pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5472b7d22
vuln-list-alt/oval/p10/ALT-PU-2024-15824/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

979 lines
87 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415824",
"Version": "oval:org.altlinux.errata:def:202415824",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15824: package `kernel-image-rt` update to version 5.10.226-alt1.rt118",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15824",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15824",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-08074",
"RefURL": "https://bdu.fstec.ru/vul/2024-08074",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08077",
"RefURL": "https://bdu.fstec.ru/vul/2024-08077",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08083",
"RefURL": "https://bdu.fstec.ru/vul/2024-08083",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08084",
"RefURL": "https://bdu.fstec.ru/vul/2024-08084",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08085",
"RefURL": "https://bdu.fstec.ru/vul/2024-08085",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08087",
"RefURL": "https://bdu.fstec.ru/vul/2024-08087",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08128",
"RefURL": "https://bdu.fstec.ru/vul/2024-08128",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08131",
"RefURL": "https://bdu.fstec.ru/vul/2024-08131",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08133",
"RefURL": "https://bdu.fstec.ru/vul/2024-08133",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08135",
"RefURL": "https://bdu.fstec.ru/vul/2024-08135",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08139",
"RefURL": "https://bdu.fstec.ru/vul/2024-08139",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08162",
"RefURL": "https://bdu.fstec.ru/vul/2024-08162",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08184",
"RefURL": "https://bdu.fstec.ru/vul/2024-08184",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08186",
"RefURL": "https://bdu.fstec.ru/vul/2024-08186",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08189",
"RefURL": "https://bdu.fstec.ru/vul/2024-08189",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08231",
"RefURL": "https://bdu.fstec.ru/vul/2024-08231",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08234",
"RefURL": "https://bdu.fstec.ru/vul/2024-08234",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08235",
"RefURL": "https://bdu.fstec.ru/vul/2024-08235",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08328",
"RefURL": "https://bdu.fstec.ru/vul/2024-08328",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08525",
"RefURL": "https://bdu.fstec.ru/vul/2024-08525",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08528",
"RefURL": "https://bdu.fstec.ru/vul/2024-08528",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08529",
"RefURL": "https://bdu.fstec.ru/vul/2024-08529",
"Source": "BDU"
},
{
"RefID": "BDU:2024-08984",
"RefURL": "https://bdu.fstec.ru/vul/2024-08984",
"Source": "BDU"
},
{
"RefID": "CVE-2024-46714",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46714",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46719",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46719",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46721",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46721",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46722",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46723",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46723",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46724",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46724",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46725",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46725",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46731",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46731",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46737",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46737",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46738",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46738",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46739",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46739",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46740",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46740",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46743",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46743",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46744",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46744",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46747",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46747",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46750",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46750",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46755",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46755",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46756",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46756",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46757",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46757",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46758",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46758",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46759",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46759",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46761",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46761",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46763",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46781",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46781",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46782",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46782",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46791",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46791",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46798",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46798",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46800",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