atomic, which can lead\nto the uptodate flag being cleared on normally used buffer_heads in race\nconditions.\n\n[CPU0] [CPU1] [CPU2]\next4_read_inode_bitmap\n ext4_read_bh()\n <bh read complete>\n ext4_read_inode_bitmap\n if (buffer_uptodate(bh))\n return bh\n jbd2_journal_commit_transaction\n __jbd2_journal_refile_buffer\n __jbd2_journal_unfile_buffer\n __jbd2_journal_temp_unlink_buffer\n ext4_simulate_fail_bh()\n clear_buffer_uptodate\n mark_buffer_dirty\n <report warning>\n WARN_ON_ONCE(!buffer_uptodate(bh))\n\nThe best approach would be to perform fault injection in the IO completion\ncallback function, rather than after IO completion. However, the IO\ncompletion callback function cannot get the fault injection code in sb.\n\nFix it by passing the result of fault injection into the bh read function,\nwe simulate faults within the bh read function itself. This requires adding\nan extra parameter to the bh read functions that need fault injection.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56686"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:11Z"
}
}
61 changes: 61 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-4w8p-fpvp-22x8/GHSA-4w8p-fpvp-22x8.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4w8p-fpvp-22x8",
"modified": "2024-12-28T12:30:47Z",
"published": "2024-12-28T12:30:47Z",
"aliases": [
"CVE-2024-56690"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56690"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:13Z"
}
}
37 changes: 37 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-54qc-m2ph-jw4r/GHSA-54qc-m2ph-jw4r.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{
"schema_version": "1.4.0",
"id": "GHSA-54qc-m2ph-jw4r",
"modified": "2024-12-28T12:30:47Z",
"published": "2024-12-28T12:30:47Z",
"aliases": [
"CVE-2024-56685"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Check num_codecs is not zero to avoid panic during probe\n\nFollowing commit 13f58267cda3 (\"ASoC: soc.h: don't create dummy\nComponent via COMP_DUMMY()\"), COMP_DUMMY() became an array with zero\nlength, and only gets populated with the dummy struct after the card is\nregistered. Since the sound card driver's probe happens before the card\nregistration, accessing any of the members of a dummy component during\nprobe will result in undefined behavior.\n\nThis can be observed in the mt8188 and mt8195 machine sound drivers. By\nomitting a dai link subnode in the sound card's node in the Devicetree,\nthe default uninitialized dummy codec is used, and when its dai_name\npointer gets passed to strcmp() it results in a null pointer dereference\nand a kernel panic.\n\nIn addition to that, set_card_codec_info() in the generic helpers file,\nmtk-soundcard-driver.c, will populate a dai link with a dummy codec when\na dai link node is present in DT but with no codec property.\n\nThe result is that at probe time, a dummy codec can either be\nuninitialized with num_codecs = 0, or be an initialized dummy codec,\nwith num_codecs = 1 and dai_name = \"snd-soc-dummy-dai\". In order to\naccommodate for both situations, check that num_codecs is not zero\nbefore accessing the codecs' fields but still check for the codec's dai\nname against \"snd-soc-dummy-dai\" as needed.\n\nWhile at it, also drop the check that dai_name is not null in the mt8192\ndriver, introduced in commit 4d4e1b6319e5 (\"ASoC: mediatek: mt8192:\nCheck existence of dai_name before dereferencing\"), as it is actually\nredundant given the preceding num_codecs != 0 check.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56685"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f2020327cc8561d7c520d2f2d9acea84fa7b3a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/376f4800f34a28def026ff5c5d4fc5e54e1744ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/550279449ff54c5aa28cfca5c567308cbfb145f0"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:11Z"
}
}
Loading

0 comments on commit 8bc95a7

Please sign in to comment.