diff --git a/mapping.csv b/mapping.csv index d3f904aa6cd..8595d98f20c 100644 --- a/mapping.csv +++ b/mapping.csv @@ -268427,3 +268427,675 @@ vulnerability,CVE-2025-23024,vulnerability--c78a3624-2755-43fe-851b-96a270db199a vulnerability,CVE-2025-0514,vulnerability--d5c277cc-b9d0-4364-8f90-93bea0fe620e vulnerability,CVE-2025-0760,vulnerability--8f5f8d68-3f3e-47bb-aa8b-9b62479ba194 vulnerability,CVE-2023-25574,vulnerability--64bf9609-611a-4a65-9bb8-7729cde475ae +vulnerability,CVE-2024-13628,vulnerability--e325c8ad-522b-46aa-ac97-87b39b7eb4f8 +vulnerability,CVE-2024-13571,vulnerability--d64e2031-70cb-4dfe-927c-84be78b90fe7 +vulnerability,CVE-2024-13803,vulnerability--43e13b8e-91b0-47be-b63a-608165683292 +vulnerability,CVE-2024-13632,vulnerability--10f6f524-08f9-47db-970b-6a7793db7b6f +vulnerability,CVE-2024-13560,vulnerability--cd05dac9-e40c-4bb7-88cb-97d5e8bebfc9 +vulnerability,CVE-2024-13633,vulnerability--58f39e10-8a84-4678-aa5b-7b225d108a59 +vulnerability,CVE-2024-13678,vulnerability--fab78481-4899-4d00-abdf-aeb96f47464d +vulnerability,CVE-2024-13634,vulnerability--9b53526d-5915-4ee7-ac86-7414ceb2437b +vulnerability,CVE-2024-13113,vulnerability--8281c360-fc58-4626-a372-96759bf28840 +vulnerability,CVE-2024-13629,vulnerability--68040b84-c5ef-4c2c-bb37-175c2550d76b +vulnerability,CVE-2024-13631,vulnerability--e8498a89-99cc-4135-8d72-6286580170ef +vulnerability,CVE-2024-13669,vulnerability--d5d9a4fc-193d-47b4-afc3-e9e9b2abc1b3 +vulnerability,CVE-2024-13630,vulnerability--a1e12b99-951c-43af-bdce-f71bba6126fc +vulnerability,CVE-2024-13624,vulnerability--5210bc5c-a566-4386-afcd-9ec23b3322e5 +vulnerability,CVE-2024-39441,vulnerability--c2256f5c-a36b-4220-bc64-bb7700ddb887 +vulnerability,CVE-2024-52925,vulnerability--f448fb1d-a97a-4618-956b-fd9cce4f9af7 +vulnerability,CVE-2024-57423,vulnerability--88154ec4-4c31-4a00-b3d8-4a642b20ae11 +vulnerability,CVE-2024-57040,vulnerability--5e7d9f49-28b0-4a78-91a3-1c422a8938dc +vulnerability,CVE-2024-47053,vulnerability--9fa2d9cd-63e4-44b0-8489-f965b2682c95 +vulnerability,CVE-2024-47051,vulnerability--17501ed8-f08f-4ade-b50d-29c3a40abafd +vulnerability,CVE-2024-53427,vulnerability--d3b61b59-0ec9-4c3a-bce5-07dc9d1233c1 +vulnerability,CVE-2024-53573,vulnerability--4795a02c-0255-4c67-95d3-a65ac1f2c814 +vulnerability,CVE-2024-12434,vulnerability--30bb043e-9056-47a5-9c6a-7e4a44829ec7 +vulnerability,CVE-2024-12737,vulnerability--3a19d462-3435-4a88-b026-1f1f2870bbfd +vulnerability,CVE-2024-12878,vulnerability--453dc81a-6dbe-43e2-9b35-45c7bdc5d039 +vulnerability,CVE-2024-46226,vulnerability--6740f4a6-3141-4599-9ed9-f721679cc6b1 +vulnerability,CVE-2024-10563,vulnerability--da58a124-9dcd-4b22-95f5-2e8a48e7e094 +vulnerability,CVE-2024-10152,vulnerability--f8759067-9add-4db8-ae17-af46672dfa23 +vulnerability,CVE-2024-10483,vulnerability--6bbc75f0-f421-42b7-a2b4-c251397bae10 +vulnerability,CVE-2024-50688,vulnerability--73509fda-d6a6-4a18-aef4-60b6bf19d4cf +vulnerability,CVE-2024-50696,vulnerability--6e7dbb0a-52fb-4148-9289-1c0f1e28e824 +vulnerability,CVE-2024-50685,vulnerability--aaed0209-60d4-427c-b119-8e667fc9620f +vulnerability,CVE-2024-50686,vulnerability--a2dc4f2a-0956-402f-bfc0-c839f67dfd46 +vulnerability,CVE-2024-50687,vulnerability--ef634315-bc87-4836-b7e3-8c881e9a3e33 +vulnerability,CVE-2024-50684,vulnerability--a7a54eeb-f0d3-4301-82b7-118be96c0a5c +vulnerability,CVE-2024-50691,vulnerability--5714d85d-0852-499c-b42a-2e561c78a61d +vulnerability,CVE-2024-50693,vulnerability--4913f139-b9fd-443c-a249-6ecce1bf04d9 +vulnerability,CVE-2024-50689,vulnerability--721e9b3b-a822-4079-a1b9-451dc6752ff4 +vulnerability,CVE-2024-6810,vulnerability--56111008-a542-4883-b941-7d031321538f +vulnerability,CVE-2024-55581,vulnerability--bb43e34b-7fd5-4f60-8fda-1ece82ef77b3 +vulnerability,CVE-2025-22869,vulnerability--33b8c3b4-d555-4886-8f1f-7202df90973d +vulnerability,CVE-2025-22881,vulnerability--6f2395e8-ad78-453c-8e33-9331c1c59767 +vulnerability,CVE-2025-22868,vulnerability--4ed8f2fe-8565-4630-9cbb-8e25a2d8f30d +vulnerability,CVE-2025-0235,vulnerability--739fd9a2-eae9-461d-b077-e7c8e4f00bd8 +vulnerability,CVE-2025-0236,vulnerability--f75eba06-7e46-411d-b0a1-5322e3ae3711 +vulnerability,CVE-2025-0234,vulnerability--24531031-b2ab-4b35-b862-dfa16932b821 +vulnerability,CVE-2025-0719,vulnerability--27bd8128-c38c-4446-bacb-980884397273 +vulnerability,CVE-2025-0889,vulnerability--09fa0e4d-1fb9-4612-87cc-6546f37de2f9 +vulnerability,CVE-2025-0941,vulnerability--91e19f86-402f-40b0-9a98-745a475bd0c7 +vulnerability,CVE-2025-0731,vulnerability--33fa9c88-aa4e-427e-8dd9-15b07e6c7438 +vulnerability,CVE-2025-26925,vulnerability--2586845c-f699-4a85-9abb-86d93ef542af +vulnerability,CVE-2025-26698,vulnerability--cab27a1e-6fe2-4160-b0af-49fcb4ebf06e +vulnerability,CVE-2025-1634,vulnerability--0f005f2f-5c8e-480a-abbf-cb1006cfe1b9 +vulnerability,CVE-2025-1726,vulnerability--374ad3b5-0801-4b05-b4ae-9820314f538e +vulnerability,CVE-2025-1517,vulnerability--d8f210fe-3037-4eaa-a77b-d0eeae221e6c +vulnerability,CVE-2025-1249,vulnerability--f3cc3831-70de-4845-9edb-4845fa15e885 +vulnerability,CVE-2025-1716,vulnerability--2bf545de-39b3-40ce-b093-46c5cc6aa7fa +vulnerability,CVE-2025-25799,vulnerability--ef3b40cd-a261-4ecf-a9a0-2e73009413d4 +vulnerability,CVE-2025-25785,vulnerability--951f5b74-9607-43db-aef3-cb99ab9f8c18 +vulnerability,CVE-2025-25791,vulnerability--939276ad-253c-4530-ab80-4befe55da284 +vulnerability,CVE-2025-25789,vulnerability--24d8d0a1-8dd0-47bc-89fd-ffbc08489977 +vulnerability,CVE-2025-25813,vulnerability--6cfca07b-4c0a-4a9e-8600-5987680d61c0 +vulnerability,CVE-2025-25462,vulnerability--baa43694-feb9-412c-b160-9e793e6fe7e6 +vulnerability,CVE-2025-25784,vulnerability--92fb8a48-5276-45ac-9208-c4e2be5904e3 +vulnerability,CVE-2025-25790,vulnerability--5151d249-04b6-4328-9728-70480764ce72 +vulnerability,CVE-2025-25802,vulnerability--e6b9005a-07b8-44d0-8fa2-240bb1386ae5 +vulnerability,CVE-2025-25800,vulnerability--f23e6f8a-38c6-4bf1-8ab7-6a20b3ab8787 +vulnerability,CVE-2025-25793,vulnerability--4a245853-3ee2-4104-be6e-c2e6017c6839 +vulnerability,CVE-2025-25825,vulnerability--e44bfd82-0f57-4fff-875c-80e1ad60e699 +vulnerability,CVE-2025-25792,vulnerability--316349c4-d94a-4ed4-9ef2-16fa02fa0e91 +vulnerability,CVE-2025-25783,vulnerability--b6de9c84-04b0-431f-a709-d266b1b97466 +vulnerability,CVE-2025-25796,vulnerability--03e60f3e-2891-4f52-a223-c03139a873f8 +vulnerability,CVE-2025-25827,vulnerability--77b52b72-08ff-4825-814d-08d4f48e032c +vulnerability,CVE-2025-25823,vulnerability--263b5c91-b51b-4933-9fbe-23e5b9e9654d +vulnerability,CVE-2025-25797,vulnerability--98b6f722-33a6-47dd-98b3-5e29063b19d7 +vulnerability,CVE-2025-25794,vulnerability--a8284db4-f2c8-4d94-97d6-fe0afb867d9c +vulnerability,CVE-2025-25818,vulnerability--719da266-8dcf-48d9-9a65-6e9cfee48bb7 +vulnerability,CVE-2025-20119,vulnerability--ddc63236-09d1-4bc4-a068-464e8c723b93 +vulnerability,CVE-2025-20117,vulnerability--fa99718b-e4d3-4fd9-968e-eebdbf9bda0e +vulnerability,CVE-2025-20161,vulnerability--60bbf970-2daa-4d59-8c07-babf7450ec1e +vulnerability,CVE-2025-20118,vulnerability--51015415-93fd-4234-9ad8-5a59fffd8c4c +vulnerability,CVE-2025-20111,vulnerability--6d572e42-45d8-4770-8723-125e6bcda815 +vulnerability,CVE-2025-20116,vulnerability--cfeaa651-74ce-4d4f-970a-e3de5c363a1d +vulnerability,CVE-2021-47645,vulnerability--9f4f2ccd-45cf-4acf-a8d3-fe4216821e01 +vulnerability,CVE-2021-47631,vulnerability--66d160c4-c5fd-4483-8c4f-776b49d4c871 +vulnerability,CVE-2021-47647,vulnerability--bb2b8825-851d-4be0-9c47-0590ba6347dd +vulnerability,CVE-2021-47657,vulnerability--4b10912d-7220-447b-a504-085210f34311 +vulnerability,CVE-2021-47637,vulnerability--c5e10a8a-e63c-4ca2-bd54-51b75339e8ef +vulnerability,CVE-2021-47660,vulnerability--560ad270-1815-419e-b4d8-21ab04a792fd +vulnerability,CVE-2021-47632,vulnerability--17a71d19-eff0-436f-8601-69d9b91b432b +vulnerability,CVE-2021-47652,vulnerability--bdcf2f7f-6d9c-413a-a582-1086a9ab33eb +vulnerability,CVE-2021-47643,vulnerability--faa62d39-d59b-4531-ab72-96256ab58e74 +vulnerability,CVE-2021-47649,vulnerability--23379fb5-8157-4e61-b8e2-497b2d325f89 +vulnerability,CVE-2021-47636,vulnerability--a3ddbc68-e6dd-4bc4-921f-6df04cb311fc +vulnerability,CVE-2021-47651,vulnerability--59c438be-be33-438f-a127-99e7577262e1 +vulnerability,CVE-2021-47641,vulnerability--67c2553a-e46e-47e6-ada8-0a0b9800ab1e +vulnerability,CVE-2021-47653,vulnerability--be193ac9-1988-47a0-a1b5-d4dc3878e972 +vulnerability,CVE-2021-47654,vulnerability--31235391-34ad-41e6-a41c-8bad3b2170e3 +vulnerability,CVE-2021-47635,vulnerability--2d9d1e78-53d0-47cc-a4ae-9b51b8798511 +vulnerability,CVE-2021-47655,vulnerability--7b01ff4e-b011-4368-9be3-ed7d32d98f99 +vulnerability,CVE-2021-47642,vulnerability--641acf71-c6f8-478a-998f-decf2a5aac25 +vulnerability,CVE-2021-47640,vulnerability--7cb74530-9860-4b2e-a5c7-04a2ea762362 +vulnerability,CVE-2021-47656,vulnerability--4889d972-4a86-4d68-8cb2-1300bcc0da44 +vulnerability,CVE-2021-47644,vulnerability--3864b916-11fd-4f07-a334-afc37b91dff4 +vulnerability,CVE-2021-47634,vulnerability--482e15b6-f2f5-47ff-bc88-9e979699bfd7 +vulnerability,CVE-2021-47650,vulnerability--2a5e99e5-79e8-4fc1-9ac9-a53b4c97a1ec +vulnerability,CVE-2021-47648,vulnerability--181d20f3-d599-465f-b590-e05b1743d913 +vulnerability,CVE-2021-47646,vulnerability--053cba64-83e6-4827-aaf2-10a61e9f799c +vulnerability,CVE-2021-47658,vulnerability--14ef5ed3-d691-4189-a21d-ec9d4c61ff62 +vulnerability,CVE-2021-47638,vulnerability--8271e9df-29fa-413b-a107-dd7b96ebd889 +vulnerability,CVE-2021-47659,vulnerability--384121a0-b3b8-4328-86d7-778005aee254 +vulnerability,CVE-2021-47639,vulnerability--146d93b4-305e-4b0c-87c6-de82d6b4a5c8 +vulnerability,CVE-2021-47633,vulnerability--61eddd9a-b2c5-4b93-b404-16b7b8e0e449 +vulnerability,CVE-2022-49070,vulnerability--9e35d0b5-8966-40f2-b5b7-a9485dc13fcf +vulnerability,CVE-2022-49323,vulnerability--06c329a9-a681-4b7a-b705-b1ae33033396 +vulnerability,CVE-2022-49492,vulnerability--9e229cf4-0dc7-44ba-bc58-2cd7cdd86544 +vulnerability,CVE-2022-49276,vulnerability--531caf86-613b-44fd-be44-3716976a500f +vulnerability,CVE-2022-49220,vulnerability--185bfd89-ac58-42fe-88a6-62c981c66be0 +vulnerability,CVE-2022-49234,vulnerability--4888e300-365f-428a-943d-7ba930885ee8 +vulnerability,CVE-2022-49395,vulnerability--eb5e6278-79af-4420-a5fc-38d9dc36d0ab +vulnerability,CVE-2022-49428,vulnerability--b4f322c4-ab5b-4302-809c-f789f2f4c7b3 +vulnerability,CVE-2022-49150,vulnerability--097d0310-f416-4a7c-a0ba-141f4ff4f622 +vulnerability,CVE-2022-49662,vulnerability--eb5f97f6-6bd3-457c-9e55-4db257b68e79 +vulnerability,CVE-2022-49450,vulnerability--ce53ee84-0921-4f0f-9da7-1b57c824542b +vulnerability,CVE-2022-49325,vulnerability--c22e9482-c611-410b-b0b5-05c6393f682a +vulnerability,CVE-2022-49062,vulnerability--babd60c3-8dd7-4c8f-8273-8fe4cb0e1ee9 +vulnerability,CVE-2022-49369,vulnerability--e1ded156-0974-4d2d-a3d2-7b87f0b66001 +vulnerability,CVE-2022-49059,vulnerability--8c8e63e9-5e75-4c53-b549-b3c84fd13dde +vulnerability,CVE-2022-49424,vulnerability--d32e3059-4e2d-463f-867b-0432221b1eb8 +vulnerability,CVE-2022-49522,vulnerability--627043a1-4278-41b7-b366-bf259de6d558 +vulnerability,CVE-2022-49547,vulnerability--014ae28d-17a9-4eda-b146-879c30a8d0da +vulnerability,CVE-2022-49610,vulnerability--37612e93-6cec-4d37-ac2f-8cbca21a9bf5 +vulnerability,CVE-2022-49152,vulnerability--6fc92b9f-6efe-4257-b569-0446dcba0ff6 +vulnerability,CVE-2022-49370,vulnerability--18d01cf5-932c-479c-a96c-d89aa433b33d +vulnerability,CVE-2022-49271,vulnerability--536b3060-dfd0-4bd8-b313-788a80516145 +vulnerability,CVE-2022-49099,vulnerability--14ee2122-e771-46e4-a875-74957d7e56d0 +vulnerability,CVE-2022-49250,vulnerability--7ea680c7-c9ea-4c4a-b2ce-69e1c8f4a8c3 +vulnerability,CVE-2022-49510,vulnerability--c5f22169-bccd-4ddb-839b-c99394541ba8 +vulnerability,CVE-2022-49183,vulnerability--e3f8bff0-99e4-45e9-8eb3-678a4375579a +vulnerability,CVE-2022-49320,vulnerability--9b0942d9-8ee2-4e8f-9598-aa4f67a40216 +vulnerability,CVE-2022-49448,vulnerability--2a072e06-0027-4107-ab74-2b4913bc5e42 +vulnerability,CVE-2022-49334,vulnerability--462d3759-2bb6-4dd6-9d0d-549dc5b0edc0 +vulnerability,CVE-2022-49502,vulnerability--cac9a7bf-5ac8-400f-967b-3d24a7551b65 +vulnerability,CVE-2022-49297,vulnerability--7760c5c3-b2ff-4803-aa32-c667bfa37a4c +vulnerability,CVE-2022-49408,vulnerability--13d49b13-ac8a-472f-b14d-92043e5f430b +vulnerability,CVE-2022-49315,vulnerability--61335db0-e13e-4277-8560-d766ea6be959 +vulnerability,CVE-2022-49187,vulnerability--fece35b0-c94f-4dde-b540-379fce059aab +vulnerability,CVE-2022-49674,vulnerability--8cc2ef4b-6ba2-49d0-89db-26e5a3a29c8e +vulnerability,CVE-2022-49046,vulnerability--8d308921-a5b4-43a3-a4f3-e38bf145897c +vulnerability,CVE-2022-49537,vulnerability--855aa1c1-8c55-4c33-bdaa-fb70559c6133 +vulnerability,CVE-2022-49203,vulnerability--6bf48ff5-5213-4b8f-b185-dd8679829611 +vulnerability,CVE-2022-49631,vulnerability--a3485740-2e64-4428-a77b-8e651c30eafd +vulnerability,CVE-2022-49391,vulnerability--ed377c62-c7de-48eb-9832-17190fbb0647 +vulnerability,CVE-2022-49402,vulnerability--fb1ac9c1-b5ba-4e76-aa58-05828129e690 +vulnerability,CVE-2022-49197,vulnerability--c2994c25-4158-4af5-8b0e-a3c1ba315308 +vulnerability,CVE-2022-49494,vulnerability--5dab70e2-06c7-4af0-86ba-2e5c54f3b5c4 +vulnerability,CVE-2022-49064,vulnerability--3ade1004-21e7-40ee-8f76-489b67bded74 +vulnerability,CVE-2022-49562,vulnerability--eac6d124-9d6c-4cbb-9887-c8bc367f1a95 +vulnerability,CVE-2022-49249,vulnerability--21ed310c-1886-49e1-a2d1-7fc68dc6aeb5 +vulnerability,CVE-2022-49331,vulnerability--83479560-60cf-4cc1-92b3-81a0aa5bcbaf +vulnerability,CVE-2022-49305,vulnerability--5107f7a5-f125-49da-90d2-322a6d015096 +vulnerability,CVE-2022-49427,vulnerability--0b87d3d8-1d33-4d41-9988-8f5fbb2f0c9a +vulnerability,CVE-2022-49079,vulnerability--5d177ca8-9062-4aca-bf3a-b0b768c8839a +vulnerability,CVE-2022-49619,vulnerability--153afc98-5913-4e1b-b8ce-2e6400d3835a +vulnerability,CVE-2022-49682,vulnerability--53093602-5c20-4194-8a1a-6037783aa5cb +vulnerability,CVE-2022-49474,vulnerability--7338f0df-1de8-4c22-a42d-d6f95e009f06 +vulnerability,CVE-2022-49318,vulnerability--65e1d2bd-b4e3-414f-b23b-d8ad272ac4de +vulnerability,CVE-2022-49280,vulnerability--f72440b2-1116-4fd8-abe0-33dd1e024610 +vulnerability,CVE-2022-49640,vulnerability--04861f6b-d72a-4460-ac60-57dbf8751a8b +vulnerability,CVE-2022-49106,vulnerability--1ab4a2d3-5880-409f-83d6-22a049312810 +vulnerability,CVE-2022-49655,vulnerability--2330888a-5ff0-420e-80e8-7fe30160b3c2 +vulnerability,CVE-2022-49342,vulnerability--a149eb67-f078-4cc3-a882-7beba72a924d +vulnerability,CVE-2022-49056,vulnerability--b1d83e83-afdd-43bf-a70f-f8c6f69d34b0 +vulnerability,CVE-2022-49228,vulnerability--75847e3b-a061-465a-81b1-06245bd6e4ee +vulnerability,CVE-2022-49627,vulnerability--3463d6fa-2478-4964-acfa-b0392ad68b6d +vulnerability,CVE-2022-49478,vulnerability--df755be6-739b-4740-a17b-ae7e9ec587d9 +vulnerability,CVE-2022-49253,vulnerability--4cc37e36-d728-4430-945b-0a8676fdbd00 +vulnerability,CVE-2022-49380,vulnerability--12afe6c3-4994-40e7-af44-48c04a11c455 +vulnerability,CVE-2022-49411,vulnerability--cbfac643-57ae-4256-b402-a5993e575d60 +vulnerability,CVE-2022-49635,vulnerability--ea5b5f0a-984a-435e-8c02-0c2dd7ff47db +vulnerability,CVE-2022-49552,vulnerability--e9a36af0-f448-4699-9144-84f633f0e00a +vulnerability,CVE-2022-49466,vulnerability--183271d1-ef74-4a5d-bb93-ebdcdda9ecff +vulnerability,CVE-2022-49544,vulnerability--17a09388-edfb-426e-8bdc-5d93114c92eb +vulnerability,CVE-2022-49160,vulnerability--57687335-e478-46d5-ab12-a36ef820a52f +vulnerability,CVE-2022-49260,vulnerability--73ed12a4-3962-4937-82fb-782b33209f7d +vulnerability,CVE-2022-49294,vulnerability--39608caf-e5c4-4fcd-a49b-6eb0b7113c85 +vulnerability,CVE-2022-49240,vulnerability--cb0156fd-082c-482e-b662-7f8205d53c20 +vulnerability,CVE-2022-49528,vulnerability--a0060576-b535-46eb-bd04-5a8819f8a076 +vulnerability,CVE-2022-49558,vulnerability--689334ec-8f67-4346-b3b9-e6024130ddef +vulnerability,CVE-2022-49553,vulnerability--5836f3d6-a461-4eb5-9a15-965b9dbe7068 +vulnerability,CVE-2022-49652,vulnerability--dc6c7fc8-dd96-40b5-9b55-ebdf62c93591 +vulnerability,CVE-2022-49202,vulnerability--00d45581-b5a0-462e-b70b-ce86b7484e58 +vulnerability,CVE-2022-49388,vulnerability--6cd9bfda-da7b-4e00-949d-8c85ca78f552 +vulnerability,CVE-2022-49141,vulnerability--4db5f85f-4edf-4c90-9df6-53d79e2968a3 +vulnerability,CVE-2022-49221,vulnerability--6f056187-0691-4e41-9ef5-f9727612f2c0 +vulnerability,CVE-2022-49214,vulnerability--ba8af4c1-c4c4-4fc3-bda9-341619b7f6a5 +vulnerability,CVE-2022-49666,vulnerability--6b23b38d-e26e-47c4-8f12-8b3b0085e3c2 +vulnerability,CVE-2022-49519,vulnerability--0b867288-fb6e-4d7c-a3b2-d19078bb1b1f +vulnerability,CVE-2022-49312,vulnerability--feba9485-23ba-4ada-b47e-b6ca49051a38 +vulnerability,CVE-2022-49189,vulnerability--a641d7c9-856b-47ae-b626-75550a515836 +vulnerability,CVE-2022-49328,vulnerability--b03a9c55-ece3-4f39-beec-f1e59273a227 +vulnerability,CVE-2022-49060,vulnerability--3a6420d7-0a2d-4aee-8ca6-4f3e0bd3c981 +vulnerability,CVE-2022-49476,vulnerability--53ff63b2-f38c-4f7b-b672-339fd8bc1063 +vulnerability,CVE-2022-49541,vulnerability--f8081745-8a4b-4976-bad6-27f19588d008 +vulnerability,CVE-2022-49500,vulnerability--48f899be-7c15-4329-9d1e-4889fb3e9aa1 +vulnerability,CVE-2022-49495,vulnerability--7b8bbb27-34e4-4622-abac-1f4439ecf715 +vulnerability,CVE-2022-49163,vulnerability--55b7cde0-b8e7-448f-8793-8578cd1e2bb9 +vulnerability,CVE-2022-49224,vulnerability--ea7fcf63-e01f-4119-8a8e-da9e4564aea4 +vulnerability,CVE-2022-49413,vulnerability--7c68848a-a274-448c-8008-7a793b86f92f +vulnerability,CVE-2022-49085,vulnerability--df84c15d-c85f-41fb-b4a6-2e85d2b090c2 +vulnerability,CVE-2022-49642,vulnerability--a64ba506-3030-495b-a88d-f29be5b15de8 +vulnerability,CVE-2022-49469,vulnerability--a3be4478-caa3-45a2-833b-6b8cac6a0cd3 +vulnerability,CVE-2022-49267,vulnerability--3710b642-1434-41b9-abd6-95e4ab5876f1 +vulnerability,CVE-2022-49656,vulnerability--6782333a-ee85-4796-9226-00916d0ef1c9 +vulnerability,CVE-2022-49454,vulnerability--40caf80b-f73c-442f-bc86-cc73d804fc4d +vulnerability,CVE-2022-49337,vulnerability--59809b5e-775a-4489-a08c-b013e5ffc244 +vulnerability,CVE-2022-49237,vulnerability--927a74e2-6af0-4cef-b441-39e21d65f0c7 +vulnerability,CVE-2022-49419,vulnerability--9789cf3a-83d5-48da-8713-449bfbd936a0 +vulnerability,CVE-2022-49457,vulnerability--bc65b553-b3a3-446e-bebe-aee3e386c531 +vulnerability,CVE-2022-49279,vulnerability--753e1828-fb84-4404-b455-c217cc1eed5b +vulnerability,CVE-2022-49065,vulnerability--04fb92a1-2de9-4517-b5d2-ca728fe7dd61 +vulnerability,CVE-2022-49684,vulnerability--98870356-48e6-462b-af14-2ebffef0efec +vulnerability,CVE-2022-49147,vulnerability--04a3f1be-0e2b-4115-9c86-7a38e26e1350 +vulnerability,CVE-2022-49096,vulnerability--938146cb-0e11-460e-8258-310ee1874f9a +vulnerability,CVE-2022-49471,vulnerability--91a975a8-55bf-4ae7-a8fd-0b0f01ecda69 +vulnerability,CVE-2022-49432,vulnerability--a95ca10b-f6b2-4e46-a3de-ae77f422bd77 +vulnerability,CVE-2022-49058,vulnerability--c5164ba9-41e7-4090-987a-93aa524820e9 +vulnerability,CVE-2022-49274,vulnerability--f9285a48-43e0-4d5f-bd3a-637a4796e638 +vulnerability,CVE-2022-49363,vulnerability--0d1e3269-35a2-48d8-8f09-f5f8c3c43e69 +vulnerability,CVE-2022-49649,vulnerability--73ee219b-c2f4-4408-b907-3468a330f0e5 +vulnerability,CVE-2022-49319,vulnerability--99789a8e-feca-4177-8041-6f5cef43816a +vulnerability,CVE-2022-49212,vulnerability--443df9cc-6432-4ce1-9fbd-a058c5814ef5 +vulnerability,CVE-2022-49088,vulnerability--7700016a-0b4f-48e6-a241-b1ae7e40f79b +vulnerability,CVE-2022-49151,vulnerability--52ea8fee-9bda-4d11-9f24-13021ee680ed +vulnerability,CVE-2022-49195,vulnerability--8f9d06fa-18d8-478b-a72d-b0724f3a8c6e +vulnerability,CVE-2022-49308,vulnerability--312ab412-dd38-460f-abdf-bb6b9e37a4a3 +vulnerability,CVE-2022-49157,vulnerability--e55553ae-8c47-48e9-a83d-430c18daf1c0 +vulnerability,CVE-2022-49090,vulnerability--7d19433e-c19e-4242-a198-b5992fa56fd3 +vulnerability,CVE-2022-49400,vulnerability--666a577d-76f3-4e37-91dd-031424f3c68f +vulnerability,CVE-2022-49343,vulnerability--88dece6a-48cb-4299-abe9-8f694c0331ac +vulnerability,CVE-2022-49105,vulnerability--b439a223-a217-4a3d-b479-d6ea78c6a510 +vulnerability,CVE-2022-49648,vulnerability--ca2a6123-7ffc-4e93-86a4-7433b2cc9497 +vulnerability,CVE-2022-49335,vulnerability--b3c2abc5-24f1-406d-8b2d-2dd68241e32d +vulnerability,CVE-2022-49206,vulnerability--6e5617dd-c4db-41f4-80b1-30edcf03a21a +vulnerability,CVE-2022-49332,vulnerability--9b157ad9-efd7-44c5-b481-f26cf93dd501 +vulnerability,CVE-2022-49087,vulnerability--a1b3d579-d94b-4f87-96e9-f584c476d8b5 +vulnerability,CVE-2022-49243,vulnerability--7949533f-0f5c-4054-a26e-cab1d909eaf9 +vulnerability,CVE-2022-49307,vulnerability--c44e1541-d249-4403-a8a0-94fc53e0bc66 +vulnerability,CVE-2022-49458,vulnerability--b1bb395a-3acd-4eff-be7e-39e6d69fb416 +vulnerability,CVE-2022-49094,vulnerability--494f8455-60ff-4138-9d14-7cafbc731fd3 +vulnerability,CVE-2022-49653,vulnerability--9c7c4f94-d1f3-44f9-9c67-7289abb40e77 +vulnerability,CVE-2022-49321,vulnerability--8438e316-82d1-4675-9e48-6994df1efd36 +vulnerability,CVE-2022-49165,vulnerability--73a58c87-6df5-4c27-b2c9-637fd759f25e +vulnerability,CVE-2022-49367,vulnerability--6f436c1e-9514-4a09-abf7-f6b2b9d872c2 +vulnerability,CVE-2022-49200,vulnerability--07c5408f-65fb-485b-8331-29adf2a1365c +vulnerability,CVE-2022-49617,vulnerability--95eb8213-33e6-4296-bfd4-800315c8ba99 +vulnerability,CVE-2022-49467,vulnerability--6d27994d-207d-4b06-9c96-1ee9896717a0 +vulnerability,CVE-2022-49140,vulnerability--8c2fbeae-e92f-4c04-a3f3-b8220851679e +vulnerability,CVE-2022-49480,vulnerability--f490020a-73dd-4f3c-8c4e-fdc1c4088b40 +vulnerability,CVE-2022-49176,vulnerability--d77809ef-1a6d-494f-95ea-c5a859668c75 +vulnerability,CVE-2022-49658,vulnerability--dc9a271f-d158-4462-8f0a-23e10928bb7c +vulnerability,CVE-2022-49383,vulnerability--7aaad8a4-de8b-4987-8940-ca568bf15775 +vulnerability,CVE-2022-49484,vulnerability--6a169b55-ed45-476e-bc78-18392036d6ee +vulnerability,CVE-2022-49301,vulnerability--0bba7b5f-c415-420c-8655-e499df5de763 +vulnerability,CVE-2022-49168,vulnerability--56d3b290-2f28-4707-831f-a06dba2a791b +vulnerability,CVE-2022-49204,vulnerability--12b35198-06c8-40f7-b0f6-ad45322352ca +vulnerability,CVE-2022-49602,vulnerability--bd314929-e4f1-49bc-8f4c-18e2f36d2ae6 +vulnerability,CVE-2022-49546,vulnerability--7236b92f-1a3d-4254-86a7-a7cafc5e7391 +vulnerability,CVE-2022-49434,vulnerability--32930a34-862d-41f2-86e6-491ce98f8949 +vulnerability,CVE-2022-49170,vulnerability--d7d4b2d3-1aa1-413a-bd25-5a24c56ba67b +vulnerability,CVE-2022-49102,vulnerability--c8389b89-5daf-4cd3-949d-7ecb6a3ed1f2 +vulnerability,CVE-2022-49456,vulnerability--fa0271f3-c2b5-4861-b67a-030edc0328a8 +vulnerability,CVE-2022-49606,vulnerability--e480ccca-b741-4fc0-8d08-8ec77b895555 +vulnerability,CVE-2022-49460,vulnerability--32f70bc7-cfd7-447a-89a9-e49be12723d9 +vulnerability,CVE-2022-49142,vulnerability--98df3d07-9809-485b-968e-6f9004ea68b6 +vulnerability,CVE-2022-49488,vulnerability--5bb0eb2b-0b93-48a9-84e2-325ccd41f077 +vulnerability,CVE-2022-49322,vulnerability--5451c178-799e-491c-8785-0af893139516 +vulnerability,CVE-2022-49532,vulnerability--982a4de8-2a92-4a35-adc2-0d78dc733a08 +vulnerability,CVE-2022-49053,vulnerability--92bcd8cf-9e0f-4c31-bc7a-a7cdc7e6add3 +vulnerability,CVE-2022-49525,vulnerability--2b2e0d4f-3ce6-4087-9b58-2e86a45b6a7b +vulnerability,CVE-2022-49447,vulnerability--3ae48e34-53c6-4ffd-90a3-515faddec9e4 +vulnerability,CVE-2022-49561,vulnerability--0b2199f4-ca8f-477b-885d-95577a21eab2 +vulnerability,CVE-2022-49529,vulnerability--4a93c89c-bb9f-4a10-b15c-4e6190ce9907 +vulnerability,CVE-2022-49683,vulnerability--c37b682e-2152-4720-a765-73bc485fa791 +vulnerability,CVE-2022-49156,vulnerability--f4e5e375-baa7-4e3b-b736-9d63665c3f38 +vulnerability,CVE-2022-49252,vulnerability--9b5a01d9-783b-4699-8900-d18b69c98dcb +vulnerability,CVE-2022-49405,vulnerability--7dcf548e-8111-480f-ad91-4c3fe6315511 +vulnerability,CVE-2022-49208,vulnerability--2a384c08-5c36-40d0-8fc2-1e020cdbdc77 +vulnerability,CVE-2022-49374,vulnerability--f15e6891-ef49-47d0-8413-32827fb59e9d +vulnerability,CVE-2022-49338,vulnerability--0a45b573-8f9a-4b5b-afa2-6fe061d4c610 +vulnerability,CVE-2022-49238,vulnerability--c8459d68-8a91-4b85-96fc-792327fd33ca +vulnerability,CVE-2022-49298,vulnerability--1fb2b8d6-2201-455b-bbdd-4be96836aeb2 +vulnerability,CVE-2022-49246,vulnerability--5adeffc8-a0b4-4b9b-a050-9c8d5448d5b6 +vulnerability,CVE-2022-49268,vulnerability--aa7936aa-cb66-4200-b996-68ce8d44cb9b +vulnerability,CVE-2022-49097,vulnerability--6a634a51-8c33-4457-9cb4-2142a9d3408a +vulnerability,CVE-2022-49423,vulnerability--13b45558-3a2f-49bd-95ee-dfe07e7cfedc +vulnerability,CVE-2022-49069,vulnerability--58c50c18-f1cb-4889-b135-2d47bdde441d +vulnerability,CVE-2022-49291,vulnerability--b4edc85c-ae8c-47bc-af48-ecc9e2441eaf +vulnerability,CVE-2022-49680,vulnerability--39cd613b-b7e8-4759-aab2-fd3e2a078580 +vulnerability,CVE-2022-49146,vulnerability--5f163387-fc20-4a79-bc38-b8c7a70761fe +vulnerability,CVE-2022-49482,vulnerability--8882d40e-423d-4471-9f9a-b26686e928d8 +vulnerability,CVE-2022-49239,vulnerability--5f41a46e-4ad4-419c-aa35-9a9ab8e5ba0b +vulnerability,CVE-2022-49230,vulnerability--35b1d9a3-76d0-4775-aefe-ee0c224c2c65 +vulnerability,CVE-2022-49673,vulnerability--da89075b-66b5-425a-9472-4bb6663f3ede +vulnerability,CVE-2022-49075,vulnerability--62265c12-52f3-4b67-8eee-3d35f8d347a5 +vulnerability,CVE-2022-49068,vulnerability--e205d8c2-9894-4abe-8a73-cc48d5eeb8a2 +vulnerability,CVE-2022-49045,vulnerability--e9e4cf2e-b30f-416f-b334-cc1c9fb98b78 +vulnerability,CVE-2022-49133,vulnerability--aa91b5a4-f695-4d6d-9acb-23ed4da34a21 +vulnerability,CVE-2022-49410,vulnerability--033bc159-6244-4655-83e6-a6980ee9f3bc +vulnerability,CVE-2022-49182,vulnerability--857dcf84-846d-4118-948c-b936f65b5c17 +vulnerability,CVE-2022-49229,vulnerability--22702ab0-56b1-4197-9db2-5a62619481ee +vulnerability,CVE-2022-49536,vulnerability--8c77ada4-d461-49e4-b3e8-18dbedb3a2bc +vulnerability,CVE-2022-49394,vulnerability--b3502945-9553-4561-a6b3-33548290699f +vulnerability,CVE-2022-49483,vulnerability--df629866-56c9-4911-90c3-8ff387131a34 +vulnerability,CVE-2022-49669,vulnerability--9c161991-eb2d-4f68-b8b4-bf1e50f1ba15 +vulnerability,CVE-2022-49207,vulnerability--b1bfdc1d-699c-49bd-8ab5-ba63e92308cb +vulnerability,CVE-2022-49620,vulnerability--b317a1ad-0336-4062-a3f5-990f03005bc8 +vulnerability,CVE-2022-49622,vulnerability--ad255849-ad23-44e3-93c5-9bc1ee45b8e5 +vulnerability,CVE-2022-49242,vulnerability--d29c8ec8-ae81-43bd-943e-00a752e7577b +vulnerability,CVE-2022-49339,vulnerability--988d84d7-93b2-4966-a3ab-d7d324c2ef43 +vulnerability,CVE-2022-49067,vulnerability--0dd41f3b-d8b5-4e92-a87a-5aa53d6211f1 +vulnerability,CVE-2022-49732,vulnerability--7b6fec83-03af-4cf3-8301-33a55b888533 +vulnerability,CVE-2022-49644,vulnerability--354f8fe9-2cca-4873-960f-536fd5e34c3c +vulnerability,CVE-2022-49638,vulnerability--6f3498ad-7c35-495d-8550-a3522847e9ec +vulnerability,CVE-2022-49403,vulnerability--6d6d5e57-0212-444c-b6ec-2642e68450cd +vulnerability,CVE-2022-49493,vulnerability--08b1bf74-8f49-4c0a-8118-54cf62f5c1d6 +vulnerability,CVE-2022-49092,vulnerability--aadb8d9f-f24e-4bf7-bc64-6f98e2e27d81 +vulnerability,CVE-2022-49198,vulnerability--abf94ff9-93e5-4a05-b857-29b18a89d494 +vulnerability,CVE-2022-49159,vulnerability--fe72405e-603c-4e1f-acbc-3b1e2c736035 +vulnerability,CVE-2022-49396,vulnerability--e1f9471e-6551-40d0-8cd0-5ad6b81da171 +vulnerability,CVE-2022-49406,vulnerability--b6b5d0bf-39ea-45f6-8896-6bc1a14082e6 +vulnerability,CVE-2022-49437,vulnerability--6125651e-e73e-4dba-8b39-6cdb53031aad +vulnerability,CVE-2022-49285,vulnerability--990205ab-dcd3-4ea8-86b7-53060d46080f +vulnerability,CVE-2022-49247,vulnerability--96ec38cf-ef1c-4d90-9e87-ed477b2d2f07 +vulnerability,CVE-2022-49607,vulnerability--259c91f9-e6d2-4cfd-a45c-a06dbdbc9ad1 +vulnerability,CVE-2022-49196,vulnerability--0b866a98-b325-472d-b03c-ba5e08fe98d9 +vulnerability,CVE-2022-49366,vulnerability--7e66f0fc-f0be-47fc-b135-cd8c124ab9ad +vulnerability,CVE-2022-49443,vulnerability--2f08610c-4ca1-4d83-a6f6-c9db02fad340 +vulnerability,CVE-2022-49086,vulnerability--b1adae4f-2c41-45fb-971f-ceaf9a168715 +vulnerability,CVE-2022-49672,vulnerability--f02fcc3b-eb65-4d5e-a5f7-cc4cc8ebfc5e +vulnerability,CVE-2022-49329,vulnerability--f9e927f2-944d-4a23-859d-509f45f587b1 +vulnerability,CVE-2022-49263,vulnerability--c27d1d48-a8e8-4d5a-9326-c10c4eca79d1 +vulnerability,CVE-2022-49269,vulnerability--5eb6a991-c65d-48fe-8a41-d52a5a8cfe2d +vulnerability,CVE-2022-49158,vulnerability--f09b26c9-4eae-4467-be0f-b814493b85f7 +vulnerability,CVE-2022-49169,vulnerability--86cd4f65-e88f-47c2-9365-5f41ddc8a473 +vulnerability,CVE-2022-49513,vulnerability--be71a4a1-74bc-4237-b0eb-60e0f099f65d +vulnerability,CVE-2022-49645,vulnerability--114cb7fc-2468-4e6d-99b1-06e74e439170 +vulnerability,CVE-2022-49072,vulnerability--6483acb9-77fc-4bcc-bc3e-8f2cb9a75acb +vulnerability,CVE-2022-49166,vulnerability--281e566a-f259-4ede-a3f9-4c982d8fb249 +vulnerability,CVE-2022-49409,vulnerability--8384fd02-d3d9-4e31-afaf-1325a3716a36 +vulnerability,CVE-2022-49071,vulnerability--a851a57e-0b6b-471f-9c50-837f6920ac74 +vulnerability,CVE-2022-49055,vulnerability--6eb31d0e-e653-40d0-bc4b-c9f1e89e74b3 +vulnerability,CVE-2022-49311,vulnerability--ef7f4c90-4361-4bd6-aaf7-a0e6da8a8007 +vulnerability,CVE-2022-49100,vulnerability--c886c2b2-d6f2-4923-856c-2b1b32d8fec7 +vulnerability,CVE-2022-49173,vulnerability--af1e55c3-094c-4fdb-87d7-7c644d46cc89 +vulnerability,CVE-2022-49422,vulnerability--f56f187a-3347-4a0d-878b-5ed8c5faa649 +vulnerability,CVE-2022-49179,vulnerability--e58fd032-0f8a-4a38-a924-07dd6f5d476d +vulnerability,CVE-2022-49313,vulnerability--dc6c572d-638c-49e0-9627-7c95e1f2d0e6 +vulnerability,CVE-2022-49275,vulnerability--748c7487-005b-40c0-b3a8-6b9fab4ddf00 +vulnerability,CVE-2022-49232,vulnerability--687fb99a-6fba-4329-be73-cdfafca221cb +vulnerability,CVE-2022-49559,vulnerability--c9874cd0-bc83-43f7-b018-7bffa4d6ef47 +vulnerability,CVE-2022-49613,vulnerability--56a8fcbb-1d07-4604-b0f7-b898c9631c12 +vulnerability,CVE-2022-49184,vulnerability--cfcda330-74e1-4dff-b92b-0dc3d82c5e1c +vulnerability,CVE-2022-49515,vulnerability--fd5ae035-516c-4d61-abfa-56f196fe9744 +vulnerability,CVE-2022-49148,vulnerability--68f5b56e-efac-4992-a987-bb49ae89dbf3 +vulnerability,CVE-2022-49314,vulnerability--6e0f69a0-b9db-44b0-a819-103e885ab1ad +vulnerability,CVE-2022-49089,vulnerability--61d85dcc-7aae-4da7-a7c0-aedfeb36df62 +vulnerability,CVE-2022-49509,vulnerability--9d7093ca-b3b2-43a9-a16c-41cc23b5a6fd +vulnerability,CVE-2022-49665,vulnerability--4513c093-564d-441d-baa7-dad6fb9b1d94 +vulnerability,CVE-2022-49379,vulnerability--3d2d7125-1c30-4ed5-b1c4-5dc8f0ee5aa2 +vulnerability,CVE-2022-49080,vulnerability--4e88f8ca-bbfb-4760-b004-7de8a6736e99 +vulnerability,CVE-2022-49501,vulnerability--339d978f-edae-4e5b-bb31-b42d4490fa16 +vulnerability,CVE-2022-49654,vulnerability--f62e9db6-17a5-459b-bdf7-1005018f0633 +vulnerability,CVE-2022-49609,vulnerability--d841dedd-42ad-4380-a0a0-09818ee503b6 +vulnerability,CVE-2022-49281,vulnerability--1e2b9845-ed9a-4f71-8c28-83e703e7275e +vulnerability,CVE-2022-49164,vulnerability--dd1b51c1-6171-49c0-ac00-16fe139f9a2c +vulnerability,CVE-2022-49618,vulnerability--f6c7c8dd-fc7b-4ba6-bdc4-f3941f15f5f4 +vulnerability,CVE-2022-49462,vulnerability--167ad41b-33dd-4f65-8865-63150ed95cb8 +vulnerability,CVE-2022-49167,vulnerability--ef42782a-1e77-43e2-a981-79fe490c8532 +vulnerability,CVE-2022-49103,vulnerability--e493984e-e0cf-47e5-84da-01b608227925 +vulnerability,CVE-2022-49418,vulnerability--7201bc1c-67c1-4240-9868-cb36988154cc +vulnerability,CVE-2022-49543,vulnerability--5e4dc561-6d0f-4573-a7aa-952dde9b8e08 +vulnerability,CVE-2022-49293,vulnerability--8fa3241d-bcab-44a9-a610-7cd4de4c33ce +vulnerability,CVE-2022-49477,vulnerability--301f6eb8-78f7-4e5e-a3fa-155da1f2bef4 +vulnerability,CVE-2022-49685,vulnerability--918b2212-2944-49b6-b995-6fdb9e7a58cb +vulnerability,CVE-2022-49375,vulnerability--0d05094a-27f8-407b-9151-455656f20367 +vulnerability,CVE-2022-49676,vulnerability--869967a6-ed68-4ba0-ac17-75001a329f61 +vulnerability,CVE-2022-49174,vulnerability--62c2c362-4693-4bb0-968b-856c1079b36a +vulnerability,CVE-2022-49538,vulnerability--8a7e09bf-9aa3-4bd3-8f7d-00ddcceb0f61 +vulnerability,CVE-2022-49634,vulnerability--85e8df32-598b-4c5a-8d33-ffe2de0d62d1 +vulnerability,CVE-2022-49277,vulnerability--fc65bc8f-64c0-4678-816c-e6148acd0891 +vulnerability,CVE-2022-49074,vulnerability--3acc5994-2c71-48cf-9cfc-4d940ccc965c +vulnerability,CVE-2022-49264,vulnerability--6d4a706d-f508-4452-8feb-2a36b76d9e0d +vulnerability,CVE-2022-49623,vulnerability--3649acfb-d873-4a0a-96e2-a8e3440c23fc +vulnerability,CVE-2022-49193,vulnerability--6b1ed8f5-b8b1-4c5c-9270-0939bc379328 +vulnerability,CVE-2022-49227,vulnerability--655467d8-be78-424c-891d-4375eb4a1616 +vulnerability,CVE-2022-49667,vulnerability--43d0ef89-9a19-469f-a8c5-32c3fa673b2f +vulnerability,CVE-2022-49364,vulnerability--becfaec2-8a44-4821-9979-a646ad75ed76 +vulnerability,CVE-2022-49372,vulnerability--a9b9c524-7773-4782-9d37-f600e8aab962 +vulnerability,CVE-2022-49604,vulnerability--66a6f851-0096-4a0a-9c06-c5acbeb4dc69 +vulnerability,CVE-2022-49678,vulnerability--d4bf6f14-314f-4001-b543-faf3c8d3032b +vulnerability,CVE-2022-49615,vulnerability--a60dfe8a-977c-4e16-9629-31a3bfffcc12 +vulnerability,CVE-2022-49222,vulnerability--984e9edc-dd7b-42fd-88b6-2a8cbfcb9cc3 +vulnerability,CVE-2022-49083,vulnerability--757f643b-d2e2-4309-8743-47279fc74282 +vulnerability,CVE-2022-49429,vulnerability--80d1cbe2-581c-45ed-a2f4-46be3e22171a +vulnerability,CVE-2022-49225,vulnerability--2018a843-c5fb-43df-8b45-2daa8de11a03 +vulnerability,CVE-2022-49052,vulnerability--7ab62836-0000-4c31-be3f-dc429cbdfddf +vulnerability,CVE-2022-49487,vulnerability--32e178cc-862b-4bc2-ae48-bcfd8e27d423 +vulnerability,CVE-2022-49670,vulnerability--85af907f-85d4-4367-a84c-b6fe978c0062 +vulnerability,CVE-2022-49266,vulnerability--45c48007-2a14-46bc-bb97-027fd902f642 +vulnerability,CVE-2022-49441,vulnerability--9e80ba3a-1e72-41ce-af76-550526653f2a +vulnerability,CVE-2022-49327,vulnerability--1fc96a33-e1a7-4d33-bb4c-d4d0844631a0 +vulnerability,CVE-2022-49172,vulnerability--fae06743-2738-4098-82dc-c9eb3f24a673 +vulnerability,CVE-2022-49076,vulnerability--6622d66d-e75e-4f5d-9d0a-25e12163c5a6 +vulnerability,CVE-2022-49049,vulnerability--3b031e2a-e51a-4a03-829b-14d81ae1be67 +vulnerability,CVE-2022-49399,vulnerability--868f7f16-e562-45ae-a07a-f420647d1aa9 +vulnerability,CVE-2022-49362,vulnerability--90ac6636-bc0c-4f5e-ad94-3324475c3fd8 +vulnerability,CVE-2022-49393,vulnerability--3a107be0-e0ac-4ea4-81b6-c6128538f36a +vulnerability,CVE-2022-49051,vulnerability--e6e9c591-7bbf-4b5c-a172-8d086f68457d +vulnerability,CVE-2022-49438,vulnerability--6e727534-7bd6-47d0-83f0-aef4816b2cbf +vulnerability,CVE-2022-49520,vulnerability--35a66c65-6688-438d-9bc6-62c89e973fe5 +vulnerability,CVE-2022-49278,vulnerability--8ec793fe-b0a8-4d80-9b04-8ca27509d431 +vulnerability,CVE-2022-49392,vulnerability--7e4f6ef8-47d0-48f4-b3f9-b0181bff54f6 +vulnerability,CVE-2022-49415,vulnerability--65bb70cb-4056-4a4e-840a-b7f12c2ffe09 +vulnerability,CVE-2022-49233,vulnerability--0fbf645c-117d-40ae-890c-1472e2d64b99 +vulnerability,CVE-2022-49161,vulnerability--817cc471-c00d-4a74-b6f2-3705e4a3d0a6 +vulnerability,CVE-2022-49186,vulnerability--b7506960-1498-48fc-a41c-8a6b089698bf +vulnerability,CVE-2022-49616,vulnerability--05f9e352-cc15-4f58-a613-d5de9bb79247 +vulnerability,CVE-2022-49373,vulnerability--0b85b2a2-35b0-4044-bffe-ce1a66c17ba1 +vulnerability,CVE-2022-49255,vulnerability--49a11bf2-3963-4371-8987-209744908e17 +vulnerability,CVE-2022-49310,vulnerability--3ede9712-c244-4ab9-a80f-33397002f11a +vulnerability,CVE-2022-49506,vulnerability--3bb541ae-b950-41bf-b85f-ebcfab3cbf49 +vulnerability,CVE-2022-49671,vulnerability--05c14b03-0e66-48c2-805d-a60f8edadb64 +vulnerability,CVE-2022-49637,vulnerability--6c74efc4-c31e-4cc0-be5e-11408af4c5aa +vulnerability,CVE-2022-49679,vulnerability--88f4cf57-8458-4cd2-af28-2bf6ef519ccb +vulnerability,CVE-2022-49211,vulnerability--d8a8caa7-3a35-4978-83e7-9a8c37a403f8 +vulnerability,CVE-2022-49630,vulnerability--6ed6af68-0144-4192-ad68-911b0f82ef58 +vulnerability,CVE-2022-49612,vulnerability--e20deba1-16f2-49ba-b92b-b607e1a3a2c6 +vulnerability,CVE-2022-49659,vulnerability--b92fed8a-70bb-43e6-a891-99f34848406f +vulnerability,CVE-2022-49557,vulnerability--7beca23f-79e3-4c20-938d-5744cf51f133 +vulnerability,CVE-2022-49390,vulnerability--4fd71642-a283-4261-8d8e-c9f69555b985 +vulnerability,CVE-2022-49677,vulnerability--6c7ee74b-d64c-4f98-95a3-e28c028d5a03 +vulnerability,CVE-2022-49286,vulnerability--50e09a32-80c3-4a86-aaa3-2730a49f0a63 +vulnerability,CVE-2022-49257,vulnerability--8d728a53-cb80-42d5-873f-94074bcb2f03 +vulnerability,CVE-2022-49299,vulnerability--15dc25c6-1ed8-4470-8f40-d51f6ffd4eb7 +vulnerability,CVE-2022-49050,vulnerability--3a600a5f-a8ac-43a4-89d9-1ef04985aae2 +vulnerability,CVE-2022-49641,vulnerability--bf73b121-9941-49e8-88b9-1aee2b0c1a6a +vulnerability,CVE-2022-49461,vulnerability--10d3ede7-2823-4b81-9374-65abeede21d1 +vulnerability,CVE-2022-49605,vulnerability--fc7f8fcf-4dbd-469c-81d8-6e190b2b14c5 +vulnerability,CVE-2022-49371,vulnerability--d7e4a186-4fc8-47ae-9bab-34bfedca2432 +vulnerability,CVE-2022-49082,vulnerability--4d2ca8cf-3b73-4e30-8061-c56aed2809a0 +vulnerability,CVE-2022-49261,vulnerability--c0247461-a003-4b54-9398-78559044ff21 +vulnerability,CVE-2022-49440,vulnerability--a6c3e51c-ce7b-49cc-a255-4e90dae69ec3 +vulnerability,CVE-2022-49063,vulnerability--e8f1a596-e234-4414-874a-91e6a4a00752 +vulnerability,CVE-2022-49303,vulnerability--1c5cf56d-553a-4495-a917-4dda16c4e4b4 +vulnerability,CVE-2022-49345,vulnerability--a0744377-b603-4e20-b7a7-84754496d62f +vulnerability,CVE-2022-49420,vulnerability--1318aada-61f9-473c-a951-14f0046466f3 +vulnerability,CVE-2022-49550,vulnerability--b191dab8-456a-4b42-96db-7fcf6b16065f +vulnerability,CVE-2022-49216,vulnerability--e7e1e25e-ec24-43e8-afa9-950f753fd8ae +vulnerability,CVE-2022-49643,vulnerability--c63b9e60-510e-41c2-9094-a5a5e0778b39 +vulnerability,CVE-2022-49657,vulnerability--82d74571-f906-4d73-92d5-fceb7b898642 +vulnerability,CVE-2022-49446,vulnerability--369e4039-bf7d-461b-b429-8850feebafc0 +vulnerability,CVE-2022-49254,vulnerability--f1908e90-ffc5-44a5-b873-3380528448ed +vulnerability,CVE-2022-49629,vulnerability--bf5ae0fa-f443-4c9d-be77-86c92d57a297 +vulnerability,CVE-2022-49436,vulnerability--9b939853-6a90-4feb-ac9e-1e86d5dccac1 +vulnerability,CVE-2022-49175,vulnerability--fda77875-17b0-4f0e-a297-8a963a368e53 +vulnerability,CVE-2022-49540,vulnerability--4cfca830-c466-483f-933b-3bbe5325d6db +vulnerability,CVE-2022-49144,vulnerability--d99d702b-a717-4141-9291-62185e74dab5 +vulnerability,CVE-2022-49416,vulnerability--126f0593-def6-46e1-83e6-20c544ba5dca +vulnerability,CVE-2022-49475,vulnerability--41ccdd66-a36c-4abe-aa56-fb4cab4fbad3 +vulnerability,CVE-2022-49190,vulnerability--5052d84e-e73f-4350-b9df-fddb11cf19dc +vulnerability,CVE-2022-49498,vulnerability--8195d33a-37e0-46a5-86c6-3c61d686d234 +vulnerability,CVE-2022-49530,vulnerability--0956f6ab-c8cb-486c-982a-35ea0e5d5a35 +vulnerability,CVE-2022-49188,vulnerability--fc20ccdb-fdf8-4a18-970a-5cc382a5e444 +vulnerability,CVE-2022-49218,vulnerability--6c0d3719-2b13-4c20-8c73-31db8c54add1 +vulnerability,CVE-2022-49236,vulnerability--44694b10-9c9e-4eae-9d9d-70855c782faa +vulnerability,CVE-2022-49664,vulnerability--82213cea-fcb3-4dd4-9beb-551e2fcdbe19 +vulnerability,CVE-2022-49521,vulnerability--c8996f0a-e769-4ca7-b225-0c43b4bccb70 +vulnerability,CVE-2022-49485,vulnerability--797dcca3-50fd-45ff-8ce8-f3e91aa6e077 +vulnerability,CVE-2022-49459,vulnerability--59f937f8-41e7-4a5b-85c4-fbc2622197c7 +vulnerability,CVE-2022-49518,vulnerability--c302755a-f9a6-401f-8992-9bcf048a70ae +vulnerability,CVE-2022-49248,vulnerability--158164b9-7625-4856-8e6a-79a1950bf0c1 +vulnerability,CVE-2022-49473,vulnerability--0edb0041-cad3-4b13-8d46-09dbe4d00449 +vulnerability,CVE-2022-49636,vulnerability--3b9c47e4-10cb-432e-8f1b-e04eb612d057 +vulnerability,CVE-2022-49081,vulnerability--9e83c2e6-ea27-4d61-b5bd-fa48d9fd7499 +vulnerability,CVE-2022-49199,vulnerability--d00d7e39-8047-443c-9685-c69a54fc131d +vulnerability,CVE-2022-49162,vulnerability--e9bac383-9b09-4fab-8847-f31da112883b +vulnerability,CVE-2022-49517,vulnerability--2a427598-acd3-4320-85ea-1340b0004345 +vulnerability,CVE-2022-49439,vulnerability--66629a1e-6d3e-4e50-a856-e8a029a20d38 +vulnerability,CVE-2022-49386,vulnerability--09d4875f-c6cb-408f-a990-2fed1d185f04 +vulnerability,CVE-2022-49093,vulnerability--4d167b94-836a-430b-89ba-5207d321d7ca +vulnerability,CVE-2022-49215,vulnerability--cf542acc-bb0a-4ddf-b9bb-37e479170ef9 +vulnerability,CVE-2022-49486,vulnerability--4699dafc-d428-4e16-bf8b-34d96e849938 +vulnerability,CVE-2022-49421,vulnerability--0b43bed5-140f-4aa3-920e-66ab515c2d64 +vulnerability,CVE-2022-49663,vulnerability--4bd924f3-b73f-4773-b64f-9163abae47a1 +vulnerability,CVE-2022-49333,vulnerability--02369b1c-2a04-49ff-a7db-603018ac70dd +vulnerability,CVE-2022-49171,vulnerability--993e36a4-eb6f-4f19-aa99-dd6bb4e04101 +vulnerability,CVE-2022-49444,vulnerability--9f86db42-66a6-42f0-a4bd-a93305ceba3a +vulnerability,CVE-2022-49451,vulnerability--5853c70b-da92-4c40-a8df-2c0a8ba9a4b4 +vulnerability,CVE-2022-49504,vulnerability--18d136ee-6755-43df-a73f-cf52d8643fd4 +vulnerability,CVE-2022-49340,vulnerability--25ce956b-eb9e-4d1d-ba9a-2c8f1cb2f4a0 +vulnerability,CVE-2022-49511,vulnerability--c0548685-58bf-4117-9184-7d5667fd3e76 +vulnerability,CVE-2022-49295,vulnerability--2ff6dc28-9bea-4e8e-b240-61868fce930c +vulnerability,CVE-2022-49548,vulnerability--06360538-eea2-4954-a9d0-d0e0a3cc84e9 +vulnerability,CVE-2022-49425,vulnerability--7db8fd78-28e3-43b8-b047-79ec2112f0ae +vulnerability,CVE-2022-49527,vulnerability--d21073da-5b2a-4928-a97d-650e9410d3a8 +vulnerability,CVE-2022-49135,vulnerability--faf4f0d6-09ae-4590-a41d-5de5d50b6b89 +vulnerability,CVE-2022-49259,vulnerability--a80578ae-e762-4898-bf12-bc2d311b7673 +vulnerability,CVE-2022-49265,vulnerability--15fccc05-45b2-4c03-bc06-a8312d20d91f +vulnerability,CVE-2022-49344,vulnerability--4d8b5e04-0665-41e7-9e0b-6d6212f9e1ae +vulnerability,CVE-2022-49324,vulnerability--805af0aa-5205-443f-b8e3-4bf222c70afa +vulnerability,CVE-2022-49244,vulnerability--53342e8e-33eb-43c3-84bc-8aac58393bff +vulnerability,CVE-2022-49384,vulnerability--a8e3b598-3385-40d5-b60a-a48708bd95a6 +vulnerability,CVE-2022-49433,vulnerability--4bb37121-948c-461e-9cab-0bf8bacd343a +vulnerability,CVE-2022-49661,vulnerability--ea774d78-87bf-4794-97c0-091362059a7f +vulnerability,CVE-2022-49646,vulnerability--ece30890-e747-4a74-a52d-3454701278c1 +vulnerability,CVE-2022-49389,vulnerability--13064808-c077-4f5f-b23d-162c03c77159 +vulnerability,CVE-2022-49503,vulnerability--8da79669-e3c4-4669-9a61-a762d6f57196 +vulnerability,CVE-2022-49539,vulnerability--7584f65b-359a-4c4e-8412-b38dddbeb599 +vulnerability,CVE-2022-49138,vulnerability--59ee0e20-89c5-4ae2-bc67-ec7f8a4e3b80 +vulnerability,CVE-2022-49533,vulnerability--ada7e47a-309a-4fb0-b6b6-3ddc226528ef +vulnerability,CVE-2022-49292,vulnerability--f5c292db-be00-4ef9-aed0-379b1083fa66 +vulnerability,CVE-2022-49192,vulnerability--9fc5f2bd-4763-4dbc-aa21-b39e74a34070 +vulnerability,CVE-2022-49262,vulnerability--dbb33136-a100-4c68-a1da-5a90ce0a5b99 +vulnerability,CVE-2022-49245,vulnerability--324f9ee7-7123-4bdd-916c-8f3ca4982c75 +vulnerability,CVE-2022-49084,vulnerability--2f5284b1-5ed2-4ae7-bd72-3cdf2bce5d67 +vulnerability,CVE-2022-49435,vulnerability--d1193930-c8b8-48ff-bdf1-325bb711c9ec +vulnerability,CVE-2022-49625,vulnerability--2fa89ba3-c258-4cc2-b87a-68c4d27cec03 +vulnerability,CVE-2022-49526,vulnerability--027bca92-a56c-43af-8a64-e7c225c4dd66 +vulnerability,CVE-2022-49470,vulnerability--1a5c04b6-59cf-4c69-9ba1-95a26e58c899 +vulnerability,CVE-2022-49626,vulnerability--d215a55f-0bdf-4690-a86a-997dab723015 +vulnerability,CVE-2022-49455,vulnerability--93b31c8f-c171-45ac-b469-bca33748ff99 +vulnerability,CVE-2022-49077,vulnerability--d1eaad8e-e316-479e-bbee-fbd6f53b9f4d +vulnerability,CVE-2022-49296,vulnerability--3c8ba07b-e5dc-4a71-833f-22a19331422c +vulnerability,CVE-2022-49258,vulnerability--b3ee652d-e13e-4450-bace-f787921d2bf1 +vulnerability,CVE-2022-49381,vulnerability--090ccbac-1387-49fe-8eab-b4a2a4a7c080 +vulnerability,CVE-2022-49401,vulnerability--1cb940b1-a73e-439f-8373-ee4a814f19cb +vulnerability,CVE-2022-49300,vulnerability--3a0fd9ed-414c-4c12-8d0e-7e274949cae3 +vulnerability,CVE-2022-49472,vulnerability--1d5b237a-ca35-4c7e-a4f2-a8af76bb166a +vulnerability,CVE-2022-49302,vulnerability--fead0207-c73f-438c-bb20-75e46ec64a71 +vulnerability,CVE-2022-49535,vulnerability--ef84de36-b734-4efc-b121-b34511717499 +vulnerability,CVE-2022-49231,vulnerability--58c813f1-d8f2-4f3f-a3b5-e35b9f4485f0 +vulnerability,CVE-2022-49326,vulnerability--11d5c486-86f3-4b09-905f-49c8d2101d97 +vulnerability,CVE-2022-49489,vulnerability--dd9af812-db4b-4d32-98b5-2a6fc87089f5 +vulnerability,CVE-2022-49066,vulnerability--65ee7754-1443-4249-a93f-260fd6b74d2f +vulnerability,CVE-2022-49284,vulnerability--e4b5fdb3-db5d-49a8-8167-ed05c351c1d7 +vulnerability,CVE-2022-49555,vulnerability--b7ad064d-df5c-4fd6-987e-1ecd5f3d18f2 +vulnerability,CVE-2022-49633,vulnerability--b8dff9ed-5140-42a9-bb42-5429e5728729 +vulnerability,CVE-2022-49194,vulnerability--96e2df79-9190-4d83-824b-d8a0104cf336 +vulnerability,CVE-2022-49512,vulnerability--b24c8bb6-3bc0-4b07-8b02-3fba17a838f9 +vulnerability,CVE-2022-49288,vulnerability--eb406e08-39a2-4f4c-af7b-21fa6312df6a +vulnerability,CVE-2022-49154,vulnerability--edc36f5e-b5ba-456a-bc32-02de36102e5b +vulnerability,CVE-2022-49139,vulnerability--e7277a49-0a02-4524-b540-8e51489ac798 +vulnerability,CVE-2022-49479,vulnerability--1d32d282-f083-4052-907b-e4e7325bd67b +vulnerability,CVE-2022-49061,vulnerability--a6c3fa83-70b6-45bc-a38a-09fe1a778995 +vulnerability,CVE-2022-49180,vulnerability--9476305c-0011-440f-a220-a2b776d80716 +vulnerability,CVE-2022-49377,vulnerability--b22dc6f0-d3c0-4201-897e-8f3d1e268cc9 +vulnerability,CVE-2022-49534,vulnerability--527558ba-8f6c-42a6-8b4a-a2f04b4c73fb +vulnerability,CVE-2022-49675,vulnerability--a1b6cd89-dd36-468f-9b29-bb1aa8ac275c +vulnerability,CVE-2022-49404,vulnerability--4b9c739f-7cca-4431-ab7a-43c447ef71f7 +vulnerability,CVE-2022-49554,vulnerability--3b77d249-3c3c-4f24-a625-4066a0ebe4fa +vulnerability,CVE-2022-49205,vulnerability--493c0f93-55dc-4ee6-9b22-8f416d9bebb0 +vulnerability,CVE-2022-49272,vulnerability--5fd1e609-42f7-42f6-b6c2-0ad205c896a8 +vulnerability,CVE-2022-49336,vulnerability--facf984a-23d7-46a3-b66a-6b15fc779ac0 +vulnerability,CVE-2022-49057,vulnerability--efed3f4d-dec4-4be0-beb0-f256e713e47a +vulnerability,CVE-2022-49177,vulnerability--0f54b04d-6698-4f38-ab7d-1319eada4f5d +vulnerability,CVE-2022-49514,vulnerability--d8171ddc-bd3d-4d5e-b7c3-2f101a0bbf4e +vulnerability,CVE-2022-49155,vulnerability--2a606867-7a07-4b85-b11b-c78f436a4a13 +vulnerability,CVE-2022-49223,vulnerability--0f2c12ec-7c08-40ad-ad72-11a0ef055dfe +vulnerability,CVE-2022-49491,vulnerability--2d31a239-2bbf-4e3d-aa64-073b41967bd1 +vulnerability,CVE-2022-49397,vulnerability--b8fcf309-4e20-4e24-8f1a-e53da04868ee +vulnerability,CVE-2022-49210,vulnerability--ec4df01b-319c-4566-a4e3-5d4592573cb8 +vulnerability,CVE-2022-49209,vulnerability--1621b7f1-7e6b-4016-a3dd-a130a6d9b1a0 +vulnerability,CVE-2022-49048,vulnerability--af9e8338-4bc7-44d9-bcc9-3843f293b620 +vulnerability,CVE-2022-49497,vulnerability--f28cf192-20da-4d0c-97b7-f9b0510fd3a4 +vulnerability,CVE-2022-49639,vulnerability--9fbe7dc5-0558-43e0-9b3a-c57299d20c26 +vulnerability,CVE-2022-49398,vulnerability--6e9b82ba-b481-4f66-818f-a881fd610bb6 +vulnerability,CVE-2022-49134,vulnerability--cf071e52-ee8f-4d7b-b8f6-c059feb0e63a +vulnerability,CVE-2022-49523,vulnerability--dd92f817-dd16-4015-ad18-c3077e8ff948 +vulnerability,CVE-2022-49137,vulnerability--0f76b97f-fe04-401c-ac55-168353282efa +vulnerability,CVE-2022-49499,vulnerability--494955f1-2931-41c5-a13a-4d4ca173a682 +vulnerability,CVE-2022-49621,vulnerability--0fc9ad0b-f18c-4b52-a2e4-b5eb74fe4d69 +vulnerability,CVE-2022-49407,vulnerability--64b5e2a8-74d8-4fdf-9a8f-9645c18b1eac +vulnerability,CVE-2022-49382,vulnerability--72b072ed-7167-4fbb-a806-fdf9bd0dab79 +vulnerability,CVE-2022-49608,vulnerability--104faffb-5077-4b2e-88a4-25c23007b172 +vulnerability,CVE-2022-49330,vulnerability--63c9b17d-3f8f-45b9-bc36-be8c1644f307 +vulnerability,CVE-2022-49624,vulnerability--798cb493-5d30-4832-b52a-5df7854d00d6 +vulnerability,CVE-2022-49556,vulnerability--46afb023-2552-44d6-9a64-591884a178ab +vulnerability,CVE-2022-49614,vulnerability--c25d9a07-e7fa-4092-8111-e1292c00af38 +vulnerability,CVE-2022-49412,vulnerability--c9834007-4856-4e0c-aa77-4dfedc130367 +vulnerability,CVE-2022-49681,vulnerability--66db92dc-d8c3-4c1c-bd7f-0a4233bdd1b4 +vulnerability,CVE-2022-49316,vulnerability--84528ef5-dc51-4bba-ae92-43d54aa4d12d +vulnerability,CVE-2022-49044,vulnerability--9d7bd40e-9e23-4f2f-a70b-6e65727edba5 +vulnerability,CVE-2022-49431,vulnerability--ad783acc-3788-4290-a0a7-a1192b9f3f61 +vulnerability,CVE-2022-49289,vulnerability--eb90b59f-5b17-49be-ba60-3cd474f871b7 +vulnerability,CVE-2022-49304,vulnerability--dc10e91b-c283-4325-aba6-d114ed6b815c +vulnerability,CVE-2022-49650,vulnerability--8d43686b-7e0c-4307-90db-b6d002d7d121 +vulnerability,CVE-2022-49376,vulnerability--e14208c8-4b18-4f09-b12e-8d6b98902084 +vulnerability,CVE-2022-49387,vulnerability--cfefbf53-8486-49f5-94cb-43abf93f310d +vulnerability,CVE-2022-49426,vulnerability--963560d9-6ff1-4117-8171-bd65c0d6b292 +vulnerability,CVE-2022-49309,vulnerability--3d8d80aa-0e9c-4afc-8921-8886aa9c04f7 +vulnerability,CVE-2022-49185,vulnerability--cd9dab04-7af1-47c7-8c8a-6102508f5f81 +vulnerability,CVE-2022-49551,vulnerability--c3ff4373-7673-49ee-881e-7c692b544d39 +vulnerability,CVE-2022-49651,vulnerability--72a128ca-4beb-4cc3-924e-5794c145a4d0 +vulnerability,CVE-2022-49251,vulnerability--53c783a5-d0d3-49f5-be12-c07e68054348 +vulnerability,CVE-2022-49241,vulnerability--d31b255f-66b3-4e60-b225-28cc42ff185b +vulnerability,CVE-2022-49481,vulnerability--a59e0535-5844-40d0-af14-378f9f7bfcf8 +vulnerability,CVE-2022-49273,vulnerability--d09d6737-b09a-45fc-a63b-827298f06c1b +vulnerability,CVE-2022-49213,vulnerability--8d8b3095-1848-4424-8b48-d9db5fcfaf32 +vulnerability,CVE-2022-49365,vulnerability--4675d9fa-c629-480d-b779-6b5d5d69671a +vulnerability,CVE-2022-49095,vulnerability--a56a01da-4daa-4c51-b369-9216f501589e +vulnerability,CVE-2022-49603,vulnerability--b0fcf441-5237-4f99-83f7-4e61e548559a +vulnerability,CVE-2022-49490,vulnerability--10a056d8-c31f-4030-8063-b9e47fac7e2b +vulnerability,CVE-2022-49149,vulnerability--b4ef5318-51c9-4643-8481-fbdbe9b8c929 +vulnerability,CVE-2022-49449,vulnerability--f247fc6d-7018-475d-96c1-493774a71e0c +vulnerability,CVE-2022-49153,vulnerability--4d13584d-5f76-4452-bebf-803fca24f3ac +vulnerability,CVE-2022-49465,vulnerability--ba3ef58c-1dfa-4cd5-8dd2-56f483bd5479 +vulnerability,CVE-2022-49542,vulnerability--12f55efc-b4e9-49f0-9acb-2265ab123e87 +vulnerability,CVE-2022-49287,vulnerability--6ad7f8f0-5c11-4a39-8afd-e21cac09db58 +vulnerability,CVE-2022-49496,vulnerability--ffbee861-6b3f-40e1-85b8-755c53eeb0aa +vulnerability,CVE-2022-49442,vulnerability--0ae66713-f5c5-493c-b0ec-1a587bc15f50 +vulnerability,CVE-2022-49628,vulnerability--d652d633-f3d2-4dff-ad60-e9fa8d2dc296 +vulnerability,CVE-2022-49104,vulnerability--1456a2aa-9332-4101-b31f-30d0f4c94d48 +vulnerability,CVE-2022-49463,vulnerability--2b7a71b1-e0c8-47e7-bace-0220b187d5da +vulnerability,CVE-2022-49453,vulnerability--08c6846b-8199-4038-ab9e-65df790d6854 +vulnerability,CVE-2022-49505,vulnerability--256ae3d5-f654-4631-83f0-7f30c8ac5cdb +vulnerability,CVE-2022-49136,vulnerability--4200094c-1acd-4965-ab15-bc3e75c55352 +vulnerability,CVE-2022-49368,vulnerability--03822a5e-4ce1-408f-bd5a-64f538d0e354 +vulnerability,CVE-2022-49270,vulnerability--fa1ecd9a-5f17-4d23-bf23-a15982008d14 +vulnerability,CVE-2022-49283,vulnerability--4e0bf561-4725-4cb7-9f2d-a3ce1c95d5e2 +vulnerability,CVE-2022-49452,vulnerability--40f7bba6-f309-4b95-a305-2507646604d6 +vulnerability,CVE-2022-49417,vulnerability--b2059c48-1867-433e-9c7b-6c4751c8832f +vulnerability,CVE-2022-49549,vulnerability--5e13a420-5c5e-4008-a46c-2df7011ed044 +vulnerability,CVE-2022-49256,vulnerability--5ca9a946-ac4d-4e59-a7e1-eb2ada51b1f0 +vulnerability,CVE-2022-49091,vulnerability--9173344c-b516-4da6-bf83-10efbbcdd8e1 +vulnerability,CVE-2022-49282,vulnerability--75be5f50-38e0-401e-b7bb-e9b0ff4fd413 +vulnerability,CVE-2022-49632,vulnerability--f8457212-6f52-4ae0-b186-21a6e4d637f4 +vulnerability,CVE-2022-49073,vulnerability--0bcdb137-a1bf-4adf-92ce-eb716f42f6e9 +vulnerability,CVE-2022-49445,vulnerability--541a89f8-558d-41bf-9a3d-84ba2b268d03 +vulnerability,CVE-2022-49468,vulnerability--0e94d4f7-d22d-4f90-b615-8d536a9d4d86 +vulnerability,CVE-2022-49235,vulnerability--324dccd3-a931-42fb-8a93-1b9220e047d4 +vulnerability,CVE-2022-49507,vulnerability--0a6935a2-01e5-4001-a7eb-37d56cce1a14 +vulnerability,CVE-2022-49098,vulnerability--64ca8756-cfdf-4867-ae6e-b7d0df440bc2 +vulnerability,CVE-2022-49516,vulnerability--a68ecb1d-6eb9-49bc-9b8c-3b14263371e8 +vulnerability,CVE-2022-49317,vulnerability--d3af6246-4e85-413f-a9a6-3ff08db528c6 +vulnerability,CVE-2022-49508,vulnerability--cc657c3e-d1bb-4a9c-baf8-80f8e0a33bf7 +vulnerability,CVE-2022-49226,vulnerability--308ad372-8958-4d22-a0f8-e60085be0b43 +vulnerability,CVE-2022-49464,vulnerability--935dfc63-9cd7-4ee5-90f6-a9acf93b6237 +vulnerability,CVE-2022-49201,vulnerability--0e312dbe-9dd0-40cb-818f-59bcd959cd06 +vulnerability,CVE-2022-49414,vulnerability--e803cdd3-9c32-483d-9269-23e0f9f4d6a6 +vulnerability,CVE-2022-49341,vulnerability--c04f2f76-0365-43e9-ba86-bfd0538f5962 +vulnerability,CVE-2022-49145,vulnerability--de9b5917-9908-4c83-b837-d797d8ed82d9 +vulnerability,CVE-2022-49524,vulnerability--59219a07-4fa6-4e55-8ea8-8605980e8f86 +vulnerability,CVE-2022-49219,vulnerability--21460665-a997-4128-86f8-a9b8193aeae3 +vulnerability,CVE-2022-49191,vulnerability--bd4f571f-0373-4bde-9e7e-f7795fe53c04 +vulnerability,CVE-2022-49378,vulnerability--f0c33ca4-97cd-4458-8e5b-a27275b54759 +vulnerability,CVE-2022-49054,vulnerability--6cc2e293-67e6-4b0e-8e70-1887ea0486ad +vulnerability,CVE-2022-49047,vulnerability--c1f26cf3-b33a-4c62-a36d-550afd8e6ac9 +vulnerability,CVE-2022-49385,vulnerability--ad6d8034-a97d-427e-8c32-4afdd9ff9792 +vulnerability,CVE-2022-49545,vulnerability--b086ddd6-6d48-4df5-9708-c14f0d0c841c +vulnerability,CVE-2022-49178,vulnerability--beedea92-5e45-47f6-9628-6871d18f2687 +vulnerability,CVE-2022-49430,vulnerability--271f2ca2-a556-4d09-ab9d-6b5d83f5865a +vulnerability,CVE-2022-49560,vulnerability--25e40417-bd8e-4517-9ec0-474af64027cc +vulnerability,CVE-2022-49217,vulnerability--d17b5cdc-ab55-4a8d-8e06-73206c7ad7e0 +vulnerability,CVE-2022-49078,vulnerability--7a455306-8bcf-4c12-875d-9a35f1fa1104 +vulnerability,CVE-2022-49290,vulnerability--a5ace224-81e2-46b0-a8f5-70258baab2df +vulnerability,CVE-2022-49647,vulnerability--63eb44f3-5fb1-419d-9cdb-159ecf4ae277 +vulnerability,CVE-2022-49611,vulnerability--5268c12a-4588-4688-aab5-1d4f56063898 +vulnerability,CVE-2022-49531,vulnerability--23db8778-8546-453a-a481-41532d60a927 +vulnerability,CVE-2022-49306,vulnerability--baadcb47-544a-43cd-9567-a4ad0973f956 +vulnerability,CVE-2022-49668,vulnerability--14e723b9-1823-4a9f-be6c-157fedf62215 +vulnerability,CVE-2022-25773,vulnerability--393b3453-cf70-42f4-b250-5cb45737c49e diff --git a/objects/vulnerability/vulnerability--00d45581-b5a0-462e-b70b-ce86b7484e58.json b/objects/vulnerability/vulnerability--00d45581-b5a0-462e-b70b-ce86b7484e58.json new file mode 100644 index 00000000000..1435989998a --- /dev/null +++ b/objects/vulnerability/vulnerability--00d45581-b5a0-462e-b70b-ce86b7484e58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6f95427-00e3-499d-a836-90fe279068c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00d45581-b5a0-462e-b70b-ce86b7484e58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.332864Z", + "modified": "2025-02-27T00:38:15.332864Z", + "name": "CVE-2022-49202", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: add missing NULL check in h5_enqueue\n\nSyzbot hit general protection fault in __pm_runtime_resume(). The problem\nwas in missing NULL check.\n\nhu->serdev can be NULL and we should not blindly pass &serdev->dev\nsomewhere, since it will cause GPF.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49202" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--014ae28d-17a9-4eda-b146-879c30a8d0da.json b/objects/vulnerability/vulnerability--014ae28d-17a9-4eda-b146-879c30a8d0da.json new file mode 100644 index 00000000000..415a12497a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--014ae28d-17a9-4eda-b146-879c30a8d0da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2f9fcb5-e6cd-4c44-87ba-679c69f54557", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--014ae28d-17a9-4eda-b146-879c30a8d0da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.264732Z", + "modified": "2025-02-27T00:38:15.264732Z", + "name": "CVE-2022-49547", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock between concurrent dio writes when low on free data space\n\nWhen reserving data space for a direct IO write we can end up deadlocking\nif we have multiple tasks attempting a write to the same file range, there\nare multiple extents covered by that file range, we are low on available\nspace for data and the writes don't expand the inode's i_size.\n\nThe deadlock can happen like this:\n\n1) We have a file with an i_size of 1M, at offset 0 it has an extent with\n a size of 128K and at offset 128K it has another extent also with a\n size of 128K;\n\n2) Task A does a direct IO write against file range [0, 256K), and because\n the write is within the i_size boundary, it takes the inode's lock (VFS\n level) in shared mode;\n\n3) Task A locks the file range [0, 256K) at btrfs_dio_iomap_begin(), and\n then gets the extent map for the extent covering the range [0, 128K).\n At btrfs_get_blocks_direct_write(), it creates an ordered extent for\n that file range ([0, 128K));\n\n4) Before returning from btrfs_dio_iomap_begin(), it unlocks the file\n range [0, 256K);\n\n5) Task A executes btrfs_dio_iomap_begin() again, this time for the file\n range [128K, 256K), and locks the file range [128K, 256K);\n\n6) Task B starts a direct IO write against file range [0, 256K) as well.\n It also locks the inode in shared mode, as it's within the i_size limit,\n and then tries to lock file range [0, 256K). It is able to lock the\n subrange [0, 128K) but then blocks waiting for the range [128K, 256K),\n as it is currently locked by task A;\n\n7) Task A enters btrfs_get_blocks_direct_write() and tries to reserve data\n space. Because we are low on available free space, it triggers the\n async data reclaim task, and waits for it to reserve data space;\n\n8) The async reclaim task decides to wait for all existing ordered extents\n to complete (through btrfs_wait_ordered_roots()).\n It finds the ordered extent previously created by task A for the file\n range [0, 128K) and waits for it to complete;\n\n9) The ordered extent for the file range [0, 128K) can not complete\n because it blocks at btrfs_finish_ordered_io() when trying to lock the\n file range [0, 128K).\n\n This results in a deadlock, because:\n\n - task B is holding the file range [0, 128K) locked, waiting for the\n range [128K, 256K) to be unlocked by task A;\n\n - task A is holding the file range [128K, 256K) locked and it's waiting\n for the async data reclaim task to satisfy its space reservation\n request;\n\n - the async data reclaim task is waiting for ordered extent [0, 128K)\n to complete, but the ordered extent can not complete because the\n file range [0, 128K) is currently locked by task B, which is waiting\n on task A to unlock file range [128K, 256K) and task A waiting\n on the async data reclaim task.\n\n This results in a deadlock between 4 task: task A, task B, the async\n data reclaim task and the task doing ordered extent completion (a work\n queue task).\n\nThis type of deadlock can sporadically be triggered by the test case\ngeneric/300 from fstests, and results in a stack trace like the following:\n\n[12084.033689] INFO: task kworker/u16:7:123749 blocked for more than 241 seconds.\n[12084.034877] Not tainted 5.18.0-rc2-btrfs-next-115 #1\n[12084.035562] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[12084.036548] task:kworker/u16:7 state:D stack: 0 pid:123749 ppid: 2 flags:0x00004000\n[12084.036554] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs]\n[12084.036599] Call Trace:\n[12084.036601] \n[12084.036606] __schedule+0x3cb/0xed0\n[12084.036616] schedule+0x4e/0xb0\n[12084.036620] btrfs_start_ordered_extent+0x109/0x1c0 [btrfs]\n[12084.036651] ? prepare_to_wait_exclusive+0xc0/0xc0\n[12084.036659] btrfs_run_ordered_extent_work+0x1a/0x30 [btrfs]\n[12084.036688] btrfs_work_helper+0xf8/0x400 [btrfs]\n[12084.0367\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49547" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--02369b1c-2a04-49ff-a7db-603018ac70dd.json b/objects/vulnerability/vulnerability--02369b1c-2a04-49ff-a7db-603018ac70dd.json new file mode 100644 index 00000000000..8ac10725f58 --- /dev/null +++ b/objects/vulnerability/vulnerability--02369b1c-2a04-49ff-a7db-603018ac70dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--544a7d9a-3741-4b06-a4b5-c449b56fb84f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02369b1c-2a04-49ff-a7db-603018ac70dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.623727Z", + "modified": "2025-02-27T00:38:15.623727Z", + "name": "CVE-2022-49333", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, pair only capable devices\n\nOFFLOADS paring using devcom is possible only on devices\nthat support LAG. Filter based on lag capabilities.\n\nThis fixes an issue where mlx5_get_next_phys_dev() was\ncalled without holding the interface lock.\n\nThis issue was found when commit\nbc4c2f2e0179 (\"net/mlx5: Lag, filter non compatible devices\")\nadded an assert that verifies the interface lock is held.\n\nWARNING: CPU: 9 PID: 1706 at drivers/net/ethernet/mellanox/mlx5/core/dev.c:642 mlx5_get_next_phys_dev+0xd2/0x100 [mlx5_core]\nModules linked in: mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm ib_uverbs ib_core overlay fuse [last unloaded: mlx5_core]\nCPU: 9 PID: 1706 Comm: devlink Not tainted 5.18.0-rc7+ #11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:mlx5_get_next_phys_dev+0xd2/0x100 [mlx5_core]\nCode: 02 00 75 48 48 8b 85 80 04 00 00 5d c3 31 c0 5d c3 be ff ff ff ff 48 c7 c7 08 41 5b a0 e8 36 87 28 e3 85 c0 0f 85 6f ff ff ff <0f> 0b e9 68 ff ff ff 48 c7 c7 0c 91 cc 84 e8 cb 36 6f e1 e9 4d ff\nRSP: 0018:ffff88811bf47458 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811b398000 RCX: 0000000000000001\nRDX: 0000000080000000 RSI: ffffffffa05b4108 RDI: ffff88812daaaa78\nRBP: ffff88812d050380 R08: 0000000000000001 R09: ffff88811d6b3437\nR10: 0000000000000001 R11: 00000000fddd3581 R12: ffff88815238c000\nR13: ffff88812d050380 R14: ffff8881018aa7e0 R15: ffff88811d6b3428\nFS: 00007fc82e18ae80(0000) GS:ffff88842e080000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9630d1b421 CR3: 0000000149802004 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n mlx5_esw_offloads_devcom_event+0x99/0x3b0 [mlx5_core]\n mlx5_devcom_send_event+0x167/0x1d0 [mlx5_core]\n esw_offloads_enable+0x1153/0x1500 [mlx5_core]\n ? mlx5_esw_offloads_controller_valid+0x170/0x170 [mlx5_core]\n ? wait_for_completion_io_timeout+0x20/0x20\n ? mlx5_rescan_drivers_locked+0x318/0x810 [mlx5_core]\n mlx5_eswitch_enable_locked+0x586/0xc50 [mlx5_core]\n ? mlx5_eswitch_disable_pf_vf_vports+0x1d0/0x1d0 [mlx5_core]\n ? mlx5_esw_try_lock+0x1b/0xb0 [mlx5_core]\n ? mlx5_eswitch_enable+0x270/0x270 [mlx5_core]\n ? __debugfs_create_file+0x260/0x3e0\n mlx5_devlink_eswitch_mode_set+0x27e/0x870 [mlx5_core]\n ? mutex_lock_io_nested+0x12c0/0x12c0\n ? esw_offloads_disable+0x250/0x250 [mlx5_core]\n ? devlink_nl_cmd_trap_get_dumpit+0x470/0x470\n ? rcu_read_lock_sched_held+0x3f/0x70\n devlink_nl_cmd_eswitch_set_doit+0x217/0x620", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--027bca92-a56c-43af-8a64-e7c225c4dd66.json b/objects/vulnerability/vulnerability--027bca92-a56c-43af-8a64-e7c225c4dd66.json new file mode 100644 index 00000000000..4e74d34b76c --- /dev/null +++ b/objects/vulnerability/vulnerability--027bca92-a56c-43af-8a64-e7c225c4dd66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--802d9297-0ba8-4f9c-800c-b9c16aefcc09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--027bca92-a56c-43af-8a64-e7c225c4dd66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.654976Z", + "modified": "2025-02-27T00:38:15.654976Z", + "name": "CVE-2022-49526", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/bitmap: don't set sb values if can't pass sanity check\n\nIf bitmap area contains invalid data, kernel will crash then mdadm\ntriggers \"Segmentation fault\".\nThis is cluster-md speical bug. In non-clustered env, mdadm will\nhandle broken metadata case. In clustered array, only kernel space\nhandles bitmap slot info. But even this bug only happened in clustered\nenv, current sanity check is wrong, the code should be changed.\n\nHow to trigger: (faulty injection)\n\ndd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda\ndd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb\nmdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb\nmdadm -Ss\necho aaa > magic.txt\n == below modifying slot 2 bitmap data ==\ndd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic\ndd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize\nmdadm -A /dev/md0 /dev/sda /dev/sdb\n == kernel crashes. mdadm outputs \"Segmentation fault\" ==\n\nReason of kernel crash:\n\nIn md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't\nblock chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()\ntrigger \"divide error\".\n\nCrash log:\n\nkernel: md: md0 stopped.\nkernel: md/raid1:md0: not clean -- starting background reconstruction\nkernel: md/raid1:md0: active with 2 out of 2 mirrors\nkernel: dlm: ... ...\nkernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1\nkernel: md0: invalid bitmap file superblock: bad magic\nkernel: md_bitmap_copy_from_slot can't get bitmap from slot 2\nkernel: md-cluster: Could not gather bitmaps from slot 2\nkernel: divide error: 0000 [#1] SMP NOPTI\nkernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default\nkernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nkernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]\nkernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246\nkernel: ... ...\nkernel: Call Trace:\nkernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]\nkernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]\nkernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]\nkernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]\nkernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]\nkernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]\nkernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]\nkernel: ? blkdev_ioctl+0xb1/0x2b0\nkernel: block_ioctl+0x3b/0x40\nkernel: __x64_sys_ioctl+0x7f/0xb0\nkernel: do_syscall_64+0x59/0x80\nkernel: ? exit_to_user_mode_prepare+0x1ab/0x230\nkernel: ? syscall_exit_to_user_mode+0x18/0x40\nkernel: ? do_syscall_64+0x69/0x80\nkernel: entry_SYSCALL_64_after_hwframe+0x44/0xae\nkernel: RIP: 0033:0x7f4a15fa722b\nkernel: ... ...\nkernel: ---[ end trace 8afa7612f559c868 ]---\nkernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49526" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--033bc159-6244-4655-83e6-a6980ee9f3bc.json b/objects/vulnerability/vulnerability--033bc159-6244-4655-83e6-a6980ee9f3bc.json new file mode 100644 index 00000000000..3705efc36ed --- /dev/null +++ b/objects/vulnerability/vulnerability--033bc159-6244-4655-83e6-a6980ee9f3bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e648be9-c311-450b-a5fc-7d3f8dd7aafe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--033bc159-6244-4655-83e6-a6980ee9f3bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.446157Z", + "modified": "2025-02-27T00:38:15.446157Z", + "name": "CVE-2022-49410", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix potential double free in create_var_ref()\n\nIn create_var_ref(), init_var_ref() is called to initialize the fields\nof variable ref_field, which is allocated in the previous function call\nto create_hist_field(). Function init_var_ref() allocates the\ncorresponding fields such as ref_field->system, but frees these fields\nwhen the function encounters an error. The caller later calls\ndestroy_hist_field() to conduct error handling, which frees the fields\nand the variable itself. This results in double free of the fields which\nare already freed in the previous function.\n\nFix this by storing NULL to the corresponding fields when they are freed\nin init_var_ref().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49410" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03822a5e-4ce1-408f-bd5a-64f538d0e354.json b/objects/vulnerability/vulnerability--03822a5e-4ce1-408f-bd5a-64f538d0e354.json new file mode 100644 index 00000000000..99a2139dbdd --- /dev/null +++ b/objects/vulnerability/vulnerability--03822a5e-4ce1-408f-bd5a-64f538d0e354.