46800",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46804",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46804",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46814",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46814",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46818",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46818",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46819",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46819",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46822",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46822",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46829",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46829",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46832",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46832",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46840",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46840",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46844",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46844",
"Source": "CVE"
},
{
"RefID": "CVE-2024-47659",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47659",
"Source": "CVE"
},
{
"RefID": "CVE-2024-47660",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47660",
"Source": "CVE"
},
{
"RefID": "CVE-2024-47663",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47663",
"Source": "CVE"
},
{
"RefID": "CVE-2024-47667",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47667",
"Source": "CVE"
},
{
"RefID": "CVE-2024-47668",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47668",
"Source": "CVE"
},
{
"RefID": "CVE-2024-47669",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47669",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-rt to version 5.10.226-alt1.rt118. \nSecurity Fix(es):\n\n * BDU:2024-08074: Уязвимость функций tcrit1_store() и tcrit2_store() драйвера hwmon ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08077: Уязвимость функции ila_xlat_exit_net() реализации Identifier Locator Addressing (ILA) протокола IPv6 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08083: Уязвимость функции vmci_resource_remove() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08084: Уязвимость функции of_irq_parse_one() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2024-08085: Уязвимость функции adc128_in_store() драйвера hwmon ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08087: Уязвимость функции amdgpu_ring_init() драйвера amdgpu ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08128: Уязвимость функции store_temp_offset() драйвера hwmon ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08131: Уязвимость функций DIV_ROUND_CLOSEST() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08133: Уязвимость функции amdgpu_cgs_get_firmware_info() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2024-08135: Уязвимость функции df_v1_7_get_hbm_channel_number() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08139: Уязвимость функции snd_pcm_suspend_all() компонента dapm ядра операционной системы Linux, позволяющая нарушителю повысить привилегии в системе\n\n * BDU:2024-08162: Уязвимость функции cougar_report_fixup() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2024-08184: Уязвимость функции binder_transaction() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08186: Уязвимость функции netem_dequeue() подсистемы управления трафиком net/sched ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08189: Уязвимость компонента mcp251x ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-08231: Уязвимость функции squashfs_read_inode() файловой системы squashfs ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08234: Уязвимость функции setup_one_line() ядра операционной системы Linux в режиме User-mode-Linux (UML), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08235: Уязвимость функции atomctrl_retrieve_ac_timing() драйвера amdgpu ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2024-08328: Уязвимость функции amdgpu_atombios_init_mc_reg_table() драйвера amdgpu ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2024-08525: Уязвимость функций read() и write() драйвера amdpgu ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08528: Уязвимость функции hdmi_14_process_transaction() драйвера amdgpu ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08529: Уязвимость функции dal_gpio_service_lock() драйвера amdgpu ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-08984: Уязвимость функции smack_inet_conn_request() реализации протокола IPv4 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2024-46714: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.\n\n * CVE-2024-46719: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.\n\n * CVE-2024-46721: In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile-\u003eparent-\u003edents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent-\u003eold' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n \u003c/TASK\u003e\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---\n\n * CVE-2024-46722: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.\n\n * CVE-2024-46723: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.\n\n * CVE-2024-46724: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error\n\n * CVE-2024-46725: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning\n\n * CVE-2024-46731: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.\n\n * CVE-2024-46737: In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n nvmet: failed to install queue 0 cntlid 1 ret 6\n Unable to handle kernel NULL pointer dereference at\n virtual address 0000000000000008\n\nFix the bug by setting queue-\u003enr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.\n\n * CVE-2024-46738: In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().\n\n * CVE-2024-46739: In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.\n\n * CVE-2024-46740: In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n _raw_spin_lock+0xe4/0x19c\n binder_free_buf+0x128/0x434\n binder_thread_write+0x8a4/0x3260\n binder_ioctl+0x18f0/0x258c\n [...]