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75f4376f-5440-43e1-99ae-8dfdd09f56b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03822a5e-4ce1-408f-bd5a-64f538d0e354", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.748118Z", + "modified": "2025-02-27T00:38:15.748118Z", + "name": "CVE-2022-49368", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()\n\nThe \"fsp->location\" variable comes from user via ethtool_get_rxnfc().\nCheck that it is valid to prevent an out of bounds read.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03e60f3e-2891-4f52-a223-c03139a873f8.json b/objects/vulnerability/vulnerability--03e60f3e-2891-4f52-a223-c03139a873f8.json new file mode 100644 index 00000000000..dfb78312fb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--03e60f3e-2891-4f52-a223-c03139a873f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33342ebe-cbf0-4076-af13-1f0ce7b0a249", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03e60f3e-2891-4f52-a223-c03139a873f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.737978Z", + "modified": "2025-02-27T00:38:07.737978Z", + "name": "CVE-2025-25796", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04861f6b-d72a-4460-ac60-57dbf8751a8b.json b/objects/vulnerability/vulnerability--04861f6b-d72a-4460-ac60-57dbf8751a8b.json new file mode 100644 index 00000000000..3ae5baf3616 --- /dev/null +++ b/objects/vulnerability/vulnerability--04861f6b-d72a-4460-ac60-57dbf8751a8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bdfac0d-0813-44a4-a968-d0696b60edb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04861f6b-d72a-4460-ac60-57dbf8751a8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.310814Z", + "modified": "2025-02-27T00:38:15.310814Z", + "name": "CVE-2022-49640", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix data races in proc_douintvec_minmax().\n\nA sysctl variable is accessed concurrently, and there is always a chance\nof data-race. So, all readers and writers need some basic protection to\navoid load/store-tearing.\n\nThis patch changes proc_douintvec_minmax() to use READ_ONCE() and\nWRITE_ONCE() internally to fix data-races on the sysctl side. For now,\nproc_douintvec_minmax() itself is tolerant to a data-race, but we still\nneed to add annotations on the other subsystem's side.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04a3f1be-0e2b-4115-9c86-7a38e26e1350.json b/objects/vulnerability/vulnerability--04a3f1be-0e2b-4115-9c86-7a38e26e1350.json new file mode 100644 index 00000000000..975f3ecae12 --- /dev/null +++ b/objects/vulnerability/vulnerability--04a3f1be-0e2b-4115-9c86-7a38e26e1350.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd9af8a2-69ad-4992-a730-9ad831e2a466", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04a3f1be-0e2b-4115-9c86-7a38e26e1350", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.363133Z", + "modified": "2025-02-27T00:38:15.363133Z", + "name": "CVE-2022-49147", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix the maximum minor value is blk_alloc_ext_minor()\n\nida_alloc_range(..., min, max, ...) returns values from min to max,\ninclusive.\n\nSo, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor().\n\nThis is an issue because in device_add_disk(), this value is used in:\n ddev->devt = MKDEV(disk->major, disk->first_minor);\nand NR_EXT_DEVT is '(1 << MINORBITS)'.\n\nSo, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49147" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04fb92a1-2de9-4517-b5d2-ca728fe7dd61.json b/objects/vulnerability/vulnerability--04fb92a1-2de9-4517-b5d2-ca728fe7dd61.json new file mode 100644 index 00000000000..4cecaf53fc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--04fb92a1-2de9-4517-b5d2-ca728fe7dd61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e28f430-d92f-4b35-94c5-4b0d511aad69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04fb92a1-2de9-4517-b5d2-ca728fe7dd61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.361185Z", + "modified": "2025-02-27T00:38:15.361185Z", + "name": "CVE-2022-49065", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix the svc_deferred_event trace class\n\nFix a NULL deref crash that occurs when an svc_rqst is deferred\nwhile the sunrpc tracing subsystem is enabled. svc_revisit() sets\ndr->xprt to NULL, so it can't be relied upon in the tracepoint to\nprovide the remote's address.\n\nUnfortunately we can't revert the \"svc_deferred_class\" hunk in\ncommit ece200ddd54b (\"sunrpc: Save remote presentation address in\nsvc_xprt for trace events\") because there is now a specific check\nof event format specifiers for unsafe dereferences. The warning\nthat check emits is:\n\n event svc_defer_recv has unsafe dereference of argument 1\n\nA \"%pISpc\" format specifier with a \"struct sockaddr *\" is indeed\nflagged by this check.\n\nInstead, take the brute-force approach used by the svcrdma_qp_error\ntracepoint. Convert the dr::addr field into a presentation address\nin the TP_fast_assign() arm of the trace event, and store that as\na string. This fix can be backported to -stable kernels.\n\nIn the meantime, commit c6ced22997ad (\"tracing: Update print fmt\ncheck to handle new __get_sockaddr() macro\") is now in v5.18, so\nthis wonky fix can be replaced with __sockaddr() and friends\nproperly during the v5.19 merge window.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49065" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--053cba64-83e6-4827-aaf2-10a61e9f799c.json b/objects/vulnerability/vulnerability--053cba64-83e6-4827-aaf2-10a61e9f799c.json new file mode 100644 index 00000000000..e8c452a1eb2 --- /dev/null +++ b/objects/vulnerability/vulnerability--053cba64-83e6-4827-aaf2-10a61e9f799c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef7a3b36-e124-4b06-aff8-66e66d88f1b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--053cba64-83e6-4827-aaf2-10a61e9f799c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.227782Z", + "modified": "2025-02-27T00:38:11.227782Z", + "name": "CVE-2021-47646", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"Revert \"block, bfq: honor already-setup queue merges\"\"\n\nA crash [1] happened to be triggered in conjunction with commit\n2d52c58b9c9b (\"block, bfq: honor already-setup queue merges\"). The\nlatter was then reverted by commit ebc69e897e17 (\"Revert \"block, bfq:\nhonor already-setup queue merges\"\"). Yet, the reverted commit was not\nthe one introducing the bug. In fact, it actually triggered a UAF\nintroduced by a different commit, and now fixed by commit d29bd41428cf\n(\"block, bfq: reset last_bfqq_created on group change\").\n\nSo, there is no point in keeping commit 2d52c58b9c9b (\"block, bfq:\nhonor already-setup queue merges\") out. This commit restores it.\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05c14b03-0e66-48c2-805d-a60f8edadb64.json b/objects/vulnerability/vulnerability--05c14b03-0e66-48c2-805d-a60f8edadb64.json new file mode 100644 index 00000000000..239e011a275 --- /dev/null +++ b/objects/vulnerability/vulnerability--05c14b03-0e66-48c2-805d-a60f8edadb64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad5272ed-07cd-4a80-aa09-7da2f733f440", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05c14b03-0e66-48c2-805d-a60f8edadb64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.564199Z", + "modified": "2025-02-27T00:38:15.564199Z", + "name": "CVE-2022-49671", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cm: Fix memory leak in ib_cm_insert_listen\n\ncm_alloc_id_priv() allocates resource for the cm_id_priv. When\ncm_init_listen() fails it doesn't free it, leading to memory leak.\n\nAdd the missing error unwind.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05f9e352-cc15-4f58-a613-d5de9bb79247.json b/objects/vulnerability/vulnerability--05f9e352-cc15-4f58-a613-d5de9bb79247.json new file mode 100644 index 00000000000..40f1297fafe --- /dev/null +++ b/objects/vulnerability/vulnerability--05f9e352-cc15-4f58-a613-d5de9bb79247.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1fb227e-998c-4668-be6b-788e04f96281", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05f9e352-cc15-4f58-a613-d5de9bb79247", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.559338Z", + "modified": "2025-02-27T00:38:15.559338Z", + "name": "CVE-2022-49616", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt7*-sdw: harden jack_detect_handler\n\nRealtek headset codec drivers typically check if the card is\ninstantiated before proceeding with the jack detection.\n\nThe rt700, rt711 and rt711-sdca are however missing a check on the\ncard pointer, which can lead to NULL dereferences encountered in\ndriver bind/unbind tests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06360538-eea2-4954-a9d0-d0e0a3cc84e9.json b/objects/vulnerability/vulnerability--06360538-eea2-4954-a9d0-d0e0a3cc84e9.json new file mode 100644 index 00000000000..ea1aca4c611 --- /dev/null +++ b/objects/vulnerability/vulnerability--06360538-eea2-4954-a9d0-d0e0a3cc84e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7955da2f-29ca-4720-83ad-83a3d113ee5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06360538-eea2-4954-a9d0-d0e0a3cc84e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.631522Z", + "modified": "2025-02-27T00:38:15.631522Z", + "name": "CVE-2022-49548", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix potential array overflow in bpf_trampoline_get_progs()\n\nThe cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not\ninclude BPF_TRAMP_MODIFY_RETURN bpf programs, so the number of\nthe attached BPF_TRAMP_MODIFY_RETURN bpf programs in a trampoline\ncan exceed BPF_MAX_TRAMP_PROGS.\n\nWhen this happens, the assignment '*progs++ = aux->prog' in\nbpf_trampoline_get_progs() will cause progs array overflow as the\nprogs field in the bpf_tramp_progs struct can only hold at most\nBPF_MAX_TRAMP_PROGS bpf programs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06c329a9-a681-4b7a-b705-b1ae33033396.json b/objects/vulnerability/vulnerability--06c329a9-a681-4b7a-b705-b1ae33033396.json new file mode 100644 index 00000000000..c47a698b6ac --- /dev/null +++ b/objects/vulnerability/vulnerability--06c329a9-a681-4b7a-b705-b1ae33033396.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b6297b1-27bd-49a3-a88f-3e64e9f37214", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06c329a9-a681-4b7a-b705-b1ae33033396", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.240675Z", + "modified": "2025-02-27T00:38:15.240675Z", + "name": "CVE-2022-49323", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()\n\nIt will cause null-ptr-deref when using 'res', if platform_get_resource()\nreturns NULL, so move using 'res' after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07c5408f-65fb-485b-8331-29adf2a1365c.json b/objects/vulnerability/vulnerability--07c5408f-65fb-485b-8331-29adf2a1365c.json new file mode 100644 index 00000000000..089a4af67f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--07c5408f-65fb-485b-8331-29adf2a1365c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--198ac0d9-3609-44a5-9bb6-37755137792d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07c5408f-65fb-485b-8331-29adf2a1365c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.394158Z", + "modified": "2025-02-27T00:38:15.394158Z", + "name": "CVE-2022-49200", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt\n\nFix the following kernel oops in btmtksdio_interrrupt\n\n[ 14.339134] btmtksdio_interrupt+0x28/0x54\n[ 14.339139] process_sdio_pending_irqs+0x68/0x1a0\n[ 14.339144] sdio_irq_work+0x40/0x70\n[ 14.339154] process_one_work+0x184/0x39c\n[ 14.339160] worker_thread+0x228/0x3e8\n[ 14.339168] kthread+0x148/0x3ac\n[ 14.339176] ret_from_fork+0x10/0x30\n\nThat happened because hdev->power_on is already called before\nsdio_set_drvdata which btmtksdio_interrupt handler relies on is not\nproperly set up.\n\nThe details are shown as the below: hci_register_dev would run\nqueue_work(hdev->req_workqueue, &hdev->power_on) as WQ_HIGHPRI\nworkqueue_struct to complete the power-on sequeunce and thus hci_power_on\nmay run before sdio_set_drvdata is done in btmtksdio_probe.\n\nThe hci_dev_do_open in hci_power_on would initialize the device and enable\nthe interrupt and thus it is possible that btmtksdio_interrupt is being\ncalled right before sdio_set_drvdata is filled out.\n\nWhen btmtksdio_interrupt is being called and sdio_set_drvdata is not filled\n, the kernel oops is going to happen because btmtksdio_interrupt access an\nuninitialized pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08b1bf74-8f49-4c0a-8118-54cf62f5c1d6.json b/objects/vulnerability/vulnerability--08b1bf74-8f49-4c0a-8118-54cf62f5c1d6.json new file mode 100644 index 00000000000..113ab6ea703 --- /dev/null +++ b/objects/vulnerability/vulnerability--08b1bf74-8f49-4c0a-8118-54cf62f5c1d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d837c4e7-8055-48e2-b128-0275414dc8c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08b1bf74-8f49-4c0a-8118-54cf62f5c1d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.462262Z", + "modified": "2025-02-27T00:38:15.462262Z", + "name": "CVE-2022-49493", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix errorenous cleanup order\n\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and\ndelete the &rt5645->btn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\n\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\n\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08c6846b-8199-4038-ab9e-65df790d6854.json b/objects/vulnerability/vulnerability--08c6846b-8199-4038-ab9e-65df790d6854.json new file mode 100644 index 00000000000..626613bc018 --- /dev/null +++ b/objects/vulnerability/vulnerability--08c6846b-8199-4038-ab9e-65df790d6854.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5082582-4b03-4a5c-8215-9686ba8f907c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08c6846b-8199-4038-ab9e-65df790d6854", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.745244Z", + "modified": "2025-02-27T00:38:15.745244Z", + "name": "CVE-2022-49453", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc\n\nThe allocation funciton devm_kcalloc may fail and return a null pointer,\nwhich would cause a null-pointer dereference later.\nIt might be better to check it and directly return -ENOMEM just like the\nusage of devm_kcalloc in previous code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49453" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--090ccbac-1387-49fe-8eab-b4a2a4a7c080.json b/objects/vulnerability/vulnerability--090ccbac-1387-49fe-8eab-b4a2a4a7c080.json new file mode 100644 index 00000000000..d7f70c6d070 --- /dev/null +++ b/objects/vulnerability/vulnerability--090ccbac-1387-49fe-8eab-b4a2a4a7c080.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a90a20a9-ec85-4a62-9dfe-ea51b8c115b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--090ccbac-1387-49fe-8eab-b4a2a4a7c080", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.661711Z", + "modified": "2025-02-27T00:38:15.661711Z", + "name": "CVE-2022-49381", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_fill_super\n\nIf jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns\nan error, we can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff888105a65340 (size 64):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kmem_cache_alloc_trace+0x475/0x8a0\n [] jffs2_sum_init+0x96/0x1a0\n [] jffs2_do_mount_fs+0x745/0x2120\n [] jffs2_do_fill_super+0x35c/0x810\n [] jffs2_fill_super+0x2b9/0x3b0\n [...]\nunreferenced object 0xffff8881bd7f0000 (size 65536):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n backtrace:\n [] kmalloc_order+0xda/0x110\n [] kmalloc_order_trace+0x21/0x130\n [] __kmalloc+0x711/0x8a0\n [] jffs2_sum_init+0xd9/0x1a0\n [] jffs2_do_mount_fs+0x745/0x2120\n [] jffs2_do_fill_super+0x35c/0x810\n [] jffs2_fill_super+0x2b9/0x3b0\n [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49381" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0956f6ab-c8cb-486c-982a-35ea0e5d5a35.json b/objects/vulnerability/vulnerability--0956f6ab-c8cb-486c-982a-35ea0e5d5a35.json new file mode 100644 index 00000000000..9e272a525ca --- /dev/null +++ b/objects/vulnerability/vulnerability--0956f6ab-c8cb-486c-982a-35ea0e5d5a35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36cdee17-392a-4a93-b088-923b0020b8f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0956f6ab-c8cb-486c-982a-35ea0e5d5a35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.601952Z", + "modified": "2025-02-27T00:38:15.601952Z", + "name": "CVE-2022-49530", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix double free in si_parse_power_table()\n\nIn function si_parse_power_table(), array adev->pm.dpm.ps and its member\nis allocated. If the allocation of each member fails, the array itself\nis freed and returned with an error code. However, the array is later\nfreed again in si_dpm_fini() function which is called when the function\nreturns an error.\n\nThis leads to potential double free of the array adev->pm.dpm.ps, as\nwell as leak of its array members, since the members are not freed in\nthe allocation function and the array is not nulled when freed.\nIn addition adev->pm.dpm.num_ps, which keeps track of the allocated\narray member, is not updated until the member allocation is\nsuccessfully finished, this could also lead to either use after free,\nor uninitialized variable access in si_dpm_fini().\n\nFix this by postponing the free of the array until si_dpm_fini() and\nincrement adev->pm.dpm.num_ps everytime the array member is allocated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--097d0310-f416-4a7c-a0ba-141f4ff4f622.json b/objects/vulnerability/vulnerability--097d0310-f416-4a7c-a0ba-141f4ff4f622.json new file mode 100644 index 00000000000..38d46a96616 --- /dev/null +++ b/objects/vulnerability/vulnerability--097d0310-f416-4a7c-a0ba-141f4ff4f622.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--921136b0-c64b-4d36-90fa-ecad3bbdd8be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--097d0310-f416-4a7c-a0ba-141f4ff4f622", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.255921Z", + "modified": "2025-02-27T00:38:15.255921Z", + "name": "CVE-2022-49150", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49150" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09d4875f-c6cb-408f-a990-2fed1d185f04.json b/objects/vulnerability/vulnerability--09d4875f-c6cb-408f-a990-2fed1d185f04.json new file mode 100644 index 00000000000..c4d2b0113ac --- /dev/null +++ b/objects/vulnerability/vulnerability--09d4875f-c6cb-408f-a990-2fed1d185f04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b178e506-bd18-48bc-bf86-02f4083ef69c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09d4875f-c6cb-408f-a990-2fed1d185f04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.617973Z", + "modified": "2025-02-27T00:38:15.617973Z", + "name": "CVE-2022-49386", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nam65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don't release\nthe refcount in error case.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49386" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09fa0e4d-1fb9-4612-87cc-6546f37de2f9.json b/objects/vulnerability/vulnerability--09fa0e4d-1fb9-4612-87cc-6546f37de2f9.json new file mode 100644 index 00000000000..b7a64b53f9e --- /dev/null +++ b/objects/vulnerability/vulnerability--09fa0e4d-1fb9-4612-87cc-6546f37de2f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3454e05-b6b1-46d9-9ae6-bd9baea6e667", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09fa0e4d-1fb9-4612-87cc-6546f37de2f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.518249Z", + "modified": "2025-02-27T00:38:07.518249Z", + "name": "CVE-2025-0889", + "description": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0889" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a45b573-8f9a-4b5b-afa2-6fe061d4c610.json b/objects/vulnerability/vulnerability--0a45b573-8f9a-4b5b-afa2-6fe061d4c610.json new file mode 100644 index 00000000000..7db5fd5536c --- /dev/null +++ b/objects/vulnerability/vulnerability--0a45b573-8f9a-4b5b-afa2-6fe061d4c610.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49a8bdca-0ba2-4440-862a-4ba7e0c6b06c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a45b573-8f9a-4b5b-afa2-6fe061d4c610", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.427836Z", + "modified": "2025-02-27T00:38:15.427836Z", + "name": "CVE-2022-49338", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules\n\nCT cleanup assumes that all tc rules were deleted first, and so\nis free to delete the CT shared resources (e.g the dr_action\nfwd_action which is shared for all tuples). But currently for\nuplink, this is happens in reverse, causing the below trace.\n\nCT cleanup is called from:\nmlx5e_cleanup_rep_tx()->mlx5e_cleanup_uplink_rep_tx()->\nmlx5e_rep_tc_cleanup()->mlx5e_tc_esw_cleanup()->\nmlx5_tc_ct_clean()\n\nOnly afterwards, tc cleanup is called from:\nmlx5e_cleanup_rep_tx()->mlx5e_tc_ht_cleanup()\nwhich would have deleted all the tc ct rules, and so delete\nall the offloaded tuples.\n\nFix this reversing the order of init and on cleanup, which\nwill result in tc cleanup then ct cleanup.\n\n[ 9443.593347] WARNING: CPU: 2 PID: 206774 at drivers/net/ethernet/mellanox/mlx5/core/steering/dr_action.c:1882 mlx5dr_action_destroy+0x188/0x1a0 [mlx5_core]\n[ 9443.593349] Modules linked in: act_ct nf_flow_table rdma_ucm(O) rdma_cm(O) iw_cm(O) ib_ipoib(O) ib_cm(O) ib_umad(O) mlx5_core(O-) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) psample ib_core(O) mlx_compat(O) ip_gre gre ip_tunnel act_vlan bonding geneve esp6_offload esp6 esp4_offload esp4 act_tunnel_key vxlan ip6_udp_tunnel udp_tunnel act_mirred act_skbedit act_gact cls_flower sch_ingress nfnetlink_cttimeout nfnetlink xfrm_user xfrm_algo 8021q garp stp ipmi_devintf mrp ipmi_msghandler llc openvswitch nsh nf_conncount nf_nat mst_pciconf(O) dm_multipath sbsa_gwdt uio_pdrv_genirq uio mlxbf_pmc mlxbf_pka mlx_trio mlx_bootctl(O) bluefield_edac sch_fq_codel ip_tables ipv6 crc_ccitt btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor xor_neon raid6_pq raid1 raid0 crct10dif_ce i2c_mlxbf gpio_mlxbf2 mlxbf_gige aes_neon_bs aes_neon_blk [last unloaded: mlx5_ib]\n[ 9443.593419] CPU: 2 PID: 206774 Comm: modprobe Tainted: G O 5.4.0-1023.24.gc14613d-bluefield #1\n[ 9443.593422] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:143ebaf Jan 11 2022\n[ 9443.593424] pstate: 20000005 (nzCv daif -PAN -UAO)\n[ 9443.593489] pc : mlx5dr_action_destroy+0x188/0x1a0 [mlx5_core]\n[ 9443.593545] lr : mlx5_ct_fs_smfs_destroy+0x24/0x30 [mlx5_core]\n[ 9443.593546] sp : ffff8000135dbab0\n[ 9443.593548] x29: ffff8000135dbab0 x28: ffff0003a6ab8e80\n[ 9443.593550] x27: 0000000000000000 x26: ffff0003e07d7000\n[ 9443.593552] x25: ffff800009609de0 x24: ffff000397fb2120\n[ 9443.593554] x23: ffff0003975c0000 x22: 0000000000000000\n[ 9443.593556] x21: ffff0003975f08c0 x20: ffff800009609de0\n[ 9443.593558] x19: ffff0003c8a13380 x18: 0000000000000014\n[ 9443.593560] x17: 0000000067f5f125 x16: 000000006529c620\n[ 9443.593561] x15: 000000000000000b x14: 0000000000000000\n[ 9443.593563] x13: 0000000000000002 x12: 0000000000000001\n[ 9443.593565] x11: ffff800011108868 x10: 0000000000000000\n[ 9443.593567] x9 : 0000000000000000 x8 : ffff8000117fb270\n[ 9443.593569] x7 : ffff0003ebc01288 x6 : 0000000000000000\n[ 9443.593571] x5 : ffff800009591ab8 x4 : fffffe000f6d9a20\n[ 9443.593572] x3 : 0000000080040001 x2 : fffffe000f6d9a20\n[ 9443.593574] x1 : ffff8000095901d8 x0 : 0000000000000025\n[ 9443.593577] Call trace:\n[ 9443.593634] mlx5dr_action_destroy+0x188/0x1a0 [mlx5_core]\n[ 9443.593688] mlx5_ct_fs_smfs_destroy+0x24/0x30 [mlx5_core]\n[ 9443.593743] mlx5_tc_ct_clean+0x34/0xa8 [mlx5_core]\n[ 9443.593797] mlx5e_tc_esw_cleanup+0x58/0x88 [mlx5_core]\n[ 9443.593851] mlx5e_rep_tc_cleanup+0x24/0x30 [mlx5_core]\n[ 9443.593905] mlx5e_cleanup_rep_tx+0x6c/0x78 [mlx5_core]\n[ 9443.593959] mlx5e_detach_netdev+0x74/0x98 [mlx5_core]\n[ 9443.594013] mlx5e_netdev_change_profile+0x70/0x180 [mlx5_core]\n[ 9443.594067] mlx5e_netdev_attach_nic_profile+0x34/0x40 [mlx5_core]\n[ 9443.594122] mlx5e_vport_rep_unload+0x15c/0x1a8 [mlx5_core]\n[ 9443.594177] mlx5_eswitch_unregister_vport_reps+0x228/0x298 [mlx5_core]\n[ 9443.594231] mlx5e_rep_remove+0x2c/0x38\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49338" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a6935a2-01e5-4001-a7eb-37d56cce1a14.json b/objects/vulnerability/vulnerability--0a6935a2-01e5-4001-a7eb-37d56cce1a14.json new file mode 100644 index 00000000000..ce91d82c85e --- /dev/null +++ b/objects/vulnerability/vulnerability--0a6935a2-01e5-4001-a7eb-37d56cce1a14.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c5f1e90-df7b-41d7-8ac6-496f95c4b732", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a6935a2-01e5-4001-a7eb-37d56cce1a14", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.761147Z", + "modified": "2025-02-27T00:38:15.761147Z", + "name": "CVE-2022-49507", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9121: Fix uninit-value in da9121_assign_chip_model()\n\nKASAN report slab-out-of-bounds in __regmap_init as follows:\n\nBUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841\nRead of size 1 at addr ffff88803678cdf1 by task xrun/9137\n\nCPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88\n print_report.cold+0xcd/0x69b mm/kasan/report.c:313\n kasan_report+0x8e/0xc0 mm/kasan/report.c:491\n __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841\n __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266\n __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394\n da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039\n i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563\n\nThis happend when da9121 device is probe by da9121_i2c_id, but with\ninvalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later\nda9121_assign_chip_model() will access 'regmap' without init it.\n\nFix it by return -EINVAL from da9121_assign_chip_model() if\n'chip->subvariant_id' is invalid.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49507" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ae66713-f5c5-493c-b0ec-1a587bc15f50.json b/objects/vulnerability/vulnerability--0ae66713-f5c5-493c-b0ec-1a587bc15f50.json new file mode 100644 index 00000000000..1c00be8bc3b --- /dev/null +++ b/objects/vulnerability/vulnerability--0ae66713-f5c5-493c-b0ec-1a587bc15f50.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c381e35c-d2c3-4b55-bd83-5098b9b6e0c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ae66713-f5c5-493c-b0ec-1a587bc15f50", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.741657Z", + "modified": "2025-02-27T00:38:15.741657Z", + "name": "CVE-2022-49442", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/base/node.c: fix compaction sysfs file leak\n\nCompaction sysfs file is created via compaction_register_node in\nregister_node. But we forgot to remove it in unregister_node. Thus\ncompaction sysfs file is leaked. Using compaction_unregister_node to fix\nthis issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49442" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b2199f4-ca8f-477b-885d-95577a21eab2.json b/objects/vulnerability/vulnerability--0b2199f4-ca8f-477b-885d-95577a21eab2.json new file mode 100644 index 00000000000..1cf9e37987e --- /dev/null +++ b/objects/vulnerability/vulnerability--0b2199f4-ca8f-477b-885d-95577a21eab2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb7f1f77-b867-4e12-855a-f540888e8971", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b2199f4-ca8f-477b-885d-95577a21eab2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.419975Z", + "modified": "2025-02-27T00:38:15.419975Z", + "name": "CVE-2022-49561", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: re-fetch conntrack after insertion\n\nIn case the conntrack is clashing, insertion can free skb->_nfct and\nset skb->_nfct to the already-confirmed entry.\n\nThis wasn't found before because the conntrack entry and the extension\nspace used to free'd after an rcu grace period, plus the race needs\nevents enabled to trigger.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b43bed5-140f-4aa3-920e-66ab515c2d64.json b/objects/vulnerability/vulnerability--0b43bed5-140f-4aa3-920e-66ab515c2d64.json new file mode 100644 index 00000000000..58ff8392c84 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b43bed5-140f-4aa3-920e-66ab515c2d64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27ae67eb-85c0-4570-a049-d1785430f210", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b43bed5-140f-4aa3-920e-66ab515c2d64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.621899Z", + "modified": "2025-02-27T00:38:15.621899Z", + "name": "CVE-2022-49421", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup\n\nof_parse_phandle() returns a node pointer with refcount incremented, we should\nuse of_node_put() on it when not need anymore. Add missing of_node_put() to\navoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49421" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b85b2a2-35b0-4044-bffe-ce1a66c17ba1.json b/objects/vulnerability/vulnerability--0b85b2a2-35b0-4044-bffe-ce1a66c17ba1.json new file mode 100644 index 00000000000..01b4eb09105 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b85b2a2-35b0-4044-bffe-ce1a66c17ba1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a7dcb57-fe08-403d-82a9-fc9af541b174", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b85b2a2-35b0-4044-bffe-ce1a66c17ba1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.56035Z", + "modified": "2025-02-27T00:38:15.56035Z", + "name": "CVE-2022-49373", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() in some error paths.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49373" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b866a98-b325-472d-b03c-ba5e08fe98d9.json b/objects/vulnerability/vulnerability--0b866a98-b325-472d-b03c-ba5e08fe98d9.json new file mode 100644 index 00000000000..d044d76c1bd --- /dev/null +++ b/objects/vulnerability/vulnerability--0b866a98-b325-472d-b03c-ba5e08fe98d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9fde9f0-539e-4979-af18-66e393ade408", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b866a98-b325-472d-b03c-ba5e08fe98d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.471925Z", + "modified": "2025-02-27T00:38:15.471925Z", + "name": "CVE-2022-49196", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix use after free in remove_phb_dynamic()\n\nIn remove_phb_dynamic() we use &phb->io_resource, after we've called\ndevice_unregister(&host_bridge->dev). But the unregister may have freed\nphb, because pcibios_free_controller_deferred() is the release function\nfor the host_bridge.\n\nIf there are no outstanding references when we call device_unregister()\nthen phb will be freed out from under us.\n\nThis has gone mainly unnoticed, but with slub_debug and page_poison\nenabled it can lead to a crash:\n\n PID: 7574 TASK: c0000000d492cb80 CPU: 13 COMMAND: \"drmgr\"\n #0 [c0000000e4f075a0] crash_kexec at c00000000027d7dc\n #1 [c0000000e4f075d0] oops_end at c000000000029608\n #2 [c0000000e4f07650] __bad_page_fault at c0000000000904b4\n #3 [c0000000e4f076c0] do_bad_slb_fault at c00000000009a5a8\n #4 [c0000000e4f076f0] data_access_slb_common_virt at c000000000008b30\n Data SLB Access [380] exception frame:\n R0: c000000000167250 R1: c0000000e4f07a00 R2: c000000002a46100\n R3: c000000002b39ce8 R4: 00000000000000c0 R5: 00000000000000a9\n R6: 3894674d000000c0 R7: 0000000000000000 R8: 00000000000000ff\n R9: 0000000000000100 R10: 6b6b6b6b6b6b6b6b R11: 0000000000008000\n R12: c00000000023da80 R13: c0000009ffd38b00 R14: 0000000000000000\n R15: 000000011c87f0f0 R16: 0000000000000006 R17: 0000000000000003\n R18: 0000000000000002 R19: 0000000000000004 R20: 0000000000000005\n R21: 000000011c87ede8 R22: 000000011c87c5a8 R23: 000000011c87d3a0\n R24: 0000000000000000 R25: 0000000000000001 R26: c0000000e4f07cc8\n R27: c00000004d1cc400 R28: c0080000031d00e8 R29: c00000004d23d800\n R30: c00000004d1d2400 R31: c00000004d1d2540\n NIP: c000000000167258 MSR: 8000000000009033 OR3: c000000000e9f474\n CTR: 0000000000000000 LR: c000000000167250 XER: 0000000020040003\n CCR: 0000000024088420 MQ: 0000000000000000 DAR: 6b6b6b6b6b6b6ba3\n DSISR: c0000000e4f07920 Syscall Result: fffffffffffffff2\n [NIP : release_resource+56]\n [LR : release_resource+48]\n #5 [c0000000e4f07a00] release_resource at c000000000167258 (unreliable)\n #6 [c0000000e4f07a30] remove_phb_dynamic at c000000000105648\n #7 [c0000000e4f07ab0] dlpar_remove_slot at c0080000031a09e8 [rpadlpar_io]\n #8 [c0000000e4f07b50] remove_slot_store at c0080000031a0b9c [rpadlpar_io]\n #9 [c0000000e4f07be0] kobj_attr_store at c000000000817d8c\n #10 [c0000000e4f07c00] sysfs_kf_write at c00000000063e504\n #11 [c0000000e4f07c20] kernfs_fop_write_iter at c00000000063d868\n #12 [c0000000e4f07c70] new_sync_write at c00000000054339c\n #13 [c0000000e4f07d10] vfs_write at c000000000546624\n #14 [c0000000e4f07d60] ksys_write at c0000000005469f4\n #15 [c0000000e4f07db0] system_call_exception at c000000000030840\n #16 [c0000000e4f07e10] system_call_vectored_common at c00000000000c168\n\nTo avoid it, we can take a reference to the host_bridge->dev until we're\ndone using phb. Then when we drop the reference the phb will be freed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49196" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b867288-fb6e-4d7c-a3b2-d19078bb1b1f.json b/objects/vulnerability/vulnerability--0b867288-fb6e-4d7c-a3b2-d19078bb1b1f.json new file mode 100644 index 00000000000..cdb7aee60af --- /dev/null +++ b/objects/vulnerability/vulnerability--0b867288-fb6e-4d7c-a3b2-d19078bb1b1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca7e91af-7afc-45b8-bb13-c030f33d4699", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b867288-fb6e-4d7c-a3b2-d19078bb1b1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.338913Z", + "modified": "2025-02-27T00:38:15.338913Z", + "name": "CVE-2022-49519", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath10k: skip ath10k_halt during suspend for driver state RESTARTING\n\nDouble free crash is observed when FW recovery(caused by wmi\ntimeout/crash) is followed by immediate suspend event. The FW recovery\nis triggered by ath10k_core_restart() which calls driver clean up via\nath10k_halt(). When the suspend event occurs between the FW recovery,\nthe restart worker thread is put into frozen state until suspend completes.\nThe suspend event triggers ath10k_stop() which again triggers ath10k_halt()\nThe double invocation of ath10k_halt() causes ath10k_htt_rx_free() to be\ncalled twice(Note: ath10k_htt_rx_alloc was not called by restart worker\nthread because of its frozen state), causing the crash.\n\nTo fix this, during the suspend flow, skip call to ath10k_halt() in\nath10k_stop() when the current driver state is ATH10K_STATE_RESTARTING.\nAlso, for driver state ATH10K_STATE_RESTARTING, call\nath10k_wait_for_suspend() in ath10k_stop(). This is because call to\nath10k_wait_for_suspend() is skipped later in\n[ath10k_halt() > ath10k_core_stop()] for the driver state\nATH10K_STATE_RESTARTING.\n\nThe frozen restart worker thread will be cancelled during resume when the\ndevice comes out of suspend.\n\nBelow is the crash stack for reference:\n\n[ 428.469167] ------------[ cut here ]------------\n[ 428.469180] kernel BUG at mm/slub.c:4150!\n[ 428.469193] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 428.469219] Workqueue: events_unbound async_run_entry_fn\n[ 428.469230] RIP: 0010:kfree+0x319/0x31b\n[ 428.469241] RSP: 0018:ffffa1fac015fc30 EFLAGS: 00010246\n[ 428.469247] RAX: ffffedb10419d108 RBX: ffff8c05262b0000\n[ 428.469252] RDX: ffff8c04a8c07000 RSI: 0000000000000000\n[ 428.469256] RBP: ffffa1fac015fc78 R08: 0000000000000000\n[ 428.469276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 428.469285] Call Trace:\n[ 428.469295] ? dma_free_attrs+0x5f/0x7d\n[ 428.469320] ath10k_core_stop+0x5b/0x6f\n[ 428.469336] ath10k_halt+0x126/0x177\n[ 428.469352] ath10k_stop+0x41/0x7e\n[ 428.469387] drv_stop+0x88/0x10e\n[ 428.469410] __ieee80211_suspend+0x297/0x411\n[ 428.469441] rdev_suspend+0x6e/0xd0\n[ 428.469462] wiphy_suspend+0xb1/0x105\n[ 428.469483] ? name_show+0x2d/0x2d\n[ 428.469490] dpm_run_callback+0x8c/0x126\n[ 428.469511] ? name_show+0x2d/0x2d\n[ 428.469517] __device_suspend+0x2e7/0x41b\n[ 428.469523] async_suspend+0x1f/0x93\n[ 428.469529] async_run_entry_fn+0x3d/0xd1\n[ 428.469535] process_one_work+0x1b1/0x329\n[ 428.469541] worker_thread+0x213/0x372\n[ 428.469547] kthread+0x150/0x15f\n[ 428.469552] ? pr_cont_work+0x58/0x58\n[ 428.469558] ? kthread_blkcg+0x31/0x31\n\nTested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b87d3d8-1d33-4d41-9988-8f5fbb2f0c9a.json b/objects/vulnerability/vulnerability--0b87d3d8-1d33-4d41-9988-8f5fbb2f0c9a.json new file mode 100644 index 00000000000..c067e08276a --- /dev/null +++ b/objects/vulnerability/vulnerability--0b87d3d8-1d33-4d41-9988-8f5fbb2f0c9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6dbca31e-e7c7-4041-a132-98855821ac33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b87d3d8-1d33-4d41-9988-8f5fbb2f0c9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.303983Z", + "modified": "2025-02-27T00:38:15.303983Z", + "name": "CVE-2022-49427", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Remove clk_disable in mtk_iommu_remove\n\nAfter the commit b34ea31fe013 (\"iommu/mediatek: Always enable the clk on\nresume\"), the iommu clock is controlled by the runtime callback.\nthus remove the clk control in the mtk_iommu_remove.\n\nOtherwise, it will warning like:\n\necho 14018000.iommu > /sys/bus/platform/drivers/mtk-iommu/unbind\n\n[ 51.413044] ------------[ cut here ]------------\n[ 51.413648] vpp0_smi_iommu already disabled\n[ 51.414233] WARNING: CPU: 2 PID: 157 at */v5.15-rc1/kernel/mediatek/\n drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8\n[ 51.417174] Hardware name: MT8195V/C(ENG) (DT)\n[ 51.418635] pc : clk_core_disable+0xb0/0xb8\n[ 51.419177] lr : clk_core_disable+0xb0/0xb8\n...\n[ 51.429375] Call trace:\n[ 51.429694] clk_core_disable+0xb0/0xb8\n[ 51.430193] clk_core_disable_lock+0x24/0x40\n[ 51.430745] clk_disable+0x20/0x30\n[ 51.431189] mtk_iommu_remove+0x58/0x118\n[ 51.431705] platform_remove+0x28/0x60\n[ 51.432197] device_release_driver_internal+0x110/0x1f0\n[ 51.432873] device_driver_detach+0x18/0x28\n[ 51.433418] unbind_store+0xd4/0x108\n[ 51.433886] drv_attr_store+0x24/0x38\n[ 51.434363] sysfs_kf_write+0x40/0x58\n[ 51.434843] kernfs_fop_write_iter+0x164/0x1e0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49427" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0bba7b5f-c415-420c-8655-e499df5de763.json b/objects/vulnerability/vulnerability--0bba7b5f-c415-420c-8655-e499df5de763.json new file mode 100644 index 00000000000..ed1910a5d01 --- /dev/null +++ b/objects/vulnerability/vulnerability--0bba7b5f-c415-420c-8655-e499df5de763.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c32e197-4264-40b6-9032-6d9c61c8e978", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0bba7b5f-c415-420c-8655-e499df5de763", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.402628Z", + "modified": "2025-02-27T00:38:15.402628Z", + "name": "CVE-2022-49301", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in usb_read8() and friends\n\nWhen r8712_usbctrl_vendorreq() returns negative, 'data' in\nusb_read{8,16,32} will not be initialized.\n\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]\nBUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725\n string_nocheck lib/vsprintf.c:643 [inline]\n string+0x4ec/0x6f0 lib/vsprintf.c:725\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\n va_format lib/vsprintf.c:1704 [inline]\n pointer+0x18e6/0x1f70 lib/vsprintf.c:2443\n vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\n dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604\n dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615\n __dev_printk+0x3be/0x440 drivers/base/core.c:4627\n _dev_info+0x1ea/0x22f drivers/base/core.c:4673\n r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5363 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]\n port_event drivers/usb/core/hub.c:5665 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289\n worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436\n kthread+0x3c7/0x500 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30\n\nLocal variable data created at:\n usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33\n r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49301" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0bcdb137-a1bf-4adf-92ce-eb716f42f6e9.json b/objects/vulnerability/vulnerability--0bcdb137-a1bf-4adf-92ce-eb716f42f6e9.json new file mode 100644 index 00000000000..f168ca756d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--0bcdb137-a1bf-4adf-92ce-eb716f42f6e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34f43509-374a-429d-a4cb-0b250dae71c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0bcdb137-a1bf-4adf-92ce-eb716f42f6e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.757435Z", + "modified": "2025-02-27T00:38:15.757435Z", + "name": "CVE-2022-49073", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: sata_dwc_460ex: Fix crash due to OOB write\n\nthe driver uses libata's \"tag\" values from in various arrays.\nSince the mentioned patch bumped the ATA_TAG_INTERNAL to 32,\nthe value of the SATA_DWC_QCMD_MAX needs to account for that.\n\nOtherwise ATA_TAG_INTERNAL usage cause similar crashes like\nthis as reported by Tice Rex on the OpenWrt Forum and\nreproduced (with symbols) here:\n\n| BUG: Kernel NULL pointer dereference at 0x00000000\n| Faulting instruction address: 0xc03ed4b8\n| Oops: Kernel access of bad area, sig: 11 [#1]\n| BE PAGE_SIZE=4K PowerPC 44x Platform\n| CPU: 0 PID: 362 Comm: scsi_eh_1 Not tainted 5.4.163 #0\n| NIP: c03ed4b8 LR: c03d27e8 CTR: c03ed36c\n| REGS: cfa59950 TRAP: 0300 Not tainted (5.4.163)\n| MSR: 00021000 CR: 42000222 XER: 00000000\n| DEAR: 00000000 ESR: 00000000\n| GPR00: c03d27e8 cfa59a08 cfa55fe0 00000000 0fa46bc0 [...]\n| [..]\n| NIP [c03ed4b8] sata_dwc_qc_issue+0x14c/0x254\n| LR [c03d27e8] ata_qc_issue+0x1c8/0x2dc\n| Call Trace:\n| [cfa59a08] [c003f4e0] __cancel_work_timer+0x124/0x194 (unreliable)\n| [cfa59a78] [c03d27e8] ata_qc_issue+0x1c8/0x2dc\n| [cfa59a98] [c03d2b3c] ata_exec_internal_sg+0x240/0x524\n| [cfa59b08] [c03d2e98] ata_exec_internal+0x78/0xe0\n| [cfa59b58] [c03d30fc] ata_read_log_page.part.38+0x1dc/0x204\n| [cfa59bc8] [c03d324c] ata_identify_page_supported+0x68/0x130\n| [...]\n\nThis is because sata_dwc_dma_xfer_complete() NULLs the\ndma_pending's next neighbour \"chan\" (a *dma_chan struct) in\nthis '32' case right here (line ~735):\n> hsdevp->dma_pending[tag] = SATA_DWC_DMA_PENDING_NONE;\n\nThen the next time, a dma gets issued; dma_dwc_xfer_setup() passes\nthe NULL'd hsdevp->chan to the dmaengine_slave_config() which then\ncauses the crash.\n\nWith this patch, SATA_DWC_QCMD_MAX is now set to ATA_MAX_QUEUE + 1.\nThis avoids the OOB. But please note, there was a worthwhile discussion\non what ATA_TAG_INTERNAL and ATA_MAX_QUEUE is. And why there should not\nbe a \"fake\" 33 command-long queue size.\n\nIdeally, the dw driver should account for the ATA_TAG_INTERNAL.\nIn Damien Le Moal's words: \"... having looked at the driver, it\nis a bigger change than just faking a 33rd \"tag\" that is in fact\nnot a command tag at all.\"\n\nBugLink: https://github.com/openwrt/openwrt/issues/9505", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d05094a-27f8-407b-9151-455656f20367.json b/objects/vulnerability/vulnerability--0d05094a-27f8-407b-9151-455656f20367.json new file mode 100644 index 00000000000..970a7e6650d --- /dev/null +++ b/objects/vulnerability/vulnerability--0d05094a-27f8-407b-9151-455656f20367.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7fef56e-68b8-445f-afc8-6424a1fb1934", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d05094a-27f8-407b-9151-455656f20367", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.519455Z", + "modified": "2025-02-27T00:38:15.519455Z", + "name": "CVE-2022-49375", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: mt6397: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49375" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d1e3269-35a2-48d8-8f09-f5f8c3c43e69.json b/objects/vulnerability/vulnerability--0d1e3269-35a2-48d8-8f09-f5f8c3c43e69.json new file mode 100644 index 00000000000..52df932312d --- /dev/null +++ b/objects/vulnerability/vulnerability--0d1e3269-35a2-48d8-8f09-f5f8c3c43e69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--538528e2-19ef-43f4-8a1d-81b90f6d05c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d1e3269-35a2-48d8-8f09-f5f8c3c43e69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.368965Z", + "modified": "2025-02-27T00:38:15.368965Z", + "name": "CVE-2022-49363", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\n f2fs_invalidate_blocks+0x193/0x2d0\n f2fs_fallocate+0x2593/0x4a70\n vfs_fallocate+0x2a5/0xac0\n ksys_fallocate+0x35/0x70\n __x64_sys_fallocate+0x8e/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\n\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49363" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0dd41f3b-d8b5-4e92-a87a-5aa53d6211f1.json b/objects/vulnerability/vulnerability--0dd41f3b-d8b5-4e92-a87a-5aa53d6211f1.json new file mode 100644 index 00000000000..20bd0296239 --- /dev/null +++ b/objects/vulnerability/vulnerability--0dd41f3b-d8b5-4e92-a87a-5aa53d6211f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96adde72-5355-4098-99e6-2c921ddee13b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0dd41f3b-d8b5-4e92-a87a-5aa53d6211f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.457569Z", + "modified": "2025-02-27T00:38:15.457569Z", + "name": "CVE-2022-49067", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit\n\nmpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000.\n\nBecause of the way __pa() works we have:\n __pa(0x8000000000000000) == 0, and therefore\n virt_to_pfn(0x8000000000000000) == 0, and therefore\n virt_addr_valid(0x8000000000000000) == true\n\nWhich is wrong, virt_addr_valid() should be false for vmalloc space.\nIn fact all vmalloc addresses that alias with a valid PFN will return\ntrue from virt_addr_valid(). That can cause bugs with hardened usercopy\nas described below by Kefeng Wang:\n\n When running ethtool eth0 on 64-bit Book3E, a BUG occurred:\n\n usercopy: Kernel memory exposure attempt detected from SLUB object not in SLUB page?! (offset 0, size 1048)!\n kernel BUG at mm/usercopy.c:99\n ...\n usercopy_abort+0x64/0xa0 (unreliable)\n __check_heap_object+0x168/0x190\n __check_object_size+0x1a0/0x200\n dev_ethtool+0x2494/0x2b20\n dev_ioctl+0x5d0/0x770\n sock_do_ioctl+0xf0/0x1d0\n sock_ioctl+0x3ec/0x5a0\n __se_sys_ioctl+0xf0/0x160\n system_call_exception+0xfc/0x1f0\n system_call_common+0xf8/0x200\n\n The code shows below,\n\n data = vzalloc(array_size(gstrings.len, ETH_GSTRING_LEN));\n copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN))\n\n The data is alloced by vmalloc(), virt_addr_valid(ptr) will return true\n on 64-bit Book3E, which leads to the panic.\n\n As commit 4dd7554a6456 (\"powerpc/64: Add VIRTUAL_BUG_ON checks for __va\n and __pa addresses\") does, make sure the virt addr above PAGE_OFFSET in\n the virt_addr_valid() for 64-bit, also add upper limit check to make\n sure the virt is below high_memory.\n\n Meanwhile, for 32-bit PAGE_OFFSET is the virtual address of the start\n of lowmem, high_memory is the upper low virtual address, the check is\n suitable for 32-bit, this will fix the issue mentioned in commit\n 602946ec2f90 (\"powerpc: Set max_mapnr correctly\") too.\n\nOn 32-bit there is a similar problem with high memory, that was fixed in\ncommit 602946ec2f90 (\"powerpc: Set max_mapnr correctly\"), but that\ncommit breaks highmem and needs to be reverted.\n\nWe can't easily fix __pa(), we have code that relies on its current\nbehaviour. So for now add extra checks to virt_addr_valid().\n\nFor 64-bit Book3S the extra checks are not necessary, the combination of\nvirt_to_pfn() and pfn_valid() should yield the correct result, but they\nare harmless.\n\n[mpe: Add additional change log detail]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49067" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e312dbe-9dd0-40cb-818f-59bcd959cd06.json b/objects/vulnerability/vulnerability--0e312dbe-9dd0-40cb-818f-59bcd959cd06.json new file mode 100644 index 00000000000..ea65f636613 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e312dbe-9dd0-40cb-818f-59bcd959cd06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--222f493a-0fec-428f-9f9d-8590576c53a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e312dbe-9dd0-40cb-818f-59bcd959cd06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.767928Z", + "modified": "2025-02-27T00:38:15.767928Z", + "name": "CVE-2022-49201", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: fix race between xmit and reset\n\nThere is a race between reset and the transmit paths that can lead to\nibmvnic_xmit() accessing an scrq after it has been freed in the reset\npath. It can result in a crash like:\n\n\tKernel attempted to read user page (0) - exploit attempt? (uid: 0)\n\tBUG: Kernel NULL pointer dereference on read at 0x00000000\n\tFaulting instruction address: 0xc0080000016189f8\n\tOops: Kernel access of bad area, sig: 11 [#1]\n\t...\n\tNIP [c0080000016189f8] ibmvnic_xmit+0x60/0xb60 [ibmvnic]\n\tLR [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\tCall Trace:\n\t[c008000001618f08] ibmvnic_xmit+0x570/0xb60 [ibmvnic] (unreliable)\n\t[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\t[c000000000c9cfcc] sch_direct_xmit+0xec/0x330\n\t[c000000000bfe640] __dev_xmit_skb+0x3a0/0x9d0\n\t[c000000000c00ad4] __dev_queue_xmit+0x394/0x730\n\t[c008000002db813c] __bond_start_xmit+0x254/0x450 [bonding]\n\t[c008000002db8378] bond_start_xmit+0x40/0xc0 [bonding]\n\t[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\t[c000000000c00ca4] __dev_queue_xmit+0x564/0x730\n\t[c000000000cf97e0] neigh_hh_output+0xd0/0x180\n\t[c000000000cfa69c] ip_finish_output2+0x31c/0x5c0\n\t[c000000000cfd244] __ip_queue_xmit+0x194/0x4f0\n\t[c000000000d2a3c4] __tcp_transmit_skb+0x434/0x9b0\n\t[c000000000d2d1e0] __tcp_retransmit_skb+0x1d0/0x6a0\n\t[c000000000d2d984] tcp_retransmit_skb+0x34/0x130\n\t[c000000000d310e8] tcp_retransmit_timer+0x388/0x6d0\n\t[c000000000d315ec] tcp_write_timer_handler+0x1bc/0x330\n\t[c000000000d317bc] tcp_write_timer+0x5c/0x200\n\t[c000000000243270] call_timer_fn+0x50/0x1c0\n\t[c000000000243704] __run_timers.part.0+0x324/0x460\n\t[c000000000243894] run_timer_softirq+0x54/0xa0\n\t[c000000000ea713c] __do_softirq+0x15c/0x3e0\n\t[c000000000166258] __irq_exit_rcu+0x158/0x190\n\t[c000000000166420] irq_exit+0x20/0x40\n\t[c00000000002853c] timer_interrupt+0x14c/0x2b0\n\t[c000000000009a00] decrementer_common_virt+0x210/0x220\n\t--- interrupt: 900 at plpar_hcall_norets_notrace+0x18/0x2c\n\nThe immediate cause of the crash is the access of tx_scrq in the following\nsnippet during a reset, where the tx_scrq can be either NULL or an address\nthat will soon be invalid:\n\n\tibmvnic_xmit()\n\t{\n\t\t...\n\t\ttx_scrq = adapter->tx_scrq[queue_num];\n\t\ttxq = netdev_get_tx_queue(netdev, queue_num);\n\t\tind_bufp = &tx_scrq->ind_buf;\n\n\t\tif (test_bit(0, &adapter->resetting)) {\n\t\t...\n\t}\n\nBut beyond that, the call to ibmvnic_xmit() itself is not safe during a\nreset and the reset path attempts to avoid this by stopping the queue in\nibmvnic_cleanup(). However just after the queue was stopped, an in-flight\nibmvnic_complete_tx() could have restarted the queue even as the reset is\nprogressing.\n\nSince the queue was restarted we could get a call to ibmvnic_xmit() which\ncan then access the bad tx_scrq (or other fields).\n\nWe cannot however simply have ibmvnic_complete_tx() check the ->resetting\nbit and skip starting the queue. This can race at the \"back-end\" of a good\nreset which just restarted the queue but has not cleared the ->resetting\nbit yet. If we skip restarting the queue due to ->resetting being true,\nthe queue would remain stopped indefinitely potentially leading to transmit\ntimeouts.\n\nIOW ->resetting is too broad for this purpose. Instead use a new flag\nthat indicates whether or not the queues are active. Only the open/\nreset paths control when the queues are active. ibmvnic_complete_tx()\nand others wake up the queue only if the queue is marked active.\n\nSo we will have:\n\tA. reset/open thread in ibmvnic_cleanup() and __ibmvnic_open()\n\n\t\t->resetting = true\n\t\t->tx_queues_active = false\n\t\tdisable tx queues\n\t\t...\n\t\t->tx_queues_active = true\n\t\tstart tx queues\n\n\tB. Tx interrupt in ibmvnic_complete_tx():\n\n\t\tif (->tx_queues_active)\n\t\t\tnetif_wake_subqueue();\n\nTo ensure that ->tx_queues_active and state of the queues are consistent,\nwe need a lock which:\n\n\t- must also be taken in the interrupt path (ibmvnic_complete_tx())\n\t- shared across the multiple\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e94d4f7-d22d-4f90-b615-8d536a9d4d86.json b/objects/vulnerability/vulnerability--0e94d4f7-d22d-4f90-b615-8d536a9d4d86.json new file mode 100644 index 00000000000..13d739c9797 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e94d4f7-d22d-4f90-b615-8d536a9d4d86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49476c6c-fff5-45e5-a66a-292e346bf731", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e94d4f7-d22d-4f90-b615-8d536a9d4d86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.759277Z", + "modified": "2025-02-27T00:38:15.759277Z", + "name": "CVE-2022-49468", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/core: Fix memory leak in __thermal_cooling_device_register()\n\nI got memory leak as follows when doing fault injection test:\n\nunreferenced object 0xffff888010080000 (size 264312):\n comm \"182\", pid 102533, jiffies 4296434960 (age 10.100s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......\n backtrace:\n [<0000000038b2f4fc>] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969\n [<00000000ebcb8da5>] __kmalloc+0x373/0x420 include/linux/slab.h:510\n [<0000000084137f13>] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586\n [<00000000352b8755>] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927\n [<00000000fb9f331b>] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041\n [<000000009b8012d2>] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211\n [<00000000da0b7e04>] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561\n\nIf device_register() fails, thermal_cooling_device_destroy_sysfs() need be called\nto free the memory allocated in thermal_cooling_device_setup_sysfs().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49468" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0edb0041-cad3-4b13-8d46-09dbe4d00449.json b/objects/vulnerability/vulnerability--0edb0041-cad3-4b13-8d46-09dbe4d00449.json new file mode 100644 index 00000000000..3bf9986be66 --- /dev/null +++ b/objects/vulnerability/vulnerability--0edb0041-cad3-4b13-8d46-09dbe4d00449.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7489bc0-3c3e-46b3-8f7a-30ae2983c42f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0edb0041-cad3-4b13-8d46-09dbe4d00449", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.611407Z", + "modified": "2025-02-27T00:38:15.611407Z", + "name": "CVE-2022-49473", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49473" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f005f2f-5c8e-480a-abbf-cb1006cfe1b9.json b/objects/vulnerability/vulnerability--0f005f2f-5c8e-480a-abbf-cb1006cfe1b9.json new file mode 100644 index 00000000000..79c3c39d9be --- /dev/null +++ b/objects/vulnerability/vulnerability--0f005f2f-5c8e-480a-abbf-cb1006cfe1b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5aaae4f2-4bd0-4058-ab39-eda8ada8e4bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f005f2f-5c8e-480a-abbf-cb1006cfe1b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.66368Z", + "modified": "2025-02-27T00:38:07.66368Z", + "name": "CVE-2025-1634", + "description": "A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f2c12ec-7c08-40ad-ad72-11a0ef055dfe.json b/objects/vulnerability/vulnerability--0f2c12ec-7c08-40ad-ad72-11a0ef055dfe.json new file mode 100644 index 00000000000..4d209db7c5b --- /dev/null +++ b/objects/vulnerability/vulnerability--0f2c12ec-7c08-40ad-ad72-11a0ef055dfe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e468d869-615b-451f-9b84-606b9ab7e09d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f2c12ec-7c08-40ad-ad72-11a0ef055dfe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.692561Z", + "modified": "2025-02-27T00:38:15.692561Z", + "name": "CVE-2022-49223", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Hold port reference until decoder release\n\nKASAN + DEBUG_KOBJECT_RELEASE reports a potential use-after-free in\ncxl_decoder_release() where it goes to reference its parent, a cxl_port,\nto free its id back to port->decoder_ida.\n\n BUG: KASAN: use-after-free in to_cxl_port+0x18/0x90 [cxl_core]\n Read of size 8 at addr ffff888119270908 by task kworker/35:2/379\n\n CPU: 35 PID: 379 Comm: kworker/35:2 Tainted: G OE 5.17.0-rc2+ #198\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events kobject_delayed_cleanup\n Call Trace:\n \n dump_stack_lvl+0x59/0x73\n print_address_description.constprop.0+0x1f/0x150\n ? to_cxl_port+0x18/0x90 [cxl_core]\n kasan_report.cold+0x83/0xdf\n ? to_cxl_port+0x18/0x90 [cxl_core]\n to_cxl_port+0x18/0x90 [cxl_core]\n cxl_decoder_release+0x2a/0x60 [cxl_core]\n device_release+0x5f/0x100\n kobject_cleanup+0x80/0x1c0\n\nThe device core only guarantees parent lifetime until all children are\nunregistered. If a child needs a parent to complete its ->release()\ncallback that child needs to hold a reference to extend the lifetime of\nthe parent.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49223" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f54b04d-6698-4f38-ab7d-1319eada4f5d.json b/objects/vulnerability/vulnerability--0f54b04d-6698-4f38-ab7d-1319eada4f5d.json new file mode 100644 index 00000000000..4c6ef8a2f94 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f54b04d-6698-4f38-ab7d-1319eada4f5d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2846c091-eef8-4fc7-8c6a-ed0c7ee3443a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f54b04d-6698-4f38-ab7d-1319eada4f5d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.689806Z", + "modified": "2025-02-27T00:38:15.689806Z", + "name": "CVE-2022-49177", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: cavium - fix NULL but dereferenced coccicheck error\n\nFix following coccicheck warning:\n./drivers/char/hw_random/cavium-rng-vf.c:182:17-20: ERROR:\npdev is NULL but dereferenced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49177" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f76b97f-fe04-401c-ac55-168353282efa.json b/objects/vulnerability/vulnerability--0f76b97f-fe04-401c-ac55-168353282efa.json new file mode 100644 index 00000000000..87b0416ee84 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f76b97f-fe04-401c-ac55-168353282efa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90363b1e-6a0e-4149-a58f-f385156a24bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f76b97f-fe04-401c-ac55-168353282efa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.703023Z", + "modified": "2025-02-27T00:38:15.703023Z", + "name": "CVE-2022-49137", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj\n\nThis issue takes place in an error path in\namdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into\ndefault case, the function simply returns -EINVAL, forgetting to\ndecrement the reference count of a dma_fence obj, which is bumped\nearlier by amdgpu_cs_get_fence(). This may result in reference count\nleaks.\n\nFix it by decreasing the refcount of specific object before returning\nthe error code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fbf645c-117d-40ae-890c-1472e2d64b99.json b/objects/vulnerability/vulnerability--0fbf645c-117d-40ae-890c-1472e2d64b99.json new file mode 100644 index 00000000000..e50754acef9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fbf645c-117d-40ae-890c-1472e2d64b99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dc36986-8d11-4531-b11d-814a7012877a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fbf645c-117d-40ae-890c-1472e2d64b99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.556522Z", + "modified": "2025-02-27T00:38:15.556522Z", + "name": "CVE-2022-49233", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Call dc_stream_release for remove link enc assignment\n\n[Why]\nA porting error resulted in the stream assignment for the link\nbeing retained without being released - a memory leak.\n\n[How]\nFix the porting error by adding back the dc_stream_release() intended\nas part of the original patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fc9ad0b-f18c-4b52-a2e4-b5eb74fe4d69.json b/objects/vulnerability/vulnerability--0fc9ad0b-f18c-4b52-a2e4-b5eb74fe4d69.json new file mode 100644 index 00000000000..6dc8ab91a09 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fc9ad0b-f18c-4b52-a2e4-b5eb74fe4d69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7093ee3-e7fc-4f7f-8fcc-67d8c2a902bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fc9ad0b-f18c-4b52-a2e4-b5eb74fe4d69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.705014Z", + "modified": "2025-02-27T00:38:15.705014Z", + "name": "CVE-2022-49621", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: pmac32-cpufreq: Fix refcount leak bug\n\nIn pmac_cpufreq_init_MacRISC3(), we need to add corresponding\nof_node_put() for the three node pointers whose refcount have\nbeen incremented by of_find_node_by_name().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49621" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--104faffb-5077-4b2e-88a4-25c23007b172.json b/objects/vulnerability/vulnerability--104faffb-5077-4b2e-88a4-25c23007b172.json new file mode 100644 index 00000000000..c3be91542a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--104faffb-5077-4b2e-88a4-25c23007b172.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f81e9c4-580d-40aa-8ad7-a1f0ec2cc8ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--104faffb-5077-4b2e-88a4-25c23007b172", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.707942Z", + "modified": "2025-02-27T00:38:15.707942Z", + "name": "CVE-2022-49608", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ralink: Check for null return of devm_kcalloc\n\nBecause of the possible failure of the allocation, data->domains might\nbe NULL pointer and will cause the dereference of the NULL pointer\nlater.\nTherefore, it might be better to check it and directly return -ENOMEM\nwithout releasing data manually if fails, because the comment of the\ndevm_kmalloc() says \"Memory allocated with this function is\nautomatically freed on driver detach.\".", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10a056d8-c31f-4030-8063-b9e47fac7e2b.json b/objects/vulnerability/vulnerability--10a056d8-c31f-4030-8063-b9e47fac7e2b.json new file mode 100644 index 00000000000..ac6ca31bb5f --- /dev/null +++ b/objects/vulnerability/vulnerability--10a056d8-c31f-4030-8063-b9e47fac7e2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f011ef29-87d1-457f-ac71-c79b57c8719b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10a056d8-c31f-4030-8063-b9e47fac7e2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.734196Z", + "modified": "2025-02-27T00:38:15.734196Z", + "name": "CVE-2022-49490", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected\n\nmdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring\nthe modeset lock, but currently mdp5_pipe_release doesn't check for if\nan error is returned. Because of this, there is a possibility of\nmdp5_pipe_release hitting a NULL dereference error.\n\nTo avoid this, let's have mdp5_pipe_release check if\nmdp5_get_global_state returns an error and propogate that error.\n\nChanges since v1:\n- Separated declaration and initialization of *new_state to avoid\n compiler warning\n- Fixed some spelling mistakes in commit message\n\nChanges since v2:\n- Return 0 in case where hwpipe is NULL as this is considered normal\n behavior\n- Added 2nd patch in series to fix a similar NULL dereference issue in\n mdp5_mixer_release\n\nPatchwork: https://patchwork.freedesktop.org/patch/485179/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10d3ede7-2823-4b81-9374-65abeede21d1.json b/objects/vulnerability/vulnerability--10d3ede7-2823-4b81-9374-65abeede21d1.json new file mode 100644 index 00000000000..11b8454fe5b --- /dev/null +++ b/objects/vulnerability/vulnerability--10d3ede7-2823-4b81-9374-65abeede21d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bb56dfb-d8b9-4cd8-b44c-d85492617368", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10d3ede7-2823-4b81-9374-65abeede21d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.578179Z", + "modified": "2025-02-27T00:38:15.578179Z", + "name": "CVE-2022-49461", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\namt: fix memory leak for advertisement message\n\nWhen a gateway receives an advertisement message, it extracts relay\ninformation and then it should be freed.\nBut the advertisement handler doesn't free it.\nSo, memory leak would occur.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10f6f524-08f9-47db-970b-6a7793db7b6f.json b/objects/vulnerability/vulnerability--10f6f524-08f9-47db-970b-6a7793db7b6f.json new file mode 100644 index 00000000000..a81c3bbc4b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--10f6f524-08f9-47db-970b-6a7793db7b6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b5c9b12-3643-430b-8baf-1e9f01dedda1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10f6f524-08f9-47db-970b-6a7793db7b6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.598793Z", + "modified": "2025-02-27T00:38:01.598793Z", + "name": "CVE-2024-13632", + "description": "The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13632" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--114cb7fc-2468-4e6d-99b1-06e74e439170.json b/objects/vulnerability/vulnerability--114cb7fc-2468-4e6d-99b1-06e74e439170.json new file mode 100644 index 00000000000..933a2ef4a0c --- /dev/null +++ b/objects/vulnerability/vulnerability--114cb7fc-2468-4e6d-99b1-06e74e439170.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a478f42f-ad5f-45bf-b17b-2e02c337e393", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--114cb7fc-2468-4e6d-99b1-06e74e439170", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.482308Z", + "modified": "2025-02-27T00:38:15.482308Z", + "name": "CVE-2022-49645", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Fix shrinker list corruption by madvise IOCTL\n\nCalling madvise IOCTL twice on BO causes memory shrinker list corruption\nand crashes kernel because BO is already on the list and it's added to\nthe list again, while BO should be removed from the list before it's\nre-added. Fix it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11d5c486-86f3-4b09-905f-49c8d2101d97.json b/objects/vulnerability/vulnerability--11d5c486-86f3-4b09-905f-49c8d2101d97.json new file mode 100644 index 00000000000..0790db0f80a --- /dev/null +++ b/objects/vulnerability/vulnerability--11d5c486-86f3-4b09-905f-49c8d2101d97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4b5bf26-0b5d-4d38-b94d-611615ec50f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11d5c486-86f3-4b09-905f-49c8d2101d97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.668156Z", + "modified": "2025-02-27T00:38:15.668156Z", + "name": "CVE-2022-49326", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtl818x: Prevent using not initialized queues\n\nUsing not existing queues can panic the kernel with rtl8180/rtl8185 cards.\nIgnore the skb priority for those cards, they only have one tx queue. Pierre\nAsselin (pa@panix.com) reported the kernel crash in the Gentoo forum:\n\nhttps://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html\n\nHe also confirmed that this patch fixes the issue. In summary this happened:\n\nAfter updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a\n\"divide error: 0000\" when connecting to an AP. Control port tx now tries to\nuse IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in\n2.10.\n\nSince only the rtl8187se part of the driver supports QoS, the priority\nof the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185\ncards.\n\nrtl8180 is then unconditionally reading out the priority and finally crashes on\ndrivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this\npatch:\n\tidx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries\n\n\"ring->entries\" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got\ninitialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--126f0593-def6-46e1-83e6-20c544ba5dca.json b/objects/vulnerability/vulnerability--126f0593-def6-46e1-83e6-20c544ba5dca.json new file mode 100644 index 00000000000..87adabd3891 --- /dev/null +++ b/objects/vulnerability/vulnerability--126f0593-def6-46e1-83e6-20c544ba5dca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b763d1b1-b373-497b-9177-3e0466cc9d7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--126f0593-def6-46e1-83e6-20c544ba5dca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.598333Z", + "modified": "2025-02-27T00:38:15.598333Z", + "name": "CVE-2022-49416", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix use-after-free in chanctx code\n\nIn ieee80211_vif_use_reserved_context(), when we have an\nold context and the new context's replace_state is set to\nIEEE80211_CHANCTX_REPLACE_NONE, we free the old context\nin ieee80211_vif_use_reserved_reassign(). Therefore, we\ncannot check the old_ctx anymore, so we should set it to\nNULL after this point.