\n\n Allocated by task 743:\n __kmalloc_cache_noprof+0x110/0x270\n binder_new_node+0x50/0x700\n binder_transaction+0x413c/0x6da8\n binder_thread_write+0x978/0x3260\n binder_ioctl+0x18f0/0x258c\n [...]\n\n Freed by task 745:\n kfree+0xbc/0x208\n binder_thread_read+0x1c5c/0x37d4\n binder_ioctl+0x16d8/0x258c\n [...]\n ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.\n\n * CVE-2024-46743: In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg=\"func of_irq_parse_* +p\"):\n\n OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n OF: intspec=4\n OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n OF: -\u003e addrsize=3\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1\n Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n Call trace:\n dump_backtrace+0xdc/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0x6c/0x84\n print_report+0x150/0x448\n kasan_report+0x98/0x140\n __asan_load4+0x78/0xa0\n of_irq_parse_raw+0x2b8/0x8d0\n of_irq_parse_one+0x24c/0x270\n parse_interrupts+0xc0/0x120\n of_fwnode_add_links+0x100/0x2d0\n fw_devlink_parse_fwtree+0x64/0xc0\n device_add+0xb38/0xc30\n of_device_add+0x64/0x90\n of_platform_device_create_pdata+0xd0/0x170\n of_platform_bus_create+0x244/0x600\n of_platform_notify+0x1b0/0x254\n blocking_notifier_call_chain+0x9c/0xd0\n __of_changeset_entry_notify+0x1b8/0x230\n __of_changeset_apply_notify+0x54/0xe4\n of_overlay_fdt_apply+0xc04/0xd94\n ...\n\n The buggy address belongs to the object at ffffff81beca5600\n which belongs to the cache kmalloc-128 of size 128\n The buggy address is located 8 bytes inside of\n 128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n The buggy address belongs to the physical page:\n page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n flags: 0x8000000000010200(slab|head|zone=2)\n raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n \u003effffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n ==================================================================\n OF: -\u003e got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.\n\n * CVE-2024-46744: In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a \"KMSAN: uninit-value in pick_link\" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n link from disk. This assigns the corrupted value\n 3875536935 to inode-\u003ei_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n this corrupted value to the length variable, which being a\n signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n the copied bytes is less than length, which being negative means\n the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.\n\n * CVE-2024-46747: In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it\n\n * CVE-2024-46750: In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x8c/0x190\n ? pci_bridge_secondary_bus_reset+0x5d/0x70\n ? report_bug+0x1f8/0x200\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? pci_bridge_secondary_bus_reset+0x5d/0x70\n pci_reset_bus+0x1d8/0x270\n vmd_probe+0x778/0xa10\n pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n bridge = pci_upstream_bridge(dev);\n if (bridge)\n pci_dev_lock(bridge);\n\nto pci_reset_function() for the \"bus\" and \"cxl_bus\" reset cases, add\npci_dev_lock() for @bus-\u003eself to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]\n\n * CVE-2024-46755: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack. Fix\nthis by returning only used priv pointers which have priv-\u003ebss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n ssid=\"somessid\"\n mode=2\n frequency=2412\n key_mgmt=WPA-PSK WPA-PSK-SHA256\n proto=RSN\n group=CCMP\n pairwise=CCMP\n psk=\"12345678\"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith \u003cctrl-c\u003e and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n| ESR = 0x0000000096000004\n| EC = 0x25: DABT (current EL), IL = 32 bits\n| SET = 0, FnV = 0\n| EA = 0, S1PTW = 0\n| FSC = 0x04: level 0 translation fault\n| Data abort info:\n| ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n| CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n| GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n| mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n| mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n| mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n| mwifiex_process_event+0x110/0x238 [mwifiex]\n| mwifiex_main_process+0x428/0xa44 [mwifiex]\n| mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n| process_sdio_pending_irqs+0x64/0x1b8\n| sdio_irq_work+0x4c/0x7c\n| process_one_work+0x148/0x2a0\n| worker_thread+0x2fc/0x40c\n| kthread+0x110/0x114\n| ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---\n\n * CVE-2024-46756: In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.\n\n * CVE-2024-46757: In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.\n\n * CVE-2024-46758: In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.\n\n * CVE-2024-46759: In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.\n\n * CVE-2024-46761: In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.\n\n * CVE-2024-46763: In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host. [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---\n\n * CVE-2024-46781: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.\n\n * CVE-2024-46782: In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---\n\n * CVE-2024-46791: In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0 CPU1\n---- ----\nmcp251x_open()\n mutex_lock(\u0026priv-\u003emcp_lock)\n request_threaded_irq()\n \u003cinterrupt\u003e\n mcp251x_can_ist()\n mutex_lock(\u0026priv-\u003emcp_lock)\n mcp251x_hw_wake()\n disable_irq() \u003c-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.\n\n * CVE-2024-46798: In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n - CONFIG_KASAN=y\n - CONFIG_KASAN_GENERIC=y\n - CONFIG_KASAN_INLINE=y\n - CONFIG_KASAN_VMALLOC=y\n - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[ 52.047785] Call trace:\n[ 52.047787] dump_backtrace+0x0/0x3c0\n[ 52.047794] show_stack+0x34/0x50\n[ 52.047797] dump_stack_lvl+0x68/0x8c\n[ 52.047802] print_address_description.constprop.0+0x74/0x2c0\n[ 52.047809] kasan_report+0x210/0x230\n[ 52.047815] __asan_report_load1_noabort+0x3c/0x50\n[ 52.047820] snd_pcm_suspend_all+0x1a8/0x270\n[ 52.047824] snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream-\u003eruntime' before\nmaking any access. So we need to always set 'substream-\u003eruntime' to NULL\neverytime we kfree() it.