\n\nHowever, since the new_ctx replace state is clearly not\nIEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do\nanything else in this function and can just return to\navoid accessing the freed old_ctx.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49416" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12afe6c3-4994-40e7-af44-48c04a11c455.json b/objects/vulnerability/vulnerability--12afe6c3-4994-40e7-af44-48c04a11c455.json new file mode 100644 index 00000000000..89c3ae2a89f --- /dev/null +++ b/objects/vulnerability/vulnerability--12afe6c3-4994-40e7-af44-48c04a11c455.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4197a0d5-4a5f-430a-bf17-45f243b7b2a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12afe6c3-4994-40e7-af44-48c04a11c455", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.319251Z", + "modified": "2025-02-27T00:38:15.319251Z", + "name": "CVE-2022-49380", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215897\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nThe kernel message is shown below:\n\nkernel BUG at fs/f2fs/f2fs.h:2511!\nCall Trace:\n f2fs_remove_inode_page+0x2a2/0x830\n f2fs_evict_inode+0x9b7/0x1510\n evict+0x282/0x4e0\n do_unlinkat+0x33a/0x540\n __x64_sys_unlinkat+0x8e/0xd0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is: .total_valid_block_count or .total_valid_node_count\ncould fuzzed to zero, then once dec_valid_node_count() was called, it\nwill cause BUG_ON(), this patch fixes to print warning info and set\nSBI_NEED_FSCK into CP instead of panic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49380" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12b35198-06c8-40f7-b0f6-ad45322352ca.json b/objects/vulnerability/vulnerability--12b35198-06c8-40f7-b0f6-ad45322352ca.json new file mode 100644 index 00000000000..5429344b35c --- /dev/null +++ b/objects/vulnerability/vulnerability--12b35198-06c8-40f7-b0f6-ad45322352ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c23ad6df-8880-4190-a201-ef7078538611", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12b35198-06c8-40f7-b0f6-ad45322352ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.404486Z", + "modified": "2025-02-27T00:38:15.404486Z", + "name": "CVE-2022-49204", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix more uncharged while msg has more_data\n\nIn tcp_bpf_send_verdict(), if msg has more data after\ntcp_bpf_sendmsg_redir():\n\ntcp_bpf_send_verdict()\n tosend = msg->sg.size //msg->sg.size = 22220\n case __SK_REDIRECT:\n sk_msg_return() //uncharged msg->sg.size(22220) sk->sk_forward_alloc\n tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000\n goto more_data;\n tosend = msg->sg.size //msg->sg.size = 11000\n case __SK_REDIRECT:\n sk_msg_return() //uncharged msg->sg.size(11000) to sk->sk_forward_alloc\n\nThe msg->sg.size(11000) has been uncharged twice, to fix we can charge the\nremaining msg->sg.size before goto more data.\n\nThis issue can cause the following info:\nWARNING: CPU: 0 PID: 9860 at net/core/stream.c:208 sk_stream_kill_queues+0xd4/0x1a0\nCall Trace:\n \n inet_csk_destroy_sock+0x55/0x110\n __tcp_close+0x279/0x470\n tcp_close+0x1f/0x60\n inet_release+0x3f/0x80\n __sock_release+0x3d/0xb0\n sock_close+0x11/0x20\n __fput+0x92/0x250\n task_work_run+0x6a/0xa0\n do_exit+0x33b/0xb60\n do_group_exit+0x2f/0xa0\n get_signal+0xb6/0x950\n arch_do_signal_or_restart+0xac/0x2a0\n ? vfs_write+0x237/0x290\n exit_to_user_mode_prepare+0xa9/0x200\n syscall_exit_to_user_mode+0x12/0x30\n do_syscall_64+0x46/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \n\nWARNING: CPU: 0 PID: 2136 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x13c/0x260\nCall Trace:\n \n __sk_destruct+0x24/0x1f0\n sk_psock_destroy+0x19b/0x1c0\n process_one_work+0x1b3/0x3c0\n worker_thread+0x30/0x350\n ? process_one_work+0x3c0/0x3c0\n kthread+0xe6/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12f55efc-b4e9-49f0-9acb-2265ab123e87.json b/objects/vulnerability/vulnerability--12f55efc-b4e9-49f0-9acb-2265ab123e87.json new file mode 100644 index 00000000000..fa713621ba6 --- /dev/null +++ b/objects/vulnerability/vulnerability--12f55efc-b4e9-49f0-9acb-2265ab123e87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f256c709-cc4e-46d6-8c84-6b072134dc14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12f55efc-b4e9-49f0-9acb-2265ab123e87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.738854Z", + "modified": "2025-02-27T00:38:15.738854Z", + "name": "CVE-2022-49542", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()\n\nIn an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard\nlockup call trace hangs the system.\n\nCall Trace:\n _raw_spin_lock_irqsave+0x32/0x40\n lpfc_dmp_dbg.part.32+0x28/0x220 [lpfc]\n lpfc_cmpl_els_fdisc+0x145/0x460 [lpfc]\n lpfc_sli_cancel_jobs+0x92/0xd0 [lpfc]\n lpfc_els_flush_cmd+0x43c/0x670 [lpfc]\n lpfc_els_flush_all_cmd+0x37/0x60 [lpfc]\n lpfc_sli4_async_event_proc+0x956/0x1720 [lpfc]\n lpfc_do_work+0x1485/0x1d70 [lpfc]\n kthread+0x112/0x130\n ret_from_fork+0x1f/0x40\nKernel panic - not syncing: Hard LOCKUP\n\nThe same CPU tries to claim the phba->port_list_lock twice.\n\nMove the cfg_log_verbose checks as part of the lpfc_printf_vlog() and\nlpfc_printf_log() macros before calling lpfc_dmp_dbg(). There is no need\nto take the phba->port_list_lock within lpfc_dmp_dbg().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13064808-c077-4f5f-b23d-162c03c77159.json b/objects/vulnerability/vulnerability--13064808-c077-4f5f-b23d-162c03c77159.json new file mode 100644 index 00000000000..b730b44f1f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--13064808-c077-4f5f-b23d-162c03c77159.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d6929fd-3b27-460e-aaf9-ed45ddf4f29c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13064808-c077-4f5f-b23d-162c03c77159", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.643779Z", + "modified": "2025-02-27T00:38:15.643779Z", + "name": "CVE-2022-49389", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usbip: fix a refcount leak in stub_probe()\n\nusb_get_dev() is called in stub_device_alloc(). When stub_probe() fails\nafter that, usb_put_dev() needs to be called to release the reference.\n\nFix this by moving usb_put_dev() to sdev_free error path handling.\n\nFind this by code review.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1318aada-61f9-473c-a951-14f0046466f3.json b/objects/vulnerability/vulnerability--1318aada-61f9-473c-a951-14f0046466f3.json new file mode 100644 index 00000000000..25cf6b23605 --- /dev/null +++ b/objects/vulnerability/vulnerability--1318aada-61f9-473c-a951-14f0046466f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d80c2e4-c225-4eac-bd7c-67f347207a2e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1318aada-61f9-473c-a951-14f0046466f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.586944Z", + "modified": "2025-02-27T00:38:15.586944Z", + "name": "CVE-2022-49420", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: annotate races around sk->sk_bound_dev_if\n\nUDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while\nthis field can be changed by another thread.\n\nAdds minimal annotations to avoid KCSAN splats for UDP.\nFollowing patches will add more annotations to potential lockless readers.\n\nBUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg\n\nwrite to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0:\n __ip6_datagram_connect+0x6e2/0x930 net/ipv6/datagram.c:221\n ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272\n inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576\n __sys_connect_file net/socket.c:1900 [inline]\n __sys_connect+0x197/0x1b0 net/socket.c:1917\n __do_sys_connect net/socket.c:1927 [inline]\n __se_sys_connect net/socket.c:1924 [inline]\n __x64_sys_connect+0x3d/0x50 net/socket.c:1924\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nread to 0xffff888136d47a94 of 4 bytes by task 7670 on cpu 1:\n udpv6_sendmsg+0xc60/0x16e0 net/ipv6/udp.c:1436\n inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:652\n sock_sendmsg_nosec net/socket.c:705 [inline]\n sock_sendmsg net/socket.c:725 [inline]\n ____sys_sendmsg+0x39a/0x510 net/socket.c:2413\n ___sys_sendmsg net/socket.c:2467 [inline]\n __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553\n __do_sys_sendmmsg net/socket.c:2582 [inline]\n __se_sys_sendmmsg net/socket.c:2579 [inline]\n __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nvalue changed: 0x00000000 -> 0xffffff9b\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 7670 Comm: syz-executor.3 Tainted: G W 5.18.0-rc1-syzkaller-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n\nI chose to not add Fixes: tag because race has minor consequences\nand stable teams busy enough.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49420" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13b45558-3a2f-49bd-95ee-dfe07e7cfedc.json b/objects/vulnerability/vulnerability--13b45558-3a2f-49bd-95ee-dfe07e7cfedc.json new file mode 100644 index 00000000000..2accf69cc36 --- /dev/null +++ b/objects/vulnerability/vulnerability--13b45558-3a2f-49bd-95ee-dfe07e7cfedc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf4f6fd7-e87e-43e3-8365-d0d8f7dbe66f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13b45558-3a2f-49bd-95ee-dfe07e7cfedc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.433793Z", + "modified": "2025-02-27T00:38:15.433793Z", + "name": "CVE-2022-49423", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtla: Avoid record NULL pointer dereference\n\nFix the following null/deref_null.cocci errors:\n./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced.\n./tools/tracing/rtla/src/osnoise_top.c:650:31-36: ERROR: record is NULL but dereferenced.\n./tools/tracing/rtla/src/timerlat_hist.c:905:31-36: ERROR: record is NULL but dereferenced.\n./tools/tracing/rtla/src/timerlat_top.c:700:31-36: ERROR: record is NULL but dereferenced.\n\n\"record\" is NULL before calling osnoise_init_trace_tool.\nAdd a tag \"out_free\" to avoid dereferring a NULL pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49423" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13d49b13-ac8a-472f-b14d-92043e5f430b.json b/objects/vulnerability/vulnerability--13d49b13-ac8a-472f-b14d-92043e5f430b.json new file mode 100644 index 00000000000..f2558c3dd6f --- /dev/null +++ b/objects/vulnerability/vulnerability--13d49b13-ac8a-472f-b14d-92043e5f430b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b8995bf-150b-4d4f-ac91-d9ca5eb6077f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13d49b13-ac8a-472f-b14d-92043e5f430b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.28758Z", + "modified": "2025-02-27T00:38:15.28758Z", + "name": "CVE-2022-49408", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leak in parse_apply_sb_mount_options()\n\nIf processing the on-disk mount options fails after any memory was\nallocated in the ext4_fs_context, e.g. s_qf_names, then this memory is\nleaked. Fix this by calling ext4_fc_free() instead of kfree() directly.\n\nReproducer:\n\n mkfs.ext4 -F /dev/vdc\n tune2fs /dev/vdc -E mount_opts=usrjquota=file\n echo clear > /sys/kernel/debug/kmemleak\n mount /dev/vdc /vdc\n echo scan > /sys/kernel/debug/kmemleak\n sleep 5\n echo scan > /sys/kernel/debug/kmemleak\n cat /sys/kernel/debug/kmemleak", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49408" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1456a2aa-9332-4101-b31f-30d0f4c94d48.json b/objects/vulnerability/vulnerability--1456a2aa-9332-4101-b31f-30d0f4c94d48.json new file mode 100644 index 00000000000..f78f8bd824f --- /dev/null +++ b/objects/vulnerability/vulnerability--1456a2aa-9332-4101-b31f-30d0f4c94d48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f7e7f41-e88b-45b2-a798-308810e16616", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1456a2aa-9332-4101-b31f-30d0f4c94d48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.743441Z", + "modified": "2025-02-27T00:38:15.743441Z", + "name": "CVE-2022-49104", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: vchiq_core: handle NULL result of find_service_by_handle\n\nIn case of an invalid handle the function find_servive_by_handle\nreturns NULL. So take care of this and avoid a NULL pointer dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49104" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--146d93b4-305e-4b0c-87c6-de82d6b4a5c8.json b/objects/vulnerability/vulnerability--146d93b4-305e-4b0c-87c6-de82d6b4a5c8.json new file mode 100644 index 00000000000..ea98dd013bf --- /dev/null +++ b/objects/vulnerability/vulnerability--146d93b4-305e-4b0c-87c6-de82d6b4a5c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9c75481-fdd7-47d0-be4e-2b8e38d3cce5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--146d93b4-305e-4b0c-87c6-de82d6b4a5c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.237202Z", + "modified": "2025-02-27T00:38:11.237202Z", + "name": "CVE-2021-47639", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU\n\nZap both valid and invalid roots when zapping/unmapping a gfn range, as\nKVM must ensure it holds no references to the freed page after returning\nfrom the unmap operation. Most notably, the TDP MMU doesn't zap invalid\nroots in mmu_notifier callbacks. This leads to use-after-free and other\nissues if the mmu_notifier runs to completion while an invalid root\nzapper yields as KVM fails to honor the requirement that there must be\n_no_ references to the page after the mmu_notifier returns.\n\nThe bug is most easily reproduced by hacking KVM to cause a collision\nbetween set_nx_huge_pages() and kvm_mmu_notifier_release(), but the bug\nexists between kvm_mmu_notifier_invalidate_range_start() and memslot\nupdates as well. Invalidating a root ensures pages aren't accessible by\nthe guest, and KVM won't read or write page data itself, but KVM will\ntrigger e.g. kvm_set_pfn_dirty() when zapping SPTEs, and thus completing\na zap of an invalid root _after_ the mmu_notifier returns is fatal.\n\n WARNING: CPU: 24 PID: 1496 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:173 [kvm]\n RIP: 0010:kvm_is_zone_device_pfn+0x96/0xa0 [kvm]\n Call Trace:\n \n kvm_set_pfn_dirty+0xa8/0xe0 [kvm]\n __handle_changed_spte+0x2ab/0x5e0 [kvm]\n __handle_changed_spte+0x2ab/0x5e0 [kvm]\n __handle_changed_spte+0x2ab/0x5e0 [kvm]\n zap_gfn_range+0x1f3/0x310 [kvm]\n kvm_tdp_mmu_zap_invalidated_roots+0x50/0x90 [kvm]\n kvm_mmu_zap_all_fast+0x177/0x1a0 [kvm]\n set_nx_huge_pages+0xb4/0x190 [kvm]\n param_attr_store+0x70/0x100\n module_attr_store+0x19/0x30\n kernfs_fop_write_iter+0x119/0x1b0\n new_sync_write+0x11c/0x1b0\n vfs_write+0x1cc/0x270\n ksys_write+0x5f/0xe0\n do_syscall_64+0x38/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47639" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14e723b9-1823-4a9f-be6c-157fedf62215.json b/objects/vulnerability/vulnerability--14e723b9-1823-4a9f-be6c-157fedf62215.json new file mode 100644 index 00000000000..53aead9dce9 --- /dev/null +++ b/objects/vulnerability/vulnerability--14e723b9-1823-4a9f-be6c-157fedf62215.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b924872-c92f-40e0-bcb3-466d353d7e63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14e723b9-1823-4a9f-be6c-157fedf62215", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.797882Z", + "modified": "2025-02-27T00:38:15.797882Z", + "name": "CVE-2022-49668", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nThis function only calls of_node_put() in normal path,\nmissing it in error paths.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49668" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14ee2122-e771-46e4-a875-74957d7e56d0.json b/objects/vulnerability/vulnerability--14ee2122-e771-46e4-a875-74957d7e56d0.json new file mode 100644 index 00000000000..829b30096ce --- /dev/null +++ b/objects/vulnerability/vulnerability--14ee2122-e771-46e4-a875-74957d7e56d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c440e75-b43c-4342-96f6-151bcb1aaf4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14ee2122-e771-46e4-a875-74957d7e56d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.278903Z", + "modified": "2025-02-27T00:38:15.278903Z", + "name": "CVE-2022-49099", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix initialization of device object in vmbus_device_register()\n\nInitialize the device's dma_{mask,parms} pointers and the device's\ndma_mask value before invoking device_register(). Address the\nfollowing trace with 5.17-rc7:\n\n[ 49.646839] WARNING: CPU: 0 PID: 189 at include/linux/dma-mapping.h:543\n\tnetvsc_probe+0x37a/0x3a0 [hv_netvsc]\n[ 49.646928] Call Trace:\n[ 49.646930] \n[ 49.646935] vmbus_probe+0x40/0x60 [hv_vmbus]\n[ 49.646942] really_probe+0x1ce/0x3b0\n[ 49.646948] __driver_probe_device+0x109/0x180\n[ 49.646952] driver_probe_device+0x23/0xa0\n[ 49.646955] __device_attach_driver+0x76/0xe0\n[ 49.646958] ? driver_allows_async_probing+0x50/0x50\n[ 49.646961] bus_for_each_drv+0x84/0xd0\n[ 49.646964] __device_attach+0xed/0x170\n[ 49.646967] device_initial_probe+0x13/0x20\n[ 49.646970] bus_probe_device+0x8f/0xa0\n[ 49.646973] device_add+0x41a/0x8e0\n[ 49.646975] ? hrtimer_init+0x28/0x80\n[ 49.646981] device_register+0x1b/0x20\n[ 49.646983] vmbus_device_register+0x5e/0xf0 [hv_vmbus]\n[ 49.646991] vmbus_add_channel_work+0x12d/0x190 [hv_vmbus]\n[ 49.646999] process_one_work+0x21d/0x3f0\n[ 49.647002] worker_thread+0x4a/0x3b0\n[ 49.647005] ? process_one_work+0x3f0/0x3f0\n[ 49.647007] kthread+0xff/0x130\n[ 49.647011] ? kthread_complete_and_exit+0x20/0x20\n[ 49.647015] ret_from_fork+0x22/0x30\n[ 49.647020] \n[ 49.647021] ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14ef5ed3-d691-4189-a21d-ec9d4c61ff62.json b/objects/vulnerability/vulnerability--14ef5ed3-d691-4189-a21d-ec9d4c61ff62.json new file mode 100644 index 00000000000..5805acac14d --- /dev/null +++ b/objects/vulnerability/vulnerability--14ef5ed3-d691-4189-a21d-ec9d4c61ff62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ddeb60e-e505-41c6-bb05-4bbd8f6306c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14ef5ed3-d691-4189-a21d-ec9d4c61ff62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.229916Z", + "modified": "2025-02-27T00:38:11.229916Z", + "name": "CVE-2021-47658", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in renoir_init_smc_tables(),\nbut not freed in int smu_v12_0_fini_smc_tables(). Free it!", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--153afc98-5913-4e1b-b8ce-2e6400d3835a.json b/objects/vulnerability/vulnerability--153afc98-5913-4e1b-b8ce-2e6400d3835a.json new file mode 100644 index 00000000000..59fe98c3909 --- /dev/null +++ b/objects/vulnerability/vulnerability--153afc98-5913-4e1b-b8ce-2e6400d3835a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3470a3b0-0540-42f5-b9ae-47ae6afae68d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--153afc98-5913-4e1b-b8ce-2e6400d3835a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.305899Z", + "modified": "2025-02-27T00:38:15.305899Z", + "name": "CVE-2022-49619", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sfp: fix memory leak in sfp_probe()\n\nsfp_probe() allocates a memory chunk from sfp with sfp_alloc(). When\ndevm_add_action() fails, sfp is not freed, which leads to a memory leak.\n\nWe should use devm_add_action_or_reset() instead of devm_add_action().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--158164b9-7625-4856-8e6a-79a1950bf0c1.json b/objects/vulnerability/vulnerability--158164b9-7625-4856-8e6a-79a1950bf0c1.json new file mode 100644 index 00000000000..141363796d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--158164b9-7625-4856-8e6a-79a1950bf0c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--268d9913-dfb9-46a4-8257-a723a95453c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--158164b9-7625-4856-8e6a-79a1950bf0c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.61037Z", + "modified": "2025-02-27T00:38:15.61037Z", + "name": "CVE-2022-49248", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction\n\nAV/C deferred transaction was supported at a commit 00a7bb81c20f (\"ALSA:\nfirewire-lib: Add support for deferred transaction\") while 'deferrable'\nflag can be uninitialized for non-control/notify AV/C transactions.\nUBSAN reports it:\n\nkernel: ================================================================================\nkernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9\nkernel: load of value 158 is not a valid value for type '_Bool'\nkernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu\nkernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019\nkernel: Call Trace:\nkernel: \nkernel: show_stack+0x52/0x58\nkernel: dump_stack_lvl+0x4a/0x5f\nkernel: dump_stack+0x10/0x12\nkernel: ubsan_epilogue+0x9/0x45\nkernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49\nkernel: fcp_response.part.0.cold+0x1a/0x2b [snd_firewire_lib]\nkernel: fcp_response+0x28/0x30 [snd_firewire_lib]\nkernel: fw_core_handle_request+0x230/0x3d0 [firewire_core]\nkernel: handle_ar_packet+0x1d9/0x200 [firewire_ohci]\nkernel: ? handle_ar_packet+0x1d9/0x200 [firewire_ohci]\nkernel: ? transmit_complete_callback+0x9f/0x120 [firewire_core]\nkernel: ar_context_tasklet+0xa8/0x2e0 [firewire_ohci]\nkernel: tasklet_action_common.constprop.0+0xea/0xf0\nkernel: tasklet_action+0x22/0x30\nkernel: __do_softirq+0xd9/0x2e3\nkernel: ? irq_finalize_oneshot.part.0+0xf0/0xf0\nkernel: do_softirq+0x75/0xa0\nkernel: \nkernel: \nkernel: __local_bh_enable_ip+0x50/0x60\nkernel: irq_forced_thread_fn+0x7e/0x90\nkernel: irq_thread+0xba/0x190\nkernel: ? irq_thread_fn+0x60/0x60\nkernel: kthread+0x11e/0x140\nkernel: ? irq_thread_check_affinity+0xf0/0xf0\nkernel: ? set_kthread_struct+0x50/0x50\nkernel: ret_from_fork+0x22/0x30\nkernel: \nkernel: ================================================================================\n\nThis commit fixes the bug. The bug has no disadvantage for the non-\ncontrol/notify AV/C transactions since the flag has an effect for AV/C\nresponse with INTERIM (0x0f) status which is not used for the transactions\nin AV/C general specification.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15dc25c6-1ed8-4470-8f40-d51f6ffd4eb7.json b/objects/vulnerability/vulnerability--15dc25c6-1ed8-4470-8f40-d51f6ffd4eb7.json new file mode 100644 index 00000000000..83c3e13f5f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--15dc25c6-1ed8-4470-8f40-d51f6ffd4eb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07e38f65-0ac3-41ee-a030-d7104a8114c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15dc25c6-1ed8-4470-8f40-d51f6ffd4eb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.575355Z", + "modified": "2025-02-27T00:38:15.575355Z", + "name": "CVE-2022-49299", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: don't reset gadget's driver->bus\n\nUDC driver should not touch gadget's driver internals, especially it\nshould not reset driver->bus. This wasn't harmful so far, but since\ncommit fc274c1e9973 (\"USB: gadget: Add a new bus for gadgets\") gadget\nsubsystem got it's own bus and messing with ->bus triggers the\nfollowing NULL pointer dereference:\n\ndwc2 12480000.hsotg: bound driver g_ether\n8<--- cut here ---\nUnable to handle kernel NULL pointer dereference at virtual address 00000000\n[00000000] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nModules linked in: ...\nCPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862\nHardware name: Samsung Exynos (Flattened Device Tree)\nPC is at module_add_driver+0x44/0xe8\nLR is at sysfs_do_create_link_sd+0x84/0xe0\n...\nProcess modprobe (pid: 620, stack limit = 0x(ptrval))\n...\n module_add_driver from bus_add_driver+0xf4/0x1e4\n bus_add_driver from driver_register+0x78/0x10c\n driver_register from usb_gadget_register_driver_owner+0x40/0xb4\n usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0\n do_one_initcall from do_init_module+0x44/0x1c8\n do_init_module from load_module+0x19b8/0x1b9c\n load_module from sys_finit_module+0xdc/0xfc\n sys_finit_module from ret_fast_syscall+0x0/0x54\nException stack(0xf1771fa8 to 0xf1771ff0)\n...\ndwc2 12480000.hsotg: new device is high-speed\n---[ end trace 0000000000000000 ]---\n\nFix this by removing driver->bus entry reset.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15fccc05-45b2-4c03-bc06-a8312d20d91f.json b/objects/vulnerability/vulnerability--15fccc05-45b2-4c03-bc06-a8312d20d91f.json new file mode 100644 index 00000000000..b9691dcda97 --- /dev/null +++ b/objects/vulnerability/vulnerability--15fccc05-45b2-4c03-bc06-a8312d20d91f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c18e9ea6-e3c7-4749-ab27-838b57f7e1f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15fccc05-45b2-4c03-bc06-a8312d20d91f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.63629Z", + "modified": "2025-02-27T00:38:15.63629Z", + "name": "CVE-2022-49265", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()\n\nWhen a genpd with GENPD_FLAG_IRQ_SAFE gets removed, the following\nsleep-in-atomic bug will be seen, as genpd_debug_remove() will be called\nwith a spinlock being held.\n\n[ 0.029183] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460\n[ 0.029204] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 0.029219] preempt_count: 1, expected: 0\n[ 0.029230] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc4+ #489\n[ 0.029245] Hardware name: Thundercomm TurboX CM2290 (DT)\n[ 0.029256] Call trace:\n[ 0.029265] dump_backtrace.part.0+0xbc/0xd0\n[ 0.029285] show_stack+0x3c/0xa0\n[ 0.029298] dump_stack_lvl+0x7c/0xa0\n[ 0.029311] dump_stack+0x18/0x34\n[ 0.029323] __might_resched+0x10c/0x13c\n[ 0.029338] __might_sleep+0x4c/0x80\n[ 0.029351] down_read+0x24/0xd0\n[ 0.029363] lookup_one_len_unlocked+0x9c/0xcc\n[ 0.029379] lookup_positive_unlocked+0x10/0x50\n[ 0.029392] debugfs_lookup+0x68/0xac\n[ 0.029406] genpd_remove.part.0+0x12c/0x1b4\n[ 0.029419] of_genpd_remove_last+0xa8/0xd4\n[ 0.029434] psci_cpuidle_domain_probe+0x174/0x53c\n[ 0.029449] platform_probe+0x68/0xe0\n[ 0.029462] really_probe+0x190/0x430\n[ 0.029473] __driver_probe_device+0x90/0x18c\n[ 0.029485] driver_probe_device+0x40/0xe0\n[ 0.029497] __driver_attach+0xf4/0x1d0\n[ 0.029508] bus_for_each_dev+0x70/0xd0\n[ 0.029523] driver_attach+0x24/0x30\n[ 0.029534] bus_add_driver+0x164/0x22c\n[ 0.029545] driver_register+0x78/0x130\n[ 0.029556] __platform_driver_register+0x28/0x34\n[ 0.029569] psci_idle_init_domains+0x1c/0x28\n[ 0.029583] do_one_initcall+0x50/0x1b0\n[ 0.029595] kernel_init_freeable+0x214/0x280\n[ 0.029609] kernel_init+0x2c/0x13c\n[ 0.029622] ret_from_fork+0x10/0x20\n\nIt doesn't seem necessary to call genpd_debug_remove() with the lock, so\nmove it out from locking to fix the problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49265" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1621b7f1-7e6b-4016-a3dd-a130a6d9b1a0.json b/objects/vulnerability/vulnerability--1621b7f1-7e6b-4016-a3dd-a130a6d9b1a0.json new file mode 100644 index 00000000000..a2c88394950 --- /dev/null +++ b/objects/vulnerability/vulnerability--1621b7f1-7e6b-4016-a3dd-a130a6d9b1a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ea9dba7-ba17-4eff-b462-768063962537", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1621b7f1-7e6b-4016-a3dd-a130a6d9b1a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.696447Z", + "modified": "2025-02-27T00:38:15.696447Z", + "name": "CVE-2022-49209", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full\n\nIf tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc()\nreturns -ENOMEM error, tcp_bpf_sendmsg() goes to wait_for_memory. If partial\nmemory has been alloced by sk_msg_alloc(), that is, msg_tx->sg.size is\ngreater than osize after sk_msg_alloc(), memleak occurs. To fix we use\nsk_msg_trim() to release the allocated memory, then goto wait for memory.\n\nOther call paths of sk_msg_alloc() have the similar issue, such as\ntls_sw_sendmsg(), so handle sk_msg_trim logic inside sk_msg_alloc(),\nas Cong Wang suggested.\n\nThis issue can cause the following info:\nWARNING: CPU: 3 PID: 7950 at net/core/stream.c:208 sk_stream_kill_queues+0xd4/0x1a0\nCall Trace:\n \n inet_csk_destroy_sock+0x55/0x110\n __tcp_close+0x279/0x470\n tcp_close+0x1f/0x60\n inet_release+0x3f/0x80\n __sock_release+0x3d/0xb0\n sock_close+0x11/0x20\n __fput+0x92/0x250\n task_work_run+0x6a/0xa0\n do_exit+0x33b/0xb60\n do_group_exit+0x2f/0xa0\n get_signal+0xb6/0x950\n arch_do_signal_or_restart+0xac/0x2a0\n exit_to_user_mode_prepare+0xa9/0x200\n syscall_exit_to_user_mode+0x12/0x30\n do_syscall_64+0x46/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \n\nWARNING: CPU: 3 PID: 2094 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x13c/0x260\nCall Trace:\n \n __sk_destruct+0x24/0x1f0\n sk_psock_destroy+0x19b/0x1c0\n process_one_work+0x1b3/0x3c0\n kthread+0xe6/0x110\n ret_from_fork+0x22/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49209" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--167ad41b-33dd-4f65-8865-63150ed95cb8.json b/objects/vulnerability/vulnerability--167ad41b-33dd-4f65-8865-63150ed95cb8.json new file mode 100644 index 00000000000..4269b27e873 --- /dev/null +++ b/objects/vulnerability/vulnerability--167ad41b-33dd-4f65-8865-63150ed95cb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7546da4-0a83-4d0a-b8be-4992e054a054", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--167ad41b-33dd-4f65-8865-63150ed95cb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.511782Z", + "modified": "2025-02-27T00:38:15.511782Z", + "name": "CVE-2022-49462", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Fix refcount leak in a6xx_gpu_init\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\n\na6xx_gmu_init() passes the node to of_find_device_by_node()\nand of_dma_configure(), of_find_device_by_node() will takes its\nreference, of_dma_configure() doesn't need the node after usage.\n\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49462" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17501ed8-f08f-4ade-b50d-29c3a40abafd.json b/objects/vulnerability/vulnerability--17501ed8-f08f-4ade-b50d-29c3a40abafd.json new file mode 100644 index 00000000000..90584a836ba --- /dev/null +++ b/objects/vulnerability/vulnerability--17501ed8-f08f-4ade-b50d-29c3a40abafd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a5b4d25-bacb-491d-b808-1cb911f60804", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17501ed8-f08f-4ade-b50d-29c3a40abafd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:02.589292Z", + "modified": "2025-02-27T00:38:02.589292Z", + "name": "CVE-2024-47051", + "description": "This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\n\n * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\n\n\n * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47051" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17a09388-edfb-426e-8bdc-5d93114c92eb.json b/objects/vulnerability/vulnerability--17a09388-edfb-426e-8bdc-5d93114c92eb.json new file mode 100644 index 00000000000..e23c67ec403 --- /dev/null +++ b/objects/vulnerability/vulnerability--17a09388-edfb-426e-8bdc-5d93114c92eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea826270-dfe7-4d3f-8465-e7031dd586d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17a09388-edfb-426e-8bdc-5d93114c92eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.324238Z", + "modified": "2025-02-27T00:38:15.324238Z", + "name": "CVE-2022-49544", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipw2x00: Fix potential NULL dereference in libipw_xmit()\n\ncrypt and crypt->ops could be null, so we need to checking null\nbefore dereference", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49544" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17a71d19-eff0-436f-8601-69d9b91b432b.json b/objects/vulnerability/vulnerability--17a71d19-eff0-436f-8601-69d9b91b432b.json new file mode 100644 index 00000000000..83f049b3c29 --- /dev/null +++ b/objects/vulnerability/vulnerability--17a71d19-eff0-436f-8601-69d9b91b432b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25eda187-8c43-434d-bf2f-c10196e9d5fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17a71d19-eff0-436f-8601-69d9b91b432b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.188237Z", + "modified": "2025-02-27T00:38:11.188237Z", + "name": "CVE-2021-47632", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/set_memory: Avoid spinlock recursion in change_page_attr()\n\nCommit 1f9ad21c3b38 (\"powerpc/mm: Implement set_memory() routines\")\nincluded a spin_lock() to change_page_attr() in order to\nsafely perform the three step operations. But then\ncommit 9f7853d7609d (\"powerpc/mm: Fix set_memory_*() against\nconcurrent accesses\") modify it to use pte_update() and do\nthe operation safely against concurrent access.\n\nIn the meantime, Maxime reported some spinlock recursion.\n\n[ 15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217\n[ 15.357540] lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0\n[ 15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523\n[ 15.373350] Workqueue: events do_free_init\n[ 15.377615] Call Trace:\n[ 15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable)\n[ 15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4\n[ 15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310\n[ 15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0\n[ 15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8\n[ 15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94\n[ 15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310\n[ 15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134\n[ 15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8\n[ 15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c\n[ 15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8\n[ 15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94\n[ 15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8\n[ 15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8\n[ 15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210\n[ 15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c\n\nRemove the read / modify / write sequence to make the operation atomic\nand remove the spin_lock() in change_page_attr().\n\nTo do the operation atomically, we can't use pte modification helpers\nanymore. Because all platforms have different combination of bits, it\nis not easy to use those bits directly. But all have the\n_PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare\ntwo sets to know which bits are set or cleared.\n\nFor instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you\nknow which bit gets cleared and which bit get set when changing exec\npermission.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47632" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--181d20f3-d599-465f-b590-e05b1743d913.json b/objects/vulnerability/vulnerability--181d20f3-d599-465f-b590-e05b1743d913.json new file mode 100644 index 00000000000..6792c365fe6 --- /dev/null +++ b/objects/vulnerability/vulnerability--181d20f3-d599-465f-b590-e05b1743d913.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc295d75-4ce1-48a7-9948-e5e349dd4fe9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--181d20f3-d599-465f-b590-e05b1743d913", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.226796Z", + "modified": "2025-02-27T00:38:11.226796Z", + "name": "CVE-2021-47648", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix a memory leak in 'host1x_remove()'\n\nAdd a missing 'host1x_channel_list_free()' call in the remove function,\nas already done in the error handling path of the probe function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47648" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--183271d1-ef74-4a5d-bb93-ebdcdda9ecff.json b/objects/vulnerability/vulnerability--183271d1-ef74-4a5d-bb93-ebdcdda9ecff.json new file mode 100644 index 00000000000..0ef0b164e8c --- /dev/null +++ b/objects/vulnerability/vulnerability--183271d1-ef74-4a5d-bb93-ebdcdda9ecff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35836930-5535-447d-94fe-21159e1f0a42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--183271d1-ef74-4a5d-bb93-ebdcdda9ecff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.323305Z", + "modified": "2025-02-27T00:38:15.323305Z", + "name": "CVE-2022-49466", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: scmi: Fix refcount leak in scmi_regulator_probe\n\nof_find_node_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--185bfd89-ac58-42fe-88a6-62c981c66be0.json b/objects/vulnerability/vulnerability--185bfd89-ac58-42fe-88a6-62c981c66be0.json new file mode 100644 index 00000000000..500ddc4088e --- /dev/null +++ b/objects/vulnerability/vulnerability--185bfd89-ac58-42fe-88a6-62c981c66be0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd62383d-39fc-4b98-8756-5a13a98203b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--185bfd89-ac58-42fe-88a6-62c981c66be0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.252019Z", + "modified": "2025-02-27T00:38:15.252019Z", + "name": "CVE-2022-49220", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: make sure inodes are flushed before destroy cache\n\nA bug can be triggered by following command\n\n$ modprobe nd_pmem && modprobe -r nd_pmem\n\n[ 10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_shutdown()\n[ 10.060938] Slab 0x0000000085b729ac objects=9 used=1 fp=0x000000004f5ae469 flags=0x200000000010200(slab|head|node)\n[ 10.062433] Call Trace:\n[ 10.062673] dump_stack_lvl+0x34/0x44\n[ 10.062865] slab_err+0x90/0xd0\n[ 10.063619] __kmem_cache_shutdown+0x13b/0x2f0\n[ 10.063848] kmem_cache_destroy+0x4a/0x110\n[ 10.064058] __x64_sys_delete_module+0x265/0x300\n\nThis is caused by dax_fs_exit() not flushing inodes before destroy cache.\nTo fix this issue, call rcu_barrier() before destroy cache.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18d01cf5-932c-479c-a96c-d89aa433b33d.json b/objects/vulnerability/vulnerability--18d01cf5-932c-479c-a96c-d89aa433b33d.json new file mode 100644 index 00000000000..5c6066962f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--18d01cf5-932c-479c-a96c-d89aa433b33d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d67e3f5f-d575-4356-9b24-faf59542a3fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18d01cf5-932c-479c-a96c-d89aa433b33d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.267748Z", + "modified": "2025-02-27T00:38:15.267748Z", + "name": "CVE-2022-49370", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix this issue by calling kobject_put().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49370" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18d136ee-6755-43df-a73f-cf52d8643fd4.json b/objects/vulnerability/vulnerability--18d136ee-6755-43df-a73f-cf52d8643fd4.json new file mode 100644 index 00000000000..fe151ac4494 --- /dev/null +++ b/objects/vulnerability/vulnerability--18d136ee-6755-43df-a73f-cf52d8643fd4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a28dd9e3-64ec-4d4a-9ee9-ec95e1940965", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18d136ee-6755-43df-a73f-cf52d8643fd4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.627599Z", + "modified": "2025-02-27T00:38:15.627599Z", + "name": "CVE-2022-49504", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Inhibit aborts if external loopback plug is inserted\n\nAfter running a short external loopback test, when the external loopback is\nremoved and a normal cable inserted that is directly connected to a target\ndevice, the system oops in the llpfc_set_rrq_active() routine.\n\nWhen the loopback was inserted an FLOGI was transmit. As we're looped back,\nwe receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same\nwppn thus understand it's a loopback. However, as the ABTS sends address\ninformation the port is not set to (fffffe), the ABTS is dropped on the\nwire. A short 1 frame loopback test is run and completes before the ABTS\ntimes out. The looback is unplugged and the new cable plugged in, and the\nan FLOGI to the new device occurs and completes. Due to a mixup in ref\ncounting the completion of the new FLOGI releases the fabric ndlp. Then the\noriginal ABTS completes and references the released ndlp generating the\noops.\n\nCorrect by no-op'ing the ABTS when in loopback mode (it will be dropped\nanyway). Added a flag to track the mode to recognize when it should be\nno-op'd.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a5c04b6-59cf-4c69-9ba1-95a26e58c899.json b/objects/vulnerability/vulnerability--1a5c04b6-59cf-4c69-9ba1-95a26e58c899.json new file mode 100644 index 00000000000..3988a786e95 --- /dev/null +++ b/objects/vulnerability/vulnerability--1a5c04b6-59cf-4c69-9ba1-95a26e58c899.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7cec097-4c35-433e-b70b-c6bb816999ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a5c04b6-59cf-4c69-9ba1-95a26e58c899", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.655907Z", + "modified": "2025-02-27T00:38:15.655907Z", + "name": "CVE-2022-49470", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event\n\nWe should not access skb buffer data anymore after hci_recv_frame was\ncalled.\n\n[ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0\n[ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker\n[ 39.634962] Call trace:\n[ 39.634974] dump_backtrace+0x0/0x3b8\n[ 39.634999] show_stack+0x20/0x2c\n[ 39.635016] dump_stack_lvl+0x60/0x78\n[ 39.635040] print_address_description+0x70/0x2f0\n[ 39.635062] kasan_report+0x154/0x194\n[ 39.635079] __asan_report_load1_noabort+0x44/0x50\n[ 39.635099] btmtksdio_recv_event+0x1b0/0x1c4\n[ 39.635129] btmtksdio_txrx_work+0x6cc/0xac4\n[ 39.635157] process_one_work+0x560/0xc5c\n[ 39.635177] worker_thread+0x7ec/0xcc0\n[ 39.635195] kthread+0x2d0/0x3d0\n[ 39.635215] ret_from_fork+0x10/0x20\n[ 39.635247] Allocated by task 0:\n[ 39.635260] (stack is not available)\n[ 39.635281] Freed by task 2392:\n[ 39.635295] kasan_save_stack+0x38/0x68\n[ 39.635319] kasan_set_track+0x28/0x3c\n[ 39.635338] kasan_set_free_info+0x28/0x4c\n[ 39.635357] ____kasan_slab_free+0x104/0x150\n[ 39.635374] __kasan_slab_free+0x18/0x28\n[ 39.635391] slab_free_freelist_hook+0x114/0x248\n[ 39.635410] kfree+0xf8/0x2b4\n[ 39.635427] skb_free_head+0x58/0x98\n[ 39.635447] skb_release_data+0x2f4/0x410\n[ 39.635464] skb_release_all+0x50/0x60\n[ 39.635481] kfree_skb+0xc8/0x25c\n[ 39.635498] hci_event_packet+0x894/0xca4 [bluetooth]\n[ 39.635721] hci_rx_work+0x1c8/0x68c [bluetooth]\n[ 39.635925] process_one_work+0x560/0xc5c\n[ 39.635951] worker_thread+0x7ec/0xcc0\n[ 39.635970] kthread+0x2d0/0x3d0\n[ 39.635990] ret_from_fork+0x10/0x20\n[ 39.636021] The buggy address belongs to the object at ffffff80cf28a600\n which belongs to the cache kmalloc-512 of size 512\n[ 39.636039] The buggy address is located 13 bytes inside of\n 512-byte region [ffffff80cf28a600, ffffff80cf28a800)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49470" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ab4a2d3-5880-409f-83d6-22a049312810.json b/objects/vulnerability/vulnerability--1ab4a2d3-5880-409f-83d6-22a049312810.json new file mode 100644 index 00000000000..17ad8ff6bf3 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ab4a2d3-5880-409f-83d6-22a049312810.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27b65a00-1fc2-408d-b570-165a0c107939", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ab4a2d3-5880-409f-83d6-22a049312810", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.31173Z", + "modified": "2025-02-27T00:38:15.31173Z", + "name": "CVE-2022-49106", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances\n\nvchiq_get_state() can return a NULL pointer. So handle this cases and\navoid a NULL pointer derefence in vchiq_dump_platform_instances.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49106" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c5cf56d-553a-4495-a917-4dda16c4e4b4.json b/objects/vulnerability/vulnerability--1c5cf56d-553a-4495-a917-4dda16c4e4b4.json new file mode 100644 index 00000000000..6f0e522f7f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c5cf56d-553a-4495-a917-4dda16c4e4b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--206bced6-918f-425e-9114-f24a13118f6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c5cf56d-553a-4495-a917-4dda16c4e4b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.584923Z", + "modified": "2025-02-27T00:38:15.584923Z", + "name": "CVE-2022-49303", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle\n\nThere is a deadlock in rtw_joinbss_event_prehandle(), which is shown below:\n\n (Thread 1) | (Thread 2)\n | _set_timer()\nrtw_joinbss_event_prehandle()| mod_timer()\n spin_lock_bh() //(1) | (wait a time)\n ... | rtw_join_timeout_handler()\n | _rtw_join_timeout_handler()\n del_timer_sync() | spin_lock_bh() //(2)\n (wait timer to stop) | ...\n\nWe hold pmlmepriv->lock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need pmlmepriv->lock in position (2) of thread 2.\nAs a result, rtw_joinbss_event_prehandle() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_bh(), which could let timer handler to obtain\nthe needed lock. What`s more, we change spin_lock_bh() to\nspin_lock_irq() in _rtw_join_timeout_handler() in order to\nprevent deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49303" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cb940b1-a73e-439f-8373-ee4a814f19cb.json b/objects/vulnerability/vulnerability--1cb940b1-a73e-439f-8373-ee4a814f19cb.json new file mode 100644 index 00000000000..9717b7c5836 --- /dev/null +++ b/objects/vulnerability/vulnerability--1cb940b1-a73e-439f-8373-ee4a814f19cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--217957b6-9b90-4324-9c53-4e530b48fbb0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cb940b1-a73e-439f-8373-ee4a814f19cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.66273Z", + "modified": "2025-02-27T00:38:15.66273Z", + "name": "CVE-2022-49401", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_owner: use strscpy() instead of strlcpy()\n\ncurrent->comm[] is not a string (no guarantee for a zero byte in it).\n\nstrlcpy(s1, s2, l) is calling strlen(s2), potentially\ncausing out-of-bound access, as reported by syzbot:\n\ndetected buffer overflow in __fortify_strlen\n------------[ cut here ]------------\nkernel BUG at lib/string_helpers.c:980!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 4087 Comm: dhcpcd-run-hooks Not tainted 5.18.0-rc3-syzkaller-01537-g20b87e7c29df #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:fortify_panic+0x18/0x1a lib/string_helpers.c:980\nCode: 8c e8 c5 ba e1 fa e9 23 0f bf fa e8 0b 5d 8c f8 eb db 55 48 89 fd e8 e0 49 40 f8 48 89 ee 48 c7 c7 80 f5 26 8a e8 99 09 f1 ff <0f> 0b e8 ca 49 40 f8 48 8b 54 24 18 4c 89 f1 48 c7 c7 00 00 27 8a\nRSP: 0018:ffffc900000074a8 EFLAGS: 00010286\n\nRAX: 000000000000002c RBX: ffff88801226b728 RCX: 0000000000000000\nRDX: ffff8880198e0000 RSI: ffffffff81600458 RDI: fffff52000000e87\nRBP: ffffffff89da2aa0 R08: 000000000000002c R09: 0000000000000000\nR10: ffffffff815fae2e R11: 0000000000000000 R12: ffff88801226b700\nR13: ffff8880198e0830 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f5876ad6ff8 CR3: 000000001a48c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nCall Trace:\n \n __fortify_strlen include/linux/fortify-string.h:128 [inline]\n strlcpy include/linux/fortify-string.h:143 [inline]\n __set_page_owner_handle+0x2b1/0x3e0 mm/page_owner.c:171\n __set_page_owner+0x3e/0x50 mm/page_owner.c:190\n prep_new_page mm/page_alloc.c:2441 [inline]\n get_page_from_freelist+0xba2/0x3e00 mm/page_alloc.c:4182\n __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408\n alloc_pages+0x1aa/0x310 mm/mempolicy.c:2272\n alloc_slab_page mm/slub.c:1799 [inline]\n allocate_slab+0x26c/0x3c0 mm/slub.c:1944\n new_slab mm/slub.c:2004 [inline]\n ___slab_alloc+0x8df/0xf20 mm/slub.c:3005\n __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092\n slab_alloc_node mm/slub.c:3183 [inline]\n slab_alloc mm/slub.c:3225 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3232 [inline]\n kmem_cache_alloc+0x360/0x3b0 mm/slub.c:3242\n dst_alloc+0x146/0x1f0 net/core/dst.c:92", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d32d282-f083-4052-907b-e4e7325bd67b.json b/objects/vulnerability/vulnerability--1d32d282-f083-4052-907b-e4e7325bd67b.json new file mode 100644 index 00000000000..7adcd98ffd7 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d32d282-f083-4052-907b-e4e7325bd67b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99de8526-4cfe-484e-b40e-093b675b00c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d32d282-f083-4052-907b-e4e7325bd67b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.678432Z", + "modified": "2025-02-27T00:38:15.678432Z", + "name": "CVE-2022-49479", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix tx status related use-after-free race on station removal\n\nThere is a small race window where ongoing tx activity can lead to a skb\ngetting added to the status tracking idr after that idr has already been\ncleaned up, which will keep the wcid linked in the status poll list.\nFix this by only adding status skbs if the wcid pointer is still assigned\nin dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d5b237a-ca35-4c7e-a4f2-a8af76bb166a.json b/objects/vulnerability/vulnerability--1d5b237a-ca35-4c7e-a4f2-a8af76bb166a.json new file mode 100644 index 00000000000..028c6f6e183 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d5b237a-ca35-4c7e-a4f2-a8af76bb166a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01f63b1e-dca1-4a13-a730-9156c1e0ad96", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d5b237a-ca35-4c7e-a4f2-a8af76bb166a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.664552Z", + "modified": "2025-02-27T00:38:15.664552Z", + "name": "CVE-2022-49472", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: micrel: Allow probing without .driver_data\n\nCurrently, if the .probe element is present in the phy_driver structure\nand the .driver_data is not, a NULL pointer dereference happens.\n\nAllow passing .probe without .driver_data by inserting NULL checks\nfor priv->type.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49472" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e2b9845-ed9a-4f71-8c28-83e703e7275e.json b/objects/vulnerability/vulnerability--1e2b9845-ed9a-4f71-8c28-83e703e7275e.json new file mode 100644 index 00000000000..46a32ea3098 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e2b9845-ed9a-4f71-8c28-83e703e7275e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf2d26da-7bce-4be8-943a-ff6cf7242ca4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e2b9845-ed9a-4f71-8c28-83e703e7275e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.508667Z", + "modified": "2025-02-27T00:38:15.508667Z", + "name": "CVE-2022-49281", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix handlecache and multiuser\n\nIn multiuser each individual user has their own tcon structure for the\nshare and thus their own handle for a cached directory.\nWhen we umount such a share we much make sure to release the pinned down dentry\nfor each such tcon and not just the master tcon.\n\nOtherwise we will get nasty warnings on umount that dentries are still in use:\n[ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still in use\\\n (2) [unmount of cifs cifs]\n...\n[ 3459.590492] Call Trace:\n[ 3459.590500] d_walk+0x61/0x2a0\n[ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0\n[ 3459.590526] shrink_dcache_for_umount+0x49/0x110\n[ 3459.590535] generic_shutdown_super+0x1a/0x110\n[ 3459.590542] kill_anon_super+0x14/0x30\n[ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs]\n[ 3459.590773] deactivate_locked_super+0x36/0xa0\n[ 3459.590782] cleanup_mnt+0x131/0x190\n[ 3459.590789] task_work_run+0x5c/0x90\n[ 3459.590798] exit_to_user_mode_loop+0x151/0x160\n[ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0\n[ 3459.590818] syscall_exit_to_user_mode+0x12/0x30\n[ 3459.590828] do_syscall_64+0x48/0x90\n[ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49281" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fb2b8d6-2201-455b-bbdd-4be96836aeb2.json b/objects/vulnerability/vulnerability--1fb2b8d6-2201-455b-bbdd-4be96836aeb2.json new file mode 100644 index 00000000000..9a93ed24e69 --- /dev/null +++ b/objects/vulnerability/vulnerability--1fb2b8d6-2201-455b-bbdd-4be96836aeb2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e9af9f4-4403-433f-8cb2-0418006ce40c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fb2b8d6-2201-455b-bbdd-4be96836aeb2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.42974Z", + "modified": "2025-02-27T00:38:15.42974Z", + "name": "CVE-2022-49298", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in r871xu_drv_init()\n\nWhen 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,\n'mac[6]' will not be initialized.\n\nBUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541\n r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x653/0x14b0 drivers/base/dd.c:596\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x653/0x14b0 drivers/base/dd.c:596\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5358 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]\n port_event drivers/usb/core/hub.c:5660 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307\n worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454\n kthread+0x3c7/0x500 kernel/kthread.c:377\n ret_from_fork+0x1f/0x30\n\nLocal variable mac created at:\n r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49298" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fc96a33-e1a7-4d33-bb4c-d4d0844631a0.json b/objects/vulnerability/vulnerability--1fc96a33-e1a7-4d33-bb4c-d4d0844631a0.json new file mode 100644 index 00000000000..0e3daddbdc4 --- /dev/null +++ b/objects/vulnerability/vulnerability--1fc96a33-e1a7-4d33-bb4c-d4d0844631a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8debd6f4-f903-45e4-a58f-7b69464aa35d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fc96a33-e1a7-4d33-bb4c-d4d0844631a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.544098Z", + "modified": "2025-02-27T00:38:15.544098Z", + "name": "CVE-2022-49327", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: avoid journal no-space deadlock by reserving 1 journal bucket\n\nThe journal no-space deadlock was reported time to time. Such deadlock\ncan happen in the following situation.\n\nWhen all journal buckets are fully filled by active jset with heavy\nwrite I/O load, the cache set registration (after a reboot) will load\nall active jsets and inserting them into the btree again (which is\ncalled journal replay). If a journaled bkey is inserted into a btree\nnode and results btree node split, new journal request might be\ntriggered. For example, the btree grows one more level after the node\nsplit, then the root node record in cache device super block will be\nupgrade by bch_journal_meta() from bch_btree_set_root(). But there is no\nspace in journal buckets, the journal replay has to wait for new journal\nbucket to be reclaimed after at least one journal bucket replayed. This\nis one example that how the journal no-space deadlock happens.\n\nThe solution to avoid the deadlock is to reserve 1 journal bucket in\nrun time, and only permit the reserved journal bucket to be used during\ncache set registration procedure for things like journal replay. Then\nthe journal space will never be fully filled, there is no chance for\njournal no-space deadlock to happen anymore.\n\nThis patch adds a new member \"bool do_reserve\" in struct journal, it is\ninititalized to 0 (false) when struct journal is allocated, and set to\n1 (true) by bch_journal_space_reserve() when all initialization done in\nrun_cache_set(). In the run time when journal_reclaim() tries to\nallocate a new journal bucket, free_journal_buckets() is called to check\nwhether there are enough free journal buckets to use. If there is only\n1 free journal bucket and journal->do_reserve is 1 (true), the last\nbucket is reserved and free_journal_buckets() will return 0 to indicate\nno free journal bucket. Then journal_reclaim() will give up, and try\nnext time to see whetheer there is free journal bucket to allocate. By\nthis method, there is always 1 jouranl bucket reserved in run time.\n\nDuring the cache set registration, journal->do_reserve is 0 (false), so\nthe reserved journal bucket can be used to avoid the no-space deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2018a843-c5fb-43df-8b45-2daa8de11a03.json b/objects/vulnerability/vulnerability--2018a843-c5fb-43df-8b45-2daa8de11a03.json new file mode 100644 index 00000000000..5bda4ae29e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--2018a843-c5fb-43df-8b45-2daa8de11a03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c74fc20-7c14-4cb9-b156-55e4de324360", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2018a843-c5fb-43df-8b45-2daa8de11a03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.538376Z", + "modified": "2025-02-27T00:38:15.538376Z", + "name": "CVE-2022-49225", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921s: fix a possible memory leak in mt7921_load_patch\n\nAlways release fw data at the end of mt7921_load_patch routine.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49225" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21460665-a997-4128-86f8-a9b8193aeae3.json b/objects/vulnerability/vulnerability--21460665-a997-4128-86f8-a9b8193aeae3.json new file mode 100644 index 00000000000..95cd8a89eec --- /dev/null +++ b/objects/vulnerability/vulnerability--21460665-a997-4128-86f8-a9b8193aeae3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd7c1b29-ce45-41f8-9afd-a827cf461f81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21460665-a997-4128-86f8-a9b8193aeae3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.774324Z", + "modified": "2025-02-27T00:38:15.774324Z", + "name": "CVE-2022-49219", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix memory leak during D3hot to D0 transition\n\nIf 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does\nnot have No_Soft_Reset bit set in its PMCSR config register), then\nthe current PCI state will be saved locally in\n'vfio_pci_core_device::pm_save' during D0->D3hot transition and same\nwill be restored back during D3hot->D0 transition.\nFor saving the PCI state locally, pci_store_saved_state() is being\nused and the pci_load_and_free_saved_state() will free the allocated\nmemory.\n\nBut for reset related IOCTLs, vfio driver calls PCI reset-related\nAPI's which will internally change the PCI power state back to D0. So,\nwhen the guest resumes, then it will get the current state as D0 and it\nwill skip the call to vfio_pci_set_power_state() for changing the\npower state to D0 explicitly. In this case, the memory pointed by\n'pm_save' will never be freed. In a malicious sequence, the state changing\nto D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be\nrun in a loop and it can cause an OOM situation.\n\nThis patch frees the earlier allocated memory first before overwriting\n'pm_save' to prevent the mentioned memory leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49219" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21ed310c-1886-49e1-a2d1-7fc68dc6aeb5.json b/objects/vulnerability/vulnerability--21ed310c-1886-49e1-a2d1-7fc68dc6aeb5.json new file mode 100644 index 00000000000..5712e98b817 --- /dev/null +++ b/objects/vulnerability/vulnerability--21ed310c-1886-49e1-a2d1-7fc68dc6aeb5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f94c336-73c4-43ae-a115-318c7f4d67c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21ed310c-1886-49e1-a2d1-7fc68dc6aeb5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.301014Z", + "modified": "2025-02-27T00:38:15.301014Z", + "name": "CVE-2022-49249", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wc938x: fix accessing array out of bounds for enum type\n\nAccessing enums using integer would result in array out of bounds access\non platforms like aarch64 where sizeof(long) is 8 compared to enum size\nwhich is 4 bytes.\n\nFix this by using enumerated items instead of integers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49249" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22702ab0-56b1-4197-9db2-5a62619481ee.json b/objects/vulnerability/vulnerability--22702ab0-56b1-4197-9db2-5a62619481ee.json new file mode 100644 index 00000000000..e7f419dd54f --- /dev/null +++ b/objects/vulnerability/vulnerability--22702ab0-56b1-4197-9db2-5a62619481ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f151fca-5a09-47de-9e5d-5f6041198778", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22702ab0-56b1-4197-9db2-5a62619481ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.448007Z", + "modified": "2025-02-27T00:38:15.448007Z", + "name": "CVE-2022-49229", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: unregister virtual clocks when unregistering physical clock.\n\nWhen unregistering a physical clock which has some virtual clocks,\nunregister the virtual clocks with it.\n\nThis fixes the following oops, which can be triggered by unloading\na driver providing a PTP clock when it has enabled virtual clocks:\n\nBUG: unable to handle page fault for address: ffffffffc04fc4d8\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:ptp_vclock_read+0x31/0xb0\nCall Trace:\n timecounter_read+0xf/0x50\n ptp_vclock_refresh+0x2c/0x50\n ? ptp_clock_release+0x40/0x40\n ptp_aux_kworker+0x17/0x30\n kthread_worker_fn+0x9b/0x240\n ? kthread_should_park+0x30/0x30\n kthread+0xe2/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49229" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2330888a-5ff0-420e-80e8-7fe30160b3c2.json b/objects/vulnerability/vulnerability--2330888a-5ff0-420e-80e8-7fe30160b3c2.json new file mode 100644 index 00000000000..6f1bdf4f909 --- /dev/null +++ b/objects/vulnerability/vulnerability--2330888a-5ff0-420e-80e8-7fe30160b3c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a84e348-afdb-4d7d-b108-7390cfa5884c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2330888a-5ff0-420e-80e8-7fe30160b3c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.31273Z", + "modified": "2025-02-27T00:38:15.31273Z", + "name": "CVE-2022-49655", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: Fix invalidation/lookup race\n\nIf an NFS file is opened for writing and closed, fscache_invalidate() will\nbe asked to invalidate the file - however, if the cookie is in the\nLOOKING_UP state (or the CREATING state), then request to invalidate\ndoesn't get recorded for fscache_cookie_state_machine() to do something\nwith.\n\nFix this by making __fscache_invalidate() set a flag if it sees the cookie\nis in the LOOKING_UP state to indicate that we need to go to invalidation.\nNote that this requires a count on the n_accesses counter for the state\nmachine, which that will release when it's done.\n\nfscache_cookie_state_machine() then shifts to the INVALIDATING state if it\nsees the flag.\n\nWithout this, an nfs file can get corrupted if it gets modified locally and\nthen read locally as the cache contents may not get updated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23379fb5-8157-4e61-b8e2-497b2d325f89.json b/objects/vulnerability/vulnerability--23379fb5-8157-4e61-b8e2-497b2d325f89.json new file mode 100644 index 00000000000..9ab81540382 --- /dev/null +++ b/objects/vulnerability/vulnerability--23379fb5-8157-4e61-b8e2-497b2d325f89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--108a79e4-b436-4ea5-b1e1-266aa6af89fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23379fb5-8157-4e61-b8e2-497b2d325f89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.195048Z", + "modified": "2025-02-27T00:38:11.195048Z", + "name": "CVE-2021-47649", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: validate ubuf->pagecount\n\nSyzbot has reported GPF in sg_alloc_append_table_from_pages(). The\nproblem was in ubuf->pages == ZERO_PTR.\n\nubuf->pagecount is calculated from arguments passed from user-space. If\nuser creates udmabuf with list.size == 0 then ubuf->pagecount will be\nalso equal to zero; it causes kmalloc_array() to return ZERO_PTR.\n\nFix it by validating ubuf->pagecount before passing it to\nkmalloc_array().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47649" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23db8778-8546-453a-a481-41532d60a927.json b/objects/vulnerability/vulnerability--23db8778-8546-453a-a481-41532d60a927.json new file mode 100644 index 00000000000..e348d7649c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--23db8778-8546-453a-a481-41532d60a927.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afa3887b-348e-42ae-bc55-7da5a249224e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23db8778-8546-453a-a481-41532d60a927", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.796044Z", + "modified": "2025-02-27T00:38:15.796044Z", + "name": "CVE-2022-49531", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: implement ->free_disk\n\nEnsure that the lo_device which is stored in the gendisk private\ndata is valid until the gendisk is freed. Currently the loop driver\nuses a lot of effort to make sure a device is not freed when it is\nstill in use, but to to fix a potential deadlock this will be relaxed\na bit soon.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24531031-b2ab-4b35-b862-dfa16932b821.json b/objects/vulnerability/vulnerability--24531031-b2ab-4b35-b862-dfa16932b821.json new file mode 100644 index 00000000000..36ce15a0620 --- /dev/null +++ b/objects/vulnerability/vulnerability--24531031-b2ab-4b35-b862-dfa16932b821.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--484e3369-1f1b-4dd5-a7f8-bea5643e829e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24531031-b2ab-4b35-b862-dfa16932b821", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.504105Z", + "modified": "2025-02-27T00:38:07.504105Z", + "name": "CVE-2025-0234", + "description": "Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24d8d0a1-8dd0-47bc-89fd-ffbc08489977.json b/objects/vulnerability/vulnerability--24d8d0a1-8dd0-47bc-89fd-ffbc08489977.json new file mode 100644 index 00000000000..87f9e7815a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--24d8d0a1-8dd0-47bc-89fd-ffbc08489977.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9304ca1-9dae-48bc-8ea3-6a1d4e11bfd0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24d8d0a1-8dd0-47bc-89fd-ffbc08489977", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.70677Z", + "modified": "2025-02-27T00:38:07.70677Z", + "name": "CVE-2025-25789", + "description": "FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \\controller\\Sitemap.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--256ae3d5-f654-4631-83f0-7f30c8ac5cdb.json b/objects/vulnerability/vulnerability--256ae3d5-f654-4631-83f0-7f30c8ac5cdb.json new file mode 100644 index 00000000000..0fc22ae81f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--256ae3d5-f654-4631-83f0-7f30c8ac5cdb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1aabec58-c59d-4be1-86dc-ba2832c4d186", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--256ae3d5-f654-4631-83f0-7f30c8ac5cdb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.74617Z", + "modified": "2025-02-27T00:38:15.74617Z", + "name": "CVE-2022-49505", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: NULL out the dev->rfkill to prevent UAF\n\nCommit 3e3b5dfcd16a (\"NFC: reorder the logic in nfc_{un,}register_device\")\nassumes the device_is_registered() in function nfc_dev_up() will help\nto check when the rfkill is unregistered. However, this check only\ntake effect when device_del(&dev->dev) is done in nfc_unregister_device().\nHence, the rfkill object is still possible be dereferenced.\n\nThe crash trace in latest kernel (5.18-rc2):\n\n[ 68.760105] ==================================================================\n[ 68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750\n[ 68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313\n[ 68.760756]\n[ 68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4\n[ 68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 68.760756] Call Trace:\n[ 68.760756] \n[ 68.760756] dump_stack_lvl+0x57/0x7d\n[ 68.760756] print_report.cold+0x5e/0x5db\n[ 68.760756] ? __lock_acquire+0x3ec1/0x6750\n[ 68.760756] kasan_report+0xbe/0x1c0\n[ 68.760756] ? __lock_acquire+0x3ec1/0x6750\n[ 68.760756] __lock_acquire+0x3ec1/0x6750\n[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 68.760756] ? register_lock_class+0x18d0/0x18d0\n[ 68.760756] lock_acquire+0x1ac/0x4f0\n[ 68.760756] ? rfkill_blocked+0xe/0x60\n[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 68.760756] ? mutex_lock_io_nested+0x12c0/0x12c0\n[ 68.760756] ? nla_get_range_signed+0x540/0x540\n[ 68.760756] ? _raw_spin_lock_irqsave+0x4e/0x50\n[ 68.760756] _raw_spin_lock_irqsave+0x39/0x50\n[ 68.760756] ? rfkill_blocked+0xe/0x60\n[ 68.760756] rfkill_blocked+0xe/0x60\n[ 68.760756] nfc_dev_up+0x84/0x260\n[ 68.760756] nfc_genl_dev_up+0x90/0xe0\n[ 68.760756] genl_family_rcv_msg_doit+0x1f4/0x2f0\n[ 68.760756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230\n[ 68.760756] ? security_capable+0x51/0x90\n[ 68.760756] genl_rcv_msg+0x280/0x500\n[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0\n[ 68.760756] ? lock_acquire+0x1ac/0x4f0\n[ 68.760756] ? nfc_genl_dev_down+0xe0/0xe0\n[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 68.760756] netlink_rcv_skb+0x11b/0x340\n[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0\n[ 68.760756] ? netlink_ack+0x9c0/0x9c0\n[ 68.760756] ? netlink_deliver_tap+0x136/0xb00\n[ 68.760756] genl_rcv+0x1f/0x30\n[ 68.760756] netlink_unicast+0x430/0x710\n[ 68.760756] ? memset+0x20/0x40\n[ 68.760756] ? netlink_attachskb+0x740/0x740\n[ 68.760756] ? __build_skb_around+0x1f4/0x2a0\n[ 68.760756] netlink_sendmsg+0x75d/0xc00\n[ 68.760756] ? netlink_unicast+0x710/0x710\n[ 68.760756] ? netlink_unicast+0x710/0x710\n[ 68.760756] sock_sendmsg+0xdf/0x110\n[ 68.760756] __sys_sendto+0x19e/0x270\n[ 68.760756] ? __ia32_sys_getpeername+0xa0/0xa0\n[ 68.760756] ? fd_install+0x178/0x4c0\n[ 68.760756] ? fd_install+0x195/0x4c0\n[ 68.760756] ? kernel_fpu_begin_mask+0x1c0/0x1c0\n[ 68.760756] __x64_sys_sendto+0xd8/0x1b0\n[ 68.760756] ? lockdep_hardirqs_on+0xbf/0x130\n[ 68.760756] ? syscall_enter_from_user_mode+0x1d/0x50\n[ 68.760756] do_syscall_64+0x3b/0x90\n[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 68.760756] RIP: 0033:0x7f67fb50e6b3\n...