\n\n * CVE-2024-46800: In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent's\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 (\"netem: fix return value if duplicate enqueue\nfails\")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF\n\n * CVE-2024-46804: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.\n\n * CVE-2024-46814: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.\n\n * CVE-2024-46818: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.\n\n * CVE-2024-46819: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data\n\n * CVE-2024-46822: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL. This function would\nthen cause a NULL pointer dereference. Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.\n\n * CVE-2024-46829: In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n \tmassaged changelog, added Fixes tag ]\n\n * CVE-2024-46832: In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit's never used by clockevent core, as per comments it's only meant\nfor \"non CPU local devices\".\n\n * CVE-2024-46840: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption. Change that to return\n-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling. Also adjust the error message so we can\nactually do something with the information.\n\n * CVE-2024-46844: In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().\n\n * CVE-2024-47659: In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n with active Smack in the default state\n (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n (label 'foo' is instantiated at C at this moment)\n Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.\n\n * CVE-2024-47660: In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode-\u003ei_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.\n\n * CVE-2024-47663: In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout \u003e (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n * CVE-2024-47667: In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -\u003e https://www.ti.com/lit/er/sprz452i/sprz452i.pdf\n\n * CVE-2024-47668: In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.\n\n * CVE-2024-47669: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 (\"nilfs2: separate wait function from\nnilfs_segctor_write\") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared. This causes page cache operations to\nhang waiting for the writeback flag. For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that's\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the \"sc_dirty_files\"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-20"
},
"Updated": {
"Date": "2024-11-20"
},
"BDUs": [
{
"ID": "BDU:2024-08074",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://bdu.fstec.ru/vul/2024-08074",
"Impact": "High",
"Public": "20240707"
},
{
"ID": "BDU:2024-08077",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-08077",
"Impact": "High",
"Public": "20240905"
},
{
"ID": "BDU:2024-08083",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-08083",
"Impact": "High",
"Public": "20240903"
},
{
"ID": "BDU:2024-08084",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-08084",
"Impact": "High",
"Public": "20240812"
},
{
"ID": "BDU:2024-08085",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://bdu.fstec.ru/vul/2024-08085",
"Impact": "High",
"Public": "20240707"
},
{
"ID": "BDU:2024-08087",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2024-08087",
"Impact": "High",
"Public": "20240508"
},
{
"ID": "BDU:2024-08128",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://bdu.fstec.ru/vul/2024-08128",
"Impact": "High",
"Public": "20240707"
},
{
"ID": "BDU:2024-08131",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://bdu.fstec.ru/vul/2024-08131",
"Impact": "High",
"Public": "20240706"
},
{
"ID": "BDU:2024-08133",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-08133",
"Impact": "High",
"Public": "20240506"
},
{
"ID": "BDU:2024-08135",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-08135",
"Impact": "High",
"Public": "20240507"
},
{
"ID": "BDU:2024-08139",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-08139",
"Impact": "High",
"Public": "20240823"
},
{
"ID": "BDU:2024-08162",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-08162",
"Impact": "High",
"Public": "20240801"
},
{
"ID": "BDU:2024-08184",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-08184",
"Impact": "High",
"Public": "20240903"
},
{
"ID": "BDU:2024-08186",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-08186",
"Impact": "High",
"Public": "20240903"
},
{
"ID": "BDU:2024-08189",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-667",
"Href": "https://bdu.fstec.ru/vul/2024-08189",
"Impact": "Low",
"Public": "20240822"
},
{
"ID": "BDU:2024-08231",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-59",
"Href": "https://bdu.fstec.ru/vul/2024-08231",
"Impact": "High",
"Public": "20240813"
},
{
"ID": "BDU:2024-08234",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-824",
"Href": "https://bdu.fstec.ru/vul/2024-08234",
"Impact": "High",
"Public": "20240704"
},
{
"ID": "BDU:2024-08235",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-08235",
"Impact": "High",
"Public": "20240430"
},
{
"ID": "BDU:2024-08328",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-08328",
"Impact": "High",
"Public": "20240508"
},
{
"ID": "BDU:2024-08525",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-129",
"Href": "https://bdu.fstec.ru/vul/2024-08525",
"Impact": "High",
"Public": "20240502"
},
{
"ID": "BDU:2024-08528",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-129",
"Href": "https://bdu.fstec.ru/vul/2024-08528",
"Impact": "High",
"Public": "20240502"
},
{
"ID": "BDU:2024-08529",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-129",
"Href": "https://bdu.fstec.ru/vul/2024-08529",
"Impact": "High",
"Public": "20240502"
},
{
"ID": "BDU:2024-08984",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2024-08984",
"Impact": "High",
"Public": "20240605"
}
],
"CVEs": [
{