\n[ 68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c\n[ 68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3\n[ 68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003\n[ 68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c\n[ 68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e\n[ 68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003\n\n[ 68.760756] \n[ 68.760756]\n[ 68.760756] Allocated by task 279:\n[ 68.760756] kasan_save_stack+0x1e/0x40\n[\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49505" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2586845c-f699-4a85-9abb-86d93ef542af.json b/objects/vulnerability/vulnerability--2586845c-f699-4a85-9abb-86d93ef542af.json new file mode 100644 index 00000000000..14d95d6888a --- /dev/null +++ b/objects/vulnerability/vulnerability--2586845c-f699-4a85-9abb-86d93ef542af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8361dc06-dd48-4146-bcf4-d94ee7503862", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2586845c-f699-4a85-9abb-86d93ef542af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.605796Z", + "modified": "2025-02-27T00:38:07.605796Z", + "name": "CVE-2025-26925", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--259c91f9-e6d2-4cfd-a45c-a06dbdbc9ad1.json b/objects/vulnerability/vulnerability--259c91f9-e6d2-4cfd-a45c-a06dbdbc9ad1.json new file mode 100644 index 00000000000..88eea301d89 --- /dev/null +++ b/objects/vulnerability/vulnerability--259c91f9-e6d2-4cfd-a45c-a06dbdbc9ad1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ca710b9-63e7-4b40-af77-917871c81fb6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--259c91f9-e6d2-4cfd-a45c-a06dbdbc9ad1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.470975Z", + "modified": "2025-02-27T00:38:15.470975Z", + "name": "CVE-2022-49607", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix data race between perf_event_set_output() and perf_mmap_close()\n\nYang Jihing reported a race between perf_event_set_output() and\nperf_mmap_close():\n\n\tCPU1\t\t\t\t\tCPU2\n\n\tperf_mmap_close(e2)\n\t if (atomic_dec_and_test(&e2->rb->mmap_count)) // 1 - > 0\n\t detach_rest = true\n\n\t\t\t\t\t\tioctl(e1, IOC_SET_OUTPUT, e2)\n\t\t\t\t\t\t perf_event_set_output(e1, e2)\n\n\t ...\n\t list_for_each_entry_rcu(e, &e2->rb->event_list, rb_entry)\n\t ring_buffer_attach(e, NULL);\n\t // e1 isn't yet added and\n\t // therefore not detached\n\n\t\t\t\t\t\t ring_buffer_attach(e1, e2->rb)\n\t\t\t\t\t\t list_add_rcu(&e1->rb_entry,\n\t\t\t\t\t\t\t\t &e2->rb->event_list)\n\nAfter this; e1 is attached to an unmapped rb and a subsequent\nperf_mmap() will loop forever more:\n\n\tagain:\n\t\tmutex_lock(&e->mmap_mutex);\n\t\tif (event->rb) {\n\t\t\t...\n\t\t\tif (!atomic_inc_not_zero(&e->rb->mmap_count)) {\n\t\t\t\t...\n\t\t\t\tmutex_unlock(&e->mmap_mutex);\n\t\t\t\tgoto again;\n\t\t\t}\n\t\t}\n\nThe loop in perf_mmap_close() holds e2->mmap_mutex, while the attach\nin perf_event_set_output() holds e1->mmap_mutex. As such there is no\nserialization to avoid this race.\n\nChange perf_event_set_output() to take both e1->mmap_mutex and\ne2->mmap_mutex to alleviate that problem. Additionally, have the loop\nin perf_mmap() detach the rb directly, this avoids having to wait for\nthe concurrent perf_mmap_close() to get around to doing it to make\nprogress.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25ce956b-eb9e-4d1d-ba9a-2c8f1cb2f4a0.json b/objects/vulnerability/vulnerability--25ce956b-eb9e-4d1d-ba9a-2c8f1cb2f4a0.json new file mode 100644 index 00000000000..3d1ddc52dcf --- /dev/null +++ b/objects/vulnerability/vulnerability--25ce956b-eb9e-4d1d-ba9a-2c8f1cb2f4a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--352b642b-18b2-4a91-919c-353025aa684d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25ce956b-eb9e-4d1d-ba9a-2c8f1cb2f4a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.628614Z", + "modified": "2025-02-27T00:38:15.628614Z", + "name": "CVE-2022-49340", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_gre: test csum_start instead of transport header\n\nGRE with TUNNEL_CSUM will apply local checksum offload on\nCHECKSUM_PARTIAL packets.\n\nipgre_xmit must validate csum_start after an optional skb_pull,\nelse lco_csum may trigger an overflow. The original check was\n\n\tif (csum && skb_checksum_start(skb) < skb->data)\n\t\treturn -EINVAL;\n\nThis had false positives when skb_checksum_start is undefined:\nwhen ip_summed is not CHECKSUM_PARTIAL. A discussed refinement\nwas straightforward\n\n\tif (csum && skb->ip_summed == CHECKSUM_PARTIAL &&\n\t skb_checksum_start(skb) < skb->data)\n\t\treturn -EINVAL;\n\nBut was eventually revised more thoroughly:\n- restrict the check to the only branch where needed, in an\n uncommon GRE path that uses header_ops and calls skb_pull.\n- test skb_transport_header, which is set along with csum_start\n in skb_partial_csum_set in the normal header_ops datapath.\n\nTurns out skbs can arrive in this branch without the transport\nheader set, e.g., through BPF redirection.\n\nRevise the check back to check csum_start directly, and only if\nCHECKSUM_PARTIAL. Do leave the check in the updated location.\nCheck field regardless of whether TUNNEL_CSUM is configured.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49340" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25e40417-bd8e-4517-9ec0-474af64027cc.json b/objects/vulnerability/vulnerability--25e40417-bd8e-4517-9ec0-474af64027cc.json new file mode 100644 index 00000000000..ebcfc2ad21e --- /dev/null +++ b/objects/vulnerability/vulnerability--25e40417-bd8e-4517-9ec0-474af64027cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2702ba1f-c3fd-4911-9c8e-9fa42425add3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25e40417-bd8e-4517-9ec0-474af64027cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.790347Z", + "modified": "2025-02-27T00:38:15.790347Z", + "name": "CVE-2022-49560", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: check if cluster num is valid\n\nSyzbot reported slab-out-of-bounds read in exfat_clear_bitmap.\nThis was triggered by reproducer calling truncute with size 0,\nwhich causes the following trace:\n\nBUG: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174\nRead of size 8 at addr ffff888115aa9508 by task syz-executor251/365\n\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118\n print_address_description+0x81/0x3c0 mm/kasan/report.c:233\n __kasan_report mm/kasan/report.c:419 [inline]\n kasan_report+0x1a4/0x1f0 mm/kasan/report.c:436\n __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309\n exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174\n exfat_free_cluster+0x25a/0x4a0 fs/exfat/fatent.c:181\n __exfat_truncate+0x99e/0xe00 fs/exfat/file.c:217\n exfat_truncate+0x11b/0x4f0 fs/exfat/file.c:243\n exfat_setattr+0xa03/0xd40 fs/exfat/file.c:339\n notify_change+0xb76/0xe10 fs/attr.c:336\n do_truncate+0x1ea/0x2d0 fs/open.c:65\n\nMove the is_valid_cluster() helper from fatent.c to a common\nheader to make it reusable in other *.c files. And add is_valid_cluster()\nto validate if cluster number is within valid range in exfat_clear_bitmap()\nand exfat_set_bitmap().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49560" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--263b5c91-b51b-4933-9fbe-23e5b9e9654d.json b/objects/vulnerability/vulnerability--263b5c91-b51b-4933-9fbe-23e5b9e9654d.json new file mode 100644 index 00000000000..4d6ac995723 --- /dev/null +++ b/objects/vulnerability/vulnerability--263b5c91-b51b-4933-9fbe-23e5b9e9654d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa33f155-9f93-45c1-b00a-c405d41cf1bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--263b5c91-b51b-4933-9fbe-23e5b9e9654d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.740925Z", + "modified": "2025-02-27T00:38:07.740925Z", + "name": "CVE-2025-25823", + "description": "A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--271f2ca2-a556-4d09-ab9d-6b5d83f5865a.json b/objects/vulnerability/vulnerability--271f2ca2-a556-4d09-ab9d-6b5d83f5865a.json new file mode 100644 index 00000000000..ebc78373e8b --- /dev/null +++ b/objects/vulnerability/vulnerability--271f2ca2-a556-4d09-ab9d-6b5d83f5865a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92e8a1e3-5a89-4340-962b-5f31506cfe9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--271f2ca2-a556-4d09-ab9d-6b5d83f5865a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.789159Z", + "modified": "2025-02-27T00:38:15.789159Z", + "name": "CVE-2022-49430", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - cancel delayed work only in case of GPIO\n\ngpio_keys module can either accept gpios or interrupts. The module\ninitializes delayed work in case of gpios only and is only used if\ndebounce timer is not used, so make sure cancel_delayed_work_sync()\nis called only when its gpio-backed and debounce_use_hrtimer is false.\n\nThis fixes the issue seen below when the gpio_keys module is unloaded and\nan interrupt pin is used instead of GPIO:\n\n[ 360.297569] ------------[ cut here ]------------\n[ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470\n[ 360.310531] Modules linked in: gpio_keys(-)\n[ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166\n[ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT)\n[ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 360.338318] pc : __flush_work+0x414/0x470\n[ 360.342385] lr : __cancel_work_timer+0x140/0x1b0\n[ 360.347065] sp : ffff80000a7fba00\n[ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000\n[ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001\n[ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000\n[ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48\n[ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40\n[ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c\n[ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008\n[ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080\n[ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458\n[ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000\n[ 360.422818] Call trace:\n[ 360.425299] __flush_work+0x414/0x470\n[ 360.429012] __cancel_work_timer+0x140/0x1b0\n[ 360.433340] cancel_delayed_work_sync+0x10/0x18\n[ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys]\n[ 360.443327] devm_action_release+0x10/0x18\n[ 360.447481] release_nodes+0x8c/0x1a0\n[ 360.451194] devres_release_all+0x90/0x100\n[ 360.455346] device_unbind_cleanup+0x14/0x60\n[ 360.459677] device_release_driver_internal+0xe8/0x168\n[ 360.464883] driver_detach+0x4c/0x90\n[ 360.468509] bus_remove_driver+0x54/0xb0\n[ 360.472485] driver_unregister+0x2c/0x58\n[ 360.476462] platform_driver_unregister+0x10/0x18\n[ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys]\n[ 360.486088] __arm64_sys_delete_module+0x1e0/0x270\n[ 360.490945] invoke_syscall+0x40/0xf8\n[ 360.494661] el0_svc_common.constprop.3+0xf0/0x110\n[ 360.499515] do_el0_svc+0x20/0x78\n[ 360.502877] el0_svc+0x48/0xf8\n[ 360.505977] el0t_64_sync_handler+0x88/0xb0\n[ 360.510216] el0t_64_sync+0x148/0x14c\n[ 360.513930] irq event stamp: 4306\n[ 360.517288] hardirqs last enabled at (4305): [] __cancel_work_timer+0x130/0x1b0\n[ 360.526359] hardirqs last disabled at (4306): [] el1_dbg+0x24/0x88\n[ 360.534204] softirqs last enabled at (4278): [] _stext+0x4a0/0x5e0\n[ 360.542133] softirqs last disabled at (4267): [] irq_exit_rcu+0x18c/0x1b0\n[ 360.550591] ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49430" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27bd8128-c38c-4446-bacb-980884397273.json b/objects/vulnerability/vulnerability--27bd8128-c38c-4446-bacb-980884397273.json new file mode 100644 index 00000000000..fcf36677078 --- /dev/null +++ b/objects/vulnerability/vulnerability--27bd8128-c38c-4446-bacb-980884397273.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f391020-8ff7-45c8-a6aa-c788240d15fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27bd8128-c38c-4446-bacb-980884397273", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.513425Z", + "modified": "2025-02-27T00:38:07.513425Z", + "name": "CVE-2025-0719", + "description": "IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0719" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--281e566a-f259-4ede-a3f9-4c982d8fb249.json b/objects/vulnerability/vulnerability--281e566a-f259-4ede-a3f9-4c982d8fb249.json new file mode 100644 index 00000000000..2babcbf3ae8 --- /dev/null +++ b/objects/vulnerability/vulnerability--281e566a-f259-4ede-a3f9-4c982d8fb249.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--272be63d-6722-43d8-ab51-a860e7177832", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--281e566a-f259-4ede-a3f9-4c982d8fb249", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.484379Z", + "modified": "2025-02-27T00:38:15.484379Z", + "name": "CVE-2022-49166", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: add sanity check on allocation size\n\nntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation\nsize. It triggers one BUG in the __ntfs_malloc function.\n\nFix this by adding sanity check on ni->attr_list_size.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49166" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a072e06-0027-4107-ab74-2b4913bc5e42.json b/objects/vulnerability/vulnerability--2a072e06-0027-4107-ab74-2b4913bc5e42.json new file mode 100644 index 00000000000..000c2eb4de1 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a072e06-0027-4107-ab74-2b4913bc5e42.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--50e76e6e-4e93-4da8-838c-67a07f1380d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a072e06-0027-4107-ab74-2b4913bc5e42", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.283727Z", + "modified": "2025-02-27T00:38:15.283727Z", + "name": "CVE-2022-49448", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: bcm: Check for NULL return of devm_kzalloc()\n\nAs the potential failure of allocation, devm_kzalloc() may return NULL. Then\nthe 'pd->pmb' and the follow lines of code may bring null pointer dereference.\n\nTherefore, it is better to check the return value of devm_kzalloc() to avoid\nthis confusion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49448" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a384c08-5c36-40d0-8fc2-1e020cdbdc77.json b/objects/vulnerability/vulnerability--2a384c08-5c36-40d0-8fc2-1e020cdbdc77.json new file mode 100644 index 00000000000..64815cc76e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a384c08-5c36-40d0-8fc2-1e020cdbdc77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f387010c-1568-4db1-91d3-a90f4429eb33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a384c08-5c36-40d0-8fc2-1e020cdbdc77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.425885Z", + "modified": "2025-02-27T00:38:15.425885Z", + "name": "CVE-2022-49208", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Prevent some integer underflows\n\nMy static checker complains that:\n\n drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init()\n warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'?\n\nIt appears that \"info->dev->hmc_fpm_misc.max_ceqs\" comes from the firmware\nin irdma_sc_parse_fpm_query_buf() so, yes, there is a chance that it could\nbe zero. Even if we trust the firmware, it's easy enough to change the\ncondition just as a hardenning measure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49208" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a427598-acd3-4320-85ea-1340b0004345.json b/objects/vulnerability/vulnerability--2a427598-acd3-4320-85ea-1340b0004345.json new file mode 100644 index 00000000000..ccbc5c00ddc --- /dev/null +++ b/objects/vulnerability/vulnerability--2a427598-acd3-4320-85ea-1340b0004345.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fb1668f-4c9f-4d4a-9f5e-6cded800c928", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a427598-acd3-4320-85ea-1340b0004345", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.616117Z", + "modified": "2025-02-27T00:38:15.616117Z", + "name": "CVE-2022-49517", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe\n\nThis node pointer is returned by of_parse_phandle() with\nrefcount incremented in this function.\nCalling of_node_put() to avoid the refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a5e99e5-79e8-4fc1-9ac9-a53b4c97a1ec.json b/objects/vulnerability/vulnerability--2a5e99e5-79e8-4fc1-9ac9-a53b4c97a1ec.json new file mode 100644 index 00000000000..16434484bea --- /dev/null +++ b/objects/vulnerability/vulnerability--2a5e99e5-79e8-4fc1-9ac9-a53b4c97a1ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3aa325b6-0bca-45e3-86de-20bea261faa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a5e99e5-79e8-4fc1-9ac9-a53b4c97a1ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.225007Z", + "modified": "2025-02-27T00:38:11.225007Z", + "name": "CVE-2021-47650", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-compress: prevent the potentially use of null pointer\n\nThere is one call trace that snd_soc_register_card()\n->snd_soc_bind_card()->soc_init_pcm_runtime()\n->snd_soc_dai_compress_new()->snd_soc_new_compress().\nIn the trace the 'codec_dai' transfers from card->dai_link,\nand we can see from the snd_soc_add_pcm_runtime() in\nsnd_soc_bind_card() that, if value of card->dai_link->num_codecs\nis 0, then 'codec_dai' could be null pointer caused\nby index out of bound in 'asoc_rtd_to_codec(rtd, 0)'.\nAnd snd_soc_register_card() is called by various platforms.\nTherefore, it is better to add the check in the case of misusing.\nAnd because 'cpu_dai' has already checked in soc_init_pcm_runtime(),\nthere is no need to check again.\nAdding the check as follow, then if 'codec_dai' is null,\nsnd_soc_new_compress() will not pass through the check\n'if (playback + capture != 1)', avoiding the leftover use of\n'codec_dai'.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a606867-7a07-4b85-b11b-c78f436a4a13.json b/objects/vulnerability/vulnerability--2a606867-7a07-4b85-b11b-c78f436a4a13.json new file mode 100644 index 00000000000..537e257b97b --- /dev/null +++ b/objects/vulnerability/vulnerability--2a606867-7a07-4b85-b11b-c78f436a4a13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a464b187-8fcb-41ca-9928-1e1ad3512db8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a606867-7a07-4b85-b11b-c78f436a4a13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.691655Z", + "modified": "2025-02-27T00:38:15.691655Z", + "name": "CVE-2022-49155", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()\n\n[ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020\n[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]\n[ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1\n[ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018\n[ 12.356356] Call Trace:\n[ 12.358821] dump_stack_lvl+0x34/0x44\n[ 12.362514] check_preemption_disabled+0xd9/0xe0\n[ 12.367164] qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]\n[ 12.372481] qla2x00_probe_one+0xa3a/0x1b80 [qla2xxx]\n[ 12.377617] ? _raw_spin_lock_irqsave+0x19/0x40\n[ 12.384284] local_pci_probe+0x42/0x80\n[ 12.390162] ? pci_match_device+0xd7/0x110\n[ 12.396366] pci_device_probe+0xfd/0x1b0\n[ 12.402372] really_probe+0x1e7/0x3e0\n[ 12.408114] __driver_probe_device+0xfe/0x180\n[ 12.414544] driver_probe_device+0x1e/0x90\n[ 12.420685] __driver_attach+0xc0/0x1c0\n[ 12.426536] ? __device_attach_driver+0xe0/0xe0\n[ 12.433061] ? __device_attach_driver+0xe0/0xe0\n[ 12.439538] bus_for_each_dev+0x78/0xc0\n[ 12.445294] bus_add_driver+0x12b/0x1e0\n[ 12.451021] driver_register+0x8f/0xe0\n[ 12.456631] ? 0xffffffffc07bc000\n[ 12.461773] qla2x00_module_init+0x1be/0x229 [qla2xxx]\n[ 12.468776] do_one_initcall+0x44/0x200\n[ 12.474401] ? load_module+0xad3/0xba0\n[ 12.479908] ? kmem_cache_alloc_trace+0x45/0x410\n[ 12.486268] do_init_module+0x5c/0x280\n[ 12.491730] __do_sys_init_module+0x12e/0x1b0\n[ 12.497785] do_syscall_64+0x3b/0x90\n[ 12.503029] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 12.509764] RIP: 0033:0x7f554f73ab2e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49155" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b2e0d4f-3ce6-4087-9b58-2e86a45b6a7b.json b/objects/vulnerability/vulnerability--2b2e0d4f-3ce6-4087-9b58-2e86a45b6a7b.json new file mode 100644 index 00000000000..e7abd42425d --- /dev/null +++ b/objects/vulnerability/vulnerability--2b2e0d4f-3ce6-4087-9b58-2e86a45b6a7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ad06da3-8161-4456-b864-6eaca12dee3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b2e0d4f-3ce6-4087-9b58-2e86a45b6a7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.418144Z", + "modified": "2025-02-27T00:38:15.418144Z", + "name": "CVE-2022-49525", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx25821: Fix the warning when removing the module\n\nWhen removing the module, we will get the following warning:\n\n[ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'\n[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0\n[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0\n[ 14.759589] Call Trace:\n[ 14.759792] \n[ 14.759975] unregister_irq_proc+0x14c/0x170\n[ 14.760340] irq_free_descs+0x94/0xe0\n[ 14.760640] mp_unmap_irq+0xb6/0x100\n[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40\n[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320\n[ 14.761688] pci_disable_device+0x1ad/0x380\n[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60\n[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]\n[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]\n[ 14.763242] pci_device_remove+0x92/0x240\n\nFix this by freeing the irq before call pci_disable_device().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49525" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b7a71b1-e0c8-47e7-bace-0220b187d5da.json b/objects/vulnerability/vulnerability--2b7a71b1-e0c8-47e7-bace-0220b187d5da.json new file mode 100644 index 00000000000..6c12116080c --- /dev/null +++ b/objects/vulnerability/vulnerability--2b7a71b1-e0c8-47e7-bace-0220b187d5da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95530e54-92ff-4c75-b968-3c7264003e37", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b7a71b1-e0c8-47e7-bace-0220b187d5da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.74434Z", + "modified": "2025-02-27T00:38:15.74434Z", + "name": "CVE-2022-49463", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe\n\nof_find_node_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2bf545de-39b3-40ce-b093-46c5cc6aa7fa.json b/objects/vulnerability/vulnerability--2bf545de-39b3-40ce-b093-46c5cc6aa7fa.json new file mode 100644 index 00000000000..b22bdf64d0e --- /dev/null +++ b/objects/vulnerability/vulnerability--2bf545de-39b3-40ce-b093-46c5cc6aa7fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65c29b50-fcc9-4e5a-9c3b-e63c4cf8680b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2bf545de-39b3-40ce-b093-46c5cc6aa7fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.68605Z", + "modified": "2025-02-27T00:38:07.68605Z", + "name": "CVE-2025-1716", + "description": "picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1716" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d31a239-2bbf-4e3d-aa64-073b41967bd1.json b/objects/vulnerability/vulnerability--2d31a239-2bbf-4e3d-aa64-073b41967bd1.json new file mode 100644 index 00000000000..0872e053c13 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d31a239-2bbf-4e3d-aa64-073b41967bd1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5768d2fc-7d5a-410e-a187-98a69368e2a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d31a239-2bbf-4e3d-aa64-073b41967bd1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.693467Z", + "modified": "2025-02-27T00:38:15.693467Z", + "name": "CVE-2022-49491", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop: fix possible null-ptr-deref in vop_bind()\n\nIt will cause null-ptr-deref in resource_size(), if platform_get_resource()\nreturns NULL, move calling resource_size() after devm_ioremap_resource() that\nwill check 'res' to avoid null-ptr-deref.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d9d1e78-53d0-47cc-a4ae-9b51b8798511.json b/objects/vulnerability/vulnerability--2d9d1e78-53d0-47cc-a4ae-9b51b8798511.json new file mode 100644 index 00000000000..c7f0aeae087 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d9d1e78-53d0-47cc-a4ae-9b51b8798511.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ab15eb9-a611-4c68-a9ee-11dfdeffebdf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d9d1e78-53d0-47cc-a4ae-9b51b8798511", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.207153Z", + "modified": "2025-02-27T00:38:11.207153Z", + "name": "CVE-2021-47635", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix to add refcount once page is set private\n\nMM defined the rule [1] very clearly that once page was set with PG_private\nflag, we should increment the refcount in that page, also main flows like\npageout(), migrate_page() will assume there is one additional page\nreference count if page_has_private() returns true. Otherwise, we may\nget a BUG in page migration:\n\n page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8\n index:0xe2 pfn:0x14c12\n aops:ubifs_file_address_operations [ubifs] ino:8f1 dentry name:\"f30e\"\n flags: 0x1fffff80002405(locked|uptodate|owner_priv_1|private|node=0|\n zone=1|lastcpupid=0x1fffff)\n page dumped because: VM_BUG_ON_PAGE(page_count(page) != 0)\n ------------[ cut here ]------------\n kernel BUG at include/linux/page_ref.h:184!\n invalid opcode: 0000 [#1] SMP\n CPU: 3 PID: 38 Comm: kcompactd0 Not tainted 5.15.0-rc5\n RIP: 0010:migrate_page_move_mapping+0xac3/0xe70\n Call Trace:\n ubifs_migrate_page+0x22/0xc0 [ubifs]\n move_to_new_page+0xb4/0x600\n migrate_pages+0x1523/0x1cc0\n compact_zone+0x8c5/0x14b0\n kcompactd+0x2bc/0x560\n kthread+0x18c/0x1e0\n ret_from_fork+0x1f/0x30\n\nBefore the time, we should make clean a concept, what does refcount means\nin page gotten from grab_cache_page_write_begin(). There are 2 situations:\nSituation 1: refcount is 3, page is created by __page_cache_alloc.\n TYPE_A - the write process is using this page\n TYPE_B - page is assigned to one certain mapping by calling\n\t __add_to_page_cache_locked()\n TYPE_C - page is added into pagevec list corresponding current cpu by\n\t calling lru_cache_add()\nSituation 2: refcount is 2, page is gotten from the mapping's tree\n TYPE_B - page has been assigned to one certain mapping\n TYPE_A - the write process is using this page (by calling\n\t page_cache_get_speculative())\nFilesystem releases one refcount by calling put_page() in xxx_write_end(),\nthe released refcount corresponds to TYPE_A (write task is using it). If\nthere are any processes using a page, page migration process will skip the\npage by judging whether expected_page_refs() equals to page refcount.\n\nThe BUG is caused by following process:\n PA(cpu 0) kcompactd(cpu 1)\n\t\t\t\tcompact_zone\nubifs_write_begin\n page_a = grab_cache_page_write_begin\n add_to_page_cache_lru\n lru_cache_add\n pagevec_add // put page into cpu 0's pagevec\n (refcnf = 3, for page creation process)\nubifs_write_end\n SetPagePrivate(page_a) // doesn't increase page count !\n unlock_page(page_a)\n put_page(page_a) // refcnt = 2\n\t\t\t\t[...]\n\n PB(cpu 0)\nfilemap_read\n filemap_get_pages\n add_to_page_cache_lru\n lru_cache_add\n __pagevec_lru_add // traverse all pages in cpu 0's pagevec\n\t __pagevec_lru_add_fn\n\t SetPageLRU(page_a)\n\t\t\t\tisolate_migratepages\n isolate_migratepages_block\n\t\t\t\t get_page_unless_zero(page_a)\n\t\t\t\t // refcnt = 3\n list_add(page_a, from_list)\n\t\t\t\tmigrate_pages(from_list)\n\t\t\t\t __unmap_and_move\n\t\t\t\t move_to_new_page\n\t\t\t\t ubifs_migrate_page(page_a)\n\t\t\t\t migrate_page_move_mapping\n\t\t\t\t\t expected_page_refs get 3\n (migration[1] + mapping[1] + private[1])\n\t release_pages\n\t put_page_testzero(page_a) // refcnt = 3\n page_ref_freeze // refcnt = 0\n\t page_ref_dec_and_test(0 - 1 = -1)\n page_ref_unfreeze\n VM_BUG_ON_PAGE(-1 != 0, page)\n\nUBIFS doesn't increase the page refcount after setting private flag, which\nleads to page migration task believes the page is not used by any other\nprocesses, so the page is migrated. This causes concurrent accessing on\npage refcount between put_page() called by other process(eg. read process\ncalls lru_cache_add) and page_ref_unfreeze() called by mi\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f08610c-4ca1-4d83-a6f6-c9db02fad340.json b/objects/vulnerability/vulnerability--2f08610c-4ca1-4d83-a6f6-c9db02fad340.json new file mode 100644 index 00000000000..ca4c74d8cc7 --- /dev/null +++ b/objects/vulnerability/vulnerability--2f08610c-4ca1-4d83-a6f6-c9db02fad340.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae614ab5-258f-4751-a8d7-8d6467b63020", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f08610c-4ca1-4d83-a6f6-c9db02fad340", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.473807Z", + "modified": "2025-02-27T00:38:15.473807Z", + "name": "CVE-2022-49443", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlist: fix a data-race around ep->rdllist\n\nep_poll() first calls ep_events_available() with no lock held and checks\nif ep->rdllist is empty by list_empty_careful(), which reads\nrdllist->prev. Thus all accesses to it need some protection to avoid\nstore/load-tearing.\n\nNote INIT_LIST_HEAD_RCU() already has the annotation for both prev\nand next.\n\nCommit bf3b9f6372c4 (\"epoll: Add busy poll support to epoll with socket\nfds.\") added the first lockless ep_events_available(), and commit\nc5a282e9635e (\"fs/epoll: reduce the scope of wq lock in epoll_wait()\")\nmade some ep_events_available() calls lockless and added single call under\na lock, finally commit e59d3c64cba6 (\"epoll: eliminate unnecessary lock\nfor zero timeout\") made the last ep_events_available() lockless.\n\nBUG: KCSAN: data-race in do_epoll_wait / do_epoll_wait\n\nwrite to 0xffff88810480c7d8 of 8 bytes by task 1802 on cpu 0:\n INIT_LIST_HEAD include/linux/list.h:38 [inline]\n list_splice_init include/linux/list.h:492 [inline]\n ep_start_scan fs/eventpoll.c:622 [inline]\n ep_send_events fs/eventpoll.c:1656 [inline]\n ep_poll fs/eventpoll.c:1806 [inline]\n do_epoll_wait+0x4eb/0xf40 fs/eventpoll.c:2234\n do_epoll_pwait fs/eventpoll.c:2268 [inline]\n __do_sys_epoll_pwait fs/eventpoll.c:2281 [inline]\n __se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275\n __x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nread to 0xffff88810480c7d8 of 8 bytes by task 1799 on cpu 1:\n list_empty_careful include/linux/list.h:329 [inline]\n ep_events_available fs/eventpoll.c:381 [inline]\n ep_poll fs/eventpoll.c:1797 [inline]\n do_epoll_wait+0x279/0xf40 fs/eventpoll.c:2234\n do_epoll_pwait fs/eventpoll.c:2268 [inline]\n __do_sys_epoll_pwait fs/eventpoll.c:2281 [inline]\n __se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275\n __x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nvalue changed: 0xffff88810480c7d0 -> 0xffff888103c15098\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 1799 Comm: syz-fuzzer Tainted: G W 5.17.0-rc7-syzkaller-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49443" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f5284b1-5ed2-4ae7-bd72-3cdf2bce5d67.json b/objects/vulnerability/vulnerability--2f5284b1-5ed2-4ae7-bd72-3cdf2bce5d67.json new file mode 100644 index 00000000000..934566fdd51 --- /dev/null +++ b/objects/vulnerability/vulnerability--2f5284b1-5ed2-4ae7-bd72-3cdf2bce5d67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22aa76c7-9150-4427-8b43-366169c8d22e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f5284b1-5ed2-4ae7-bd72-3cdf2bce5d67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.652132Z", + "modified": "2025-02-27T00:38:15.652132Z", + "name": "CVE-2022-49084", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nqede: confirm skb is allocated before using\n\nqede_build_skb() assumes build_skb() always works and goes straight\nto skb_reserve(). However, build_skb() can fail under memory pressure.\nThis results in a kernel panic because the skb to reserve is NULL.\n\nAdd a check in case build_skb() failed to allocate and return NULL.\n\nThe NULL return is handled correctly in callers to qede_build_skb().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49084" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2fa89ba3-c258-4cc2-b87a-68c4d27cec03.json b/objects/vulnerability/vulnerability--2fa89ba3-c258-4cc2-b87a-68c4d27cec03.json new file mode 100644 index 00000000000..282786399ed --- /dev/null +++ b/objects/vulnerability/vulnerability--2fa89ba3-c258-4cc2-b87a-68c4d27cec03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6551b50b-81ca-4985-9754-824fe4cfc992", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2fa89ba3-c258-4cc2-b87a-68c4d27cec03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.654044Z", + "modified": "2025-02-27T00:38:15.654044Z", + "name": "CVE-2022-49625", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix kernel panic when creating VF\n\nWhen creating VFs a kernel panic can happen when calling to\nefx_ef10_try_update_nic_stats_vf.\n\nWhen releasing a DMA coherent buffer, sometimes, I don't know in what\nspecific circumstances, it has to unmap memory with vunmap. It is\ndisallowed to do that in IRQ context or with BH disabled. Otherwise, we\nhit this line in vunmap, causing the crash:\n BUG_ON(in_interrupt());\n\nThis patch reenables BH to release the buffer.\n\nLog messages when the bug is hit:\n kernel BUG at mm/vmalloc.c:2727!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G I --------- --- 5.14.0-119.el9.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020\n RIP: 0010:vunmap+0x2e/0x30\n ...skip...\n Call Trace:\n __iommu_dma_free+0x96/0x100\n efx_nic_free_buffer+0x2b/0x40 [sfc]\n efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc]\n efx_ef10_update_stats_vf+0x18/0x40 [sfc]\n efx_start_all+0x15e/0x1d0 [sfc]\n efx_net_open+0x5a/0xe0 [sfc]\n __dev_open+0xe7/0x1a0\n __dev_change_flags+0x1d7/0x240\n dev_change_flags+0x21/0x60\n ...skip...", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49625" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ff6dc28-9bea-4e8e-b240-61868fce930c.json b/objects/vulnerability/vulnerability--2ff6dc28-9bea-4e8e-b240-61868fce930c.json new file mode 100644 index 00000000000..7140b5bde69 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ff6dc28-9bea-4e8e-b240-61868fce930c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5af8f688-398d-409c-82be-67d5413df219", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ff6dc28-9bea-4e8e-b240-61868fce930c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.630469Z", + "modified": "2025-02-27T00:38:15.630469Z", + "name": "CVE-2022-49295", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: call genl_unregister_family() first in nbd_cleanup()\n\nOtherwise there may be race between module removal and the handling of\nnetlink command, which can lead to the oops as shown below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000098\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:down_write+0x1a/0x50\n Call Trace:\n start_creating+0x89/0x130\n debugfs_create_dir+0x1b/0x130\n nbd_start_device+0x13d/0x390 [nbd]\n nbd_genl_connect+0x42f/0x748 [nbd]\n genl_family_rcv_msg_doit.isra.0+0xec/0x150\n genl_rcv_msg+0xe5/0x1e0\n netlink_rcv_skb+0x55/0x100\n genl_rcv+0x29/0x40\n netlink_unicast+0x1a8/0x250\n netlink_sendmsg+0x21b/0x430\n ____sys_sendmsg+0x2a4/0x2d0\n ___sys_sendmsg+0x81/0xc0\n __sys_sendmsg+0x62/0xb0\n __x64_sys_sendmsg+0x1f/0x30\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n Modules linked in: nbd(E-)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49295" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--301f6eb8-78f7-4e5e-a3fa-155da1f2bef4.json b/objects/vulnerability/vulnerability--301f6eb8-78f7-4e5e-a3fa-155da1f2bef4.json new file mode 100644 index 00000000000..bd3f0db6dc8 --- /dev/null +++ b/objects/vulnerability/vulnerability--301f6eb8-78f7-4e5e-a3fa-155da1f2bef4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a6b84d6-044a-42b4-8f6f-a3efdc73e672", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--301f6eb8-78f7-4e5e-a3fa-155da1f2bef4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.517411Z", + "modified": "2025-02-27T00:38:15.517411Z", + "name": "CVE-2022-49477", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: samsung: Fix refcount leak in aries_audio_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nIf extcon_find_edev_by_node() fails, it doesn't call of_node_put()\nCalling of_node_put() after extcon_find_edev_by_node() to fix this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--308ad372-8958-4d22-a0f8-e60085be0b43.json b/objects/vulnerability/vulnerability--308ad372-8958-4d22-a0f8-e60085be0b43.json new file mode 100644 index 00000000000..59a13afe82c --- /dev/null +++ b/objects/vulnerability/vulnerability--308ad372-8958-4d22-a0f8-e60085be0b43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db81b9b3-f84a-4852-8424-4982e4b3c0e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--308ad372-8958-4d22-a0f8-e60085be0b43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.766104Z", + "modified": "2025-02-27T00:38:15.766104Z", + "name": "CVE-2022-49226", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: asix: add proper error handling of usb read errors\n\nSyzbot once again hit uninit value in asix driver. The problem still the\nsame -- asix_read_cmd() reads less bytes, than was requested by caller.\n\nSince all read requests are performed via asix_read_cmd() let's catch\nusb related error there and add __must_check notation to be sure all\ncallers actually check return value.\n\nSo, this patch adds sanity check inside asix_read_cmd(), that simply\nchecks if bytes read are not less, than was requested and adds missing\nerror handling of asix_read_cmd() all across the driver code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30bb043e-9056-47a5-9c6a-7e4a44829ec7.json b/objects/vulnerability/vulnerability--30bb043e-9056-47a5-9c6a-7e4a44829ec7.json new file mode 100644 index 00000000000..402806cd6d5 --- /dev/null +++ b/objects/vulnerability/vulnerability--30bb043e-9056-47a5-9c6a-7e4a44829ec7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4c336b6-37b2-4a01-8e0d-84fcce21d783", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30bb043e-9056-47a5-9c6a-7e4a44829ec7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.175546Z", + "modified": "2025-02-27T00:38:03.175546Z", + "name": "CVE-2024-12434", + "description": "The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12434" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31235391-34ad-41e6-a41c-8bad3b2170e3.json b/objects/vulnerability/vulnerability--31235391-34ad-41e6-a41c-8bad3b2170e3.json new file mode 100644 index 00000000000..3b3f0a3b01b --- /dev/null +++ b/objects/vulnerability/vulnerability--31235391-34ad-41e6-a41c-8bad3b2170e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a12221c1-b078-4ace-b56f-fee915182cf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31235391-34ad-41e6-a41c-8bad3b2170e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.203586Z", + "modified": "2025-02-27T00:38:11.203586Z", + "name": "CVE-2021-47654", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsamples/landlock: Fix path_list memory leak\n\nClang static analysis reports this error\n\nsandboxer.c:134:8: warning: Potential leak of memory\n pointed to by 'path_list'\n ret = 0;\n ^\npath_list is allocated in parse_path() but never freed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--312ab412-dd38-460f-abdf-bb6b9e37a4a3.json b/objects/vulnerability/vulnerability--312ab412-dd38-460f-abdf-bb6b9e37a4a3.json new file mode 100644 index 00000000000..e78cfc5a835 --- /dev/null +++ b/objects/vulnerability/vulnerability--312ab412-dd38-460f-abdf-bb6b9e37a4a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16495a49-38d1-4b15-908f-998855390209", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--312ab412-dd38-460f-abdf-bb6b9e37a4a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.375823Z", + "modified": "2025-02-27T00:38:15.375823Z", + "name": "CVE-2022-49308", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nextcon: Modify extcon device to be created after driver data is set\n\nCurrently, someone can invoke the sysfs such as state_show()\nintermittently before dev_set_drvdata() is done.\nAnd it can be a cause of kernel Oops because of edev is Null at that time.\nSo modified the driver registration to after setting drviver data.\n\n- Oops's backtrace.\n\nBacktrace:\n[] (state_show) from [] (dev_attr_show)\n[] (dev_attr_show) from [] (sysfs_kf_seq_show)\n[] (sysfs_kf_seq_show) from [] (kernfs_seq_show)\n[] (kernfs_seq_show) from [] (seq_read)\n[] (seq_read) from [] (kernfs_fop_read)\n[] (kernfs_fop_read) from [] (__vfs_read)\n[] (__vfs_read) from [] (vfs_read)\n[] (vfs_read) from [] (ksys_read)\n[] (ksys_read) from [] (sys_read)\n[] (sys_read) from [] (__sys_trace_return)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49308" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--316349c4-d94a-4ed4-9ef2-16fa02fa0e91.json b/objects/vulnerability/vulnerability--316349c4-d94a-4ed4-9ef2-16fa02fa0e91.json new file mode 100644 index 00000000000..b0125d18714 --- /dev/null +++ b/objects/vulnerability/vulnerability--316349c4-d94a-4ed4-9ef2-16fa02fa0e91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4fcd0e4-cf3c-4228-a4b1-294cd40180cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--316349c4-d94a-4ed4-9ef2-16fa02fa0e91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.732316Z", + "modified": "2025-02-27T00:38:07.732316Z", + "name": "CVE-2025-25792", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--324dccd3-a931-42fb-8a93-1b9220e047d4.json b/objects/vulnerability/vulnerability--324dccd3-a931-42fb-8a93-1b9220e047d4.json new file mode 100644 index 00000000000..0f0b9f7eb40 --- /dev/null +++ b/objects/vulnerability/vulnerability--324dccd3-a931-42fb-8a93-1b9220e047d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c4a2dd9-b21e-4980-a8f2-193ed0186d09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--324dccd3-a931-42fb-8a93-1b9220e047d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.760217Z", + "modified": "2025-02-27T00:38:15.760217Z", + "name": "CVE-2022-49235", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k_htc: fix uninit value bugs\n\nSyzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing\nfield initialization.\n\nIn htc_connect_service() svc_meta_len and pad are not initialized. Based\non code it looks like in current skb there is no service data, so simply\ninitialize svc_meta_len to 0.\n\nhtc_issue_send() does not initialize htc_frame_hdr::control array. Based\non firmware code, it will initialize it by itself, so simply zero whole\narray to make KMSAN happy\n\nFail logs:\n\nBUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]\n hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479\n htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]\n htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275\n...\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258\n...\n\nBytes 4-7 of 18 are uninitialized\nMemory access of size 18 starts at ffff888027377e00\n\nBUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]\n hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479\n htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]\n htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275\n...\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258\n...\n\nBytes 16-17 of 18 are uninitialized\nMemory access of size 18 starts at ffff888027377e00", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--324f9ee7-7123-4bdd-916c-8f3ca4982c75.json b/objects/vulnerability/vulnerability--324f9ee7-7123-4bdd-916c-8f3ca4982c75.json new file mode 100644 index 00000000000..c9d1bbb0560 --- /dev/null +++ b/objects/vulnerability/vulnerability--324f9ee7-7123-4bdd-916c-8f3ca4982c75.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ddff964-17e4-4be5-a987-53964837d092", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--324f9ee7-7123-4bdd-916c-8f3ca4982c75", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.65116Z", + "modified": "2025-02-27T00:38:15.65116Z", + "name": "CVE-2022-49245", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rockchip: Fix PM usage reference of rockchip_i2s_tdm_resume\n\npm_runtime_get_sync will increment pm usage counter\neven it failed. Forgetting to putting operation will\nresult in reference leak here. We fix it by replacing\nit with pm_runtime_resume_and_get to keep usage counter\nbalanced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49245" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32930a34-862d-41f2-86e6-491ce98f8949.json b/objects/vulnerability/vulnerability--32930a34-862d-41f2-86e6-491ce98f8949.json new file mode 100644 index 00000000000..e87a19a6ac4 --- /dev/null +++ b/objects/vulnerability/vulnerability--32930a34-862d-41f2-86e6-491ce98f8949.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f93b9e39-396f-4afe-ba28-58ccb95b4c24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32930a34-862d-41f2-86e6-491ce98f8949", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.407506Z", + "modified": "2025-02-27T00:38:15.407506Z", + "name": "CVE-2022-49434", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()\n\nThe sysfs sriov_numvfs_store() path acquires the device lock before the\nconfig space access lock:\n\n sriov_numvfs_store\n device_lock # A (1) acquire device lock\n sriov_configure\n vfio_pci_sriov_configure # (for example)\n vfio_pci_core_sriov_configure\n pci_disable_sriov\n sriov_disable\n pci_cfg_access_lock\n pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0\n\nPreviously, pci_dev_lock() acquired the config space access lock before the\ndevice lock:\n\n pci_dev_lock\n pci_cfg_access_lock\n dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1\n device_lock # A (3) wait for device lock\n\nAny path that uses pci_dev_lock(), e.g., pci_reset_function(), may\ndeadlock with sriov_numvfs_store() if the operations occur in the sequence\n(1) (2) (3) (4).\n\nAvoid the deadlock by reversing the order in pci_dev_lock() so it acquires\nthe device lock before the config space access lock, the same as the\nsriov_numvfs_store() path.\n\n[bhelgaas: combined and adapted commit log from Jay Zhou's independent\nsubsequent posting:\nhttps://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49434" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32e178cc-862b-4bc2-ae48-bcfd8e27d423.json b/objects/vulnerability/vulnerability--32e178cc-862b-4bc2-ae48-bcfd8e27d423.json new file mode 100644 index 00000000000..8a1ea020fde --- /dev/null +++ b/objects/vulnerability/vulnerability--32e178cc-862b-4bc2-ae48-bcfd8e27d423.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62baac4d-3316-47ff-b7ca-738cc6c9e25a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32e178cc-862b-4bc2-ae48-bcfd8e27d423", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.540259Z", + "modified": "2025-02-27T00:38:15.540259Z", + "name": "CVE-2022-49487", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()\n\nIt will cause null-ptr-deref when using 'res', if platform_get_resource()\nreturns NULL, so move using 'res' after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32f70bc7-cfd7-447a-89a9-e49be12723d9.json b/objects/vulnerability/vulnerability--32f70bc7-cfd7-447a-89a9-e49be12723d9.json new file mode 100644 index 00000000000..33d5ca03ad7 --- /dev/null +++ b/objects/vulnerability/vulnerability--32f70bc7-cfd7-447a-89a9-e49be12723d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f06a818c-d40f-4bd4-a291-d8690a8df5ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32f70bc7-cfd7-447a-89a9-e49be12723d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.412278Z", + "modified": "2025-02-27T00:38:15.412278Z", + "name": "CVE-2022-49460", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: rk3399_dmc: Disable edev on remove()\n\nOtherwise we hit an unablanced enable-count when unbinding the DFI\ndevice:\n\n[ 1279.659119] ------------[ cut here ]------------\n[ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c\n...\n[ 1279.659352] Hardware name: Google Kevin (DT)\n[ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)\n[ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c\n[ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28\n...\n[ 1279.659571] Call trace:\n[ 1279.659582] devfreq_event_remove_edev+0x84/0x8c\n[ 1279.659590] devm_devfreq_event_release+0x1c/0x28\n[ 1279.659602] release_nodes+0x1cc/0x244\n[ 1279.659611] devres_release_all+0x44/0x60\n[ 1279.659621] device_release_driver_internal+0x11c/0x1ac\n[ 1279.659629] device_driver_detach+0x20/0x2c\n[ 1279.659641] unbind_store+0x7c/0xb0\n[ 1279.659650] drv_attr_store+0x2c/0x40\n[ 1279.659663] sysfs_kf_write+0x44/0x58\n[ 1279.659672] kernfs_fop_write_iter+0xf4/0x190\n[ 1279.659684] vfs_write+0x2b0/0x2e4\n[ 1279.659693] ksys_write+0x80/0xec\n[ 1279.659701] __arm64_sys_write+0x24/0x30\n[ 1279.659714] el0_svc_common+0xf0/0x1d8\n[ 1279.659724] do_el0_svc_compat+0x28/0x3c\n[ 1279.659738] el0_svc_compat+0x10/0x1c\n[ 1279.659746] el0_sync_compat_handler+0xa8/0xcc\n[ 1279.659758] el0_sync_compat+0x188/0x1c0\n[ 1279.659768] ---[ end trace cec200e5094155b4 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49460" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--339d978f-edae-4e5b-bb31-b42d4490fa16.json b/objects/vulnerability/vulnerability--339d978f-edae-4e5b-bb31-b42d4490fa16.json new file mode 100644 index 00000000000..1436a65207f --- /dev/null +++ b/objects/vulnerability/vulnerability--339d978f-edae-4e5b-bb31-b42d4490fa16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54208283-f7be-4966-b43f-5bae633bf84b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--339d978f-edae-4e5b-bb31-b42d4490fa16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.505903Z", + "modified": "2025-02-27T00:38:15.505903Z", + "name": "CVE-2022-49501", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Run unregister_netdev() before unbind() again\n\nCommit 2c9d6c2b871d (\"usbnet: run unbind() before unregister_netdev()\")\nsought to fix a use-after-free on disconnect of USB Ethernet adapters.\n\nIt turns out that a different fix is necessary to address the issue:\nhttps://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/\n\nSo the commit was not necessary.\n\nThe commit made binding and unbinding of USB Ethernet asymmetrical:\nBefore, usbnet_probe() first invoked the ->bind() callback and then\nregister_netdev(). usbnet_disconnect() mirrored that by first invoking\nunregister_netdev() and then ->unbind().\n\nSince the commit, the order in usbnet_disconnect() is reversed and no\nlonger mirrors usbnet_probe().\n\nOne consequence is that a PHY disconnected (and stopped) in ->unbind()\nis afterwards stopped once more by unregister_netdev() as it closes the\nnetdev before unregistering. That necessitates a contortion in ->stop()\nbecause the PHY may only be stopped if it hasn't already been\ndisconnected.\n\nReverting the commit allows making the call to phy_stop() unconditional\nin ->stop().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49501" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33b8c3b4-d555-4886-8f1f-7202df90973d.json b/objects/vulnerability/vulnerability--33b8c3b4-d555-4886-8f1f-7202df90973d.json new file mode 100644 index 00000000000..b319410c5a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--33b8c3b4-d555-4886-8f1f-7202df90973d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a854dceb-aca3-4431-a929-5f16f6ba58f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33b8c3b4-d555-4886-8f1f-7202df90973d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.432279Z", + "modified": "2025-02-27T00:38:07.432279Z", + "name": "CVE-2025-22869", + "description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22869" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33fa9c88-aa4e-427e-8dd9-15b07e6c7438.json b/objects/vulnerability/vulnerability--33fa9c88-aa4e-427e-8dd9-15b07e6c7438.json new file mode 100644 index 00000000000..663b1d0d650 --- /dev/null +++ b/objects/vulnerability/vulnerability--33fa9c88-aa4e-427e-8dd9-15b07e6c7438.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--173bc1a4-ba99-4c6f-ad93-5b2b26a948d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33fa9c88-aa4e-427e-8dd9-15b07e6c7438", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.521511Z", + "modified": "2025-02-27T00:38:07.521511Z", + "name": "CVE-2025-0731", + "description": "An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0731" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3463d6fa-2478-4964-acfa-b0392ad68b6d.json b/objects/vulnerability/vulnerability--3463d6fa-2478-4964-acfa-b0392ad68b6d.json new file mode 100644 index 00000000000..be705dd739f --- /dev/null +++ b/objects/vulnerability/vulnerability--3463d6fa-2478-4964-acfa-b0392ad68b6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9306788-6311-484e-92eb-eb5152974ac5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3463d6fa-2478-4964-acfa-b0392ad68b6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.316435Z", + "modified": "2025-02-27T00:38:15.316435Z", + "name": "CVE-2022-49627", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix potential memory leak in ima_init_crypto()\n\nOn failure to allocate the SHA1 tfm, IMA fails to initialize and exits\nwithout freeing the ima_algo_array. Add the missing kfree() for\nima_algo_array to avoid the potential memory leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49627" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--354f8fe9-2cca-4873-960f-536fd5e34c3c.json b/objects/vulnerability/vulnerability--354f8fe9-2cca-4873-960f-536fd5e34c3c.json new file mode 100644 index 00000000000..ccdfbb42b82 --- /dev/null +++ b/objects/vulnerability/vulnerability--354f8fe9-2cca-4873-960f-536fd5e34c3c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f1f8bc3-f8cc-4547-9222-c634c5e01993", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--354f8fe9-2cca-4873-960f-536fd5e34c3c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.459513Z", + "modified": "2025-02-27T00:38:15.459513Z", + "name": "CVE-2022-49644", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()\n\nIf drm_connector_init fails, intel_connector_free will be called to take\ncare of proper free. So it is necessary to drop the refcount of port\nbefore intel_connector_free.\n\n(cherry picked from commit cea9ed611e85d36a05db52b6457bf584b7d969e2)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49644" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35a66c65-6688-438d-9bc6-62c89e973fe5.json b/objects/vulnerability/vulnerability--35a66c65-6688-438d-9bc6-62c89e973fe5.json new file mode 100644 index 00000000000..adec1c45a78 --- /dev/null +++ b/objects/vulnerability/vulnerability--35a66c65-6688-438d-9bc6-62c89e973fe5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d1d14ba-4657-4ad2-9044-041cc66460e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35a66c65-6688-438d-9bc6-62c89e973fe5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.552798Z", + "modified": "2025-02-27T00:38:15.552798Z", + "name": "CVE-2022-49520", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall\n\nIf a compat process tries to execute an unknown system call above the\n__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the\noffending process. Information about the error is printed to dmesg in\ncompat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() ->\narm64_show_signal().\n\narm64_show_signal() interprets a non-zero value for\ncurrent->thread.fault_code as an exception syndrome and displays the\nmessage associated with the ESR_ELx.EC field (bits 31:26).\ncurrent->thread.fault_code is set in compat_arm_syscall() ->\narm64_notify_die() with the bad syscall number instead of a valid ESR_ELx\nvalue. This means that the ESR_ELx.EC field has the value that the user set\nfor the syscall number and the kernel can end up printing bogus exception\nmessages*. For example, for the syscall number 0x68000000, which evaluates\nto ESR_ELx.EC value of 0x1A (ESR_ELx_EC_FPAC) the kernel prints this error:\n\n[ 18.349161] syscall[300]: unhandled exception: ERET/ERETAA/ERETAB, ESR 0x68000000, Oops - bad compat syscall(2) in syscall[10000+50000]\n[ 18.350639] CPU: 2 PID: 300 Comm: syscall Not tainted 5.18.0-rc1 #79\n[ 18.351249] Hardware name: Pine64 RockPro64 v2.0 (DT)\n[..]\n\nwhich is misleading, as the bad compat syscall has nothing to do with\npointer authentication.\n\nStop arm64_show_signal() from printing exception syndrome information by\nhaving compat_arm_syscall() set the ESR_ELx value to 0, as it has no\nmeaning for an invalid system call number. The example above now becomes:\n\n[ 19.935275] syscall[301]: unhandled exception: Oops - bad compat syscall(2) in syscall[10000+50000]\n[ 19.936124] CPU: 1 PID: 301 Comm: syscall Not tainted 5.18.0-rc1-00005-g7e08006d4102 #80\n[ 19.936894] Hardware name: Pine64 RockPro64 v2.0 (DT)\n[..]\n\nwhich although shows less information because the syscall number,\nwrongfully advertised as the ESR value, is missing, it is better than\nshowing plainly wrong information. The syscall number can be easily\nobtained with strace.\n\n*A 32-bit value above or equal to 0x8000_0000 is interpreted as a negative\ninteger in compat_arm_syscal() and the condition scno < __ARM_NR_COMPAT_END\nevaluates to true; the syscall will exit to userspace in this case with the\nENOSYS error code instead of arm64_notify_die() being called.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35b1d9a3-76d0-4775-aefe-ee0c224c2c65.json b/objects/vulnerability/vulnerability--35b1d9a3-76d0-4775-aefe-ee0c224c2c65.json new file mode 100644 index 00000000000..fba69e002b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--35b1d9a3-76d0-4775-aefe-ee0c224c2c65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cab284c-d7d4-4ac4-aec6-1b025253ad76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35b1d9a3-76d0-4775-aefe-ee0c224c2c65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.440473Z", + "modified": "2025-02-27T00:38:15.440473Z", + "name": "CVE-2022-49230", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta\n\nFree allocated skb in mt7915_mcu_add_sta routine in case of failures.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49230" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3649acfb-d873-4a0a-96e2-a8e3440c23fc.json b/objects/vulnerability/vulnerability--3649acfb-d873-4a0a-96e2-a8e3440c23fc.json new file mode 100644 index 00000000000..2332881264b --- /dev/null +++ b/objects/vulnerability/vulnerability--3649acfb-d873-4a0a-96e2-a8e3440c23fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79c22e39-8e33-4519-9c7e-70553fb1ffb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3649acfb-d873-4a0a-96e2-a8e3440c23fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.527094Z", + "modified": "2025-02-27T00:38:15.527094Z", + "name": "CVE-2022-49623", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive/spapr: correct bitmap allocation size\n\nkasan detects access beyond the end of the xibm->bitmap allocation:\n\nBUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140\nRead of size 8 at addr c00000001d1d0118 by task swapper/0/1\n\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28\nCall Trace:\n[c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable)\n[c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710\n[c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354\n[c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0\n[c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140\n[c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260\n[c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450\n[c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118\n[c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac\n[c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640\n[c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0\n[c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64\n\nAllocated by task 0:\n kasan_save_stack+0x34/0x70\n __kasan_kmalloc+0xb4/0xf0\n __kmalloc+0x268/0x540\n xive_spapr_init+0x4d0/0x77c\n pseries_init_irq+0x40/0x27c\n init_IRQ+0x44/0x84\n start_kernel+0x2a4/0x538\n start_here_common+0x1c/0x20\n\nThe buggy address belongs to the object at c00000001d1d0118\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n 8-byte region [c00000001d1d0118, c00000001d1d0120)\n\nThe buggy address belongs to the physical page:\npage:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d\nflags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff)\nraw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480\nraw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc\n>c00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc\n\nThis happens because the allocation uses the wrong unit (bits) when it\nshould pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small\nnumbers of bits, the allocated object can be smaller than sizeof(long),\nwhich results in invalid accesses.\n\nUse bitmap_zalloc() to allocate and initialize the irq bitmap, paired with\nbitmap_free() for consistency.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--369e4039-bf7d-461b-b429-8850feebafc0.json b/objects/vulnerability/vulnerability--369e4039-bf7d-461b-b429-8850feebafc0.json new file mode 100644 index 00000000000..a87cd0f31a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--369e4039-bf7d-461b-b429-8850feebafc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa959037-db2a-4490-8333-da22c4647466", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--369e4039-bf7d-461b-b429-8850feebafc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.591623Z", + "modified": "2025-02-27T00:38:15.591623Z", + "name": "CVE-2022-49446", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix firmware activation deadlock scenarios\n\nLockdep reports the following deadlock scenarios for CXL root device\npower-management, device_prepare(), operations, and device_shutdown()\noperations for 'nd_region' devices:\n\n Chain exists of:\n &nvdimm_region_key --> &nvdimm_bus->reconfig_mutex --> system_transition_mutex\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(system_transition_mutex);\n lock(&nvdimm_bus->reconfig_mutex);\n lock(system_transition_mutex);\n lock(&nvdimm_region_key);\n\n Chain exists of:\n &cxl_nvdimm_bridge_key --> acpi_scan_lock --> &cxl_root_key\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(&cxl_root_key);\n lock(acpi_scan_lock);\n lock(&cxl_root_key);\n lock(&cxl_nvdimm_bridge_key);\n\nThese stem from holding nvdimm_bus_lock() over hibernate_quiet_exec()\nwhich walks the entire system device topology taking device_lock() along\nthe way. The nvdimm_bus_lock() is protecting against unregistration,\nmultiple simultaneous ops callers, and preventing activate_show() from\nracing activate_store(). For the first 2, the lock is redundant.\nUnregistration already flushes all ops users, and sysfs already prevents\nmultiple threads to be active in an ops handler at the same time. For\nthe last userspace should already be waiting for its last\nactivate_store() to complete, and does not need activate_show() to flush\nthe write side, so this lock usage can be deleted in these attributes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49446" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3710b642-1434-41b9-abd6-95e4ab5876f1.json b/objects/vulnerability/vulnerability--3710b642-1434-41b9-abd6-95e4ab5876f1.json new file mode 100644 index 00000000000..05bb46548f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--3710b642-1434-41b9-abd6-95e4ab5876f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--feba7b50-bab4-494d-a14c-7b23cb70ee85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3710b642-1434-41b9-abd6-95e4ab5876f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.353113Z", + "modified": "2025-02-27T00:38:15.353113Z", + "name": "CVE-2022-49267", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: use sysfs_emit() instead of sprintf()\n\nsprintf() (still used in the MMC core for the sysfs output) is vulnerable\nto the buffer overflow. Use the new-fangled sysfs_emit() instead.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49267" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--374ad3b5-0801-4b05-b4ae-9820314f538e.json b/objects/vulnerability/vulnerability--374ad3b5-0801-4b05-b4ae-9820314f538e.json new file mode 100644 index 00000000000..bab81f43297 --- /dev/null +++ b/objects/vulnerability/vulnerability--374ad3b5-0801-4b05-b4ae-9820314f538e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--259c4974-4228-4977-8846-fee879eff356", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--374ad3b5-0801-4b05-b4ae-9820314f538e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.671745Z", + "modified": "2025-02-27T00:38:07.671745Z", + "name": "CVE-2025-1726", + "description": "There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some internal database identifiers, the impact to the confidentiality vector is \"LOW' because any sensitive data returned in a response is encrypted. There is no evidence of impact to the integrity or availability vectors. This issue is addressed in ArcGIS Monitor 2024.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1726" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37612e93-6cec-4d37-ac2f-8cbca21a9bf5.json b/objects/vulnerability/vulnerability--37612e93-6cec-4d37-ac2f-8cbca21a9bf5.json new file mode 100644 index 00000000000..0cecf9665b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--37612e93-6cec-4d37-ac2f-8cbca21a9bf5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ac6ea7e-756d-4a2c-830e-582c8cd22b7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37612e93-6cec-4d37-ac2f-8cbca21a9bf5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.265676Z", + "modified": "2025-02-27T00:38:15.265676Z", + "name": "CVE-2022-49610", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Prevent RSB underflow before vmenter\n\nOn VMX, there are some balanced returns between the time the guest's\nSPEC_CTRL value is written, and the vmenter.\n\nBalanced returns (matched by a preceding call) are usually ok, but it's\nat least theoretically possible an NMI with a deep call stack could\nempty the RSB before one of the returns.\n\nFor maximum paranoia, don't allow *any* returns (balanced or otherwise)\nbetween the SPEC_CTRL write and the vmenter.\n\n [ bp: Fix 32-bit build. ]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--384121a0-b3b8-4328-86d7-778005aee254.json b/objects/vulnerability/vulnerability--384121a0-b3b8-4328-86d7-778005aee254.json new file mode 100644 index 00000000000..498be3f998f --- /dev/null +++ b/objects/vulnerability/vulnerability--384121a0-b3b8-4328-86d7-778005aee254.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30a8c713-5439-4673-b5e6-552bdb1eb193", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--384121a0-b3b8-4328-86d7-778005aee254", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.234856Z", + "modified": "2025-02-27T00:38:11.234856Z", + "name": "CVE-2021-47659", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/plane: Move range check for format_count earlier\n\nWhile the check for format_count > 64 in __drm_universal_plane_init()\nshouldn't be hit (it's a WARN_ON), in its current position it will then\nleak the plane->format_types array and fail to call\ndrm_mode_object_unregister() leaking the modeset identifier. Move it to\nthe start of the function to avoid allocating those resources in the\nfirst place.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47659" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3864b916-11fd-4f07-a334-afc37b91dff4.json b/objects/vulnerability/vulnerability--3864b916-11fd-4f07-a334-afc37b91dff4.json new file mode 100644 index 00000000000..1839e719185 --- /dev/null +++ b/objects/vulnerability/vulnerability--3864b916-11fd-4f07-a334-afc37b91dff4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35bb08da-ceab-408e-b409-2df7a986