"ID": "CVE-2024-46714",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46714",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46719",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46719",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46721",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46721",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46722",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46722",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46723",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46723",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46724",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46724",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46725",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46725",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46731",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46731",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46737",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46737",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46738",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46738",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46739",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46739",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46740",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46740",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46743",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46743",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46744",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46744",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46747",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46747",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46750",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-667",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46750",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46755",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46755",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46756",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46756",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46757",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46757",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46758",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46758",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46759",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46759",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46761",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46761",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46763",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46763",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46781",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46781",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46782",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46782",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46791",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-667",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46791",
"Impact": "Low",
"Public": "20240918"
},
{
"ID": "CVE-2024-46798",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46798",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46800",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46800",
"Impact": "High",
"Public": "20240918"
},
{
"ID": "CVE-2024-46804",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-129",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46804",
"Impact": "High",
"Public": "20240927"
},
{
"ID": "CVE-2024-46814",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-129",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46814",
"Impact": "High",
"Public": "20240927"
},
{
"ID": "CVE-2024-46818",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-129",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46818",
"Impact": "High",
"Public": "20240927"
},
{
"ID": "CVE-2024-46819",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46819",
"Impact": "Low",
"Public": "20240927"
},
{
"ID": "CVE-2024-46822",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46822",
"Impact": "Low",
"Public": "20240927"
},
{
"ID": "CVE-2024-46829",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-667",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46829",
"Impact": "Low",
"Public": "20240927"
},
{
"ID": "CVE-2024-46832",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46832",
"Impact": "Low",
"Public": "20240927"
},
{
"ID": "CVE-2024-46840",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46840",
"Impact": "Low",
"Public": "20240927"
},
{
"ID": "CVE-2024-46844",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-824",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46844",
"Impact": "High",
"Public": "20240927"
},
{
"ID": "CVE-2024-47659",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47659",
"Impact": "High",
"Public": "20241009"
},
{
"ID": "CVE-2024-47660",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47660",
"Impact": "Low",
"Public": "20241009"
},
{
"ID": "CVE-2024-47663",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47663",
"Impact": "Low",
"Public": "20241009"
},
{
"ID": "CVE-2024-47667",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47667",
"Impact": "Low",
"Public": "20241009"
},
{
"ID": "CVE-2024-47668",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47668",
"Impact": "Low",
"Public": "20241009"
},
{
"ID": "CVE-2024-47669",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47669",
"Impact": "Low",
"Public": "20241009"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415824001",
"Comment": "kernel-headers-modules-rt is earlier than 0:5.10.226-alt1.rt118"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415824002",
"Comment": "kernel-headers-rt is earlier than 0:5.10.226-alt1.rt118"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415824003",
"Comment": "kernel-image-rt is earlier than 0:5.10.226-alt1.rt118"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415824004",
"Comment": "kernel-image-rt-checkinstall is earlier than 0:5.10.226-alt1.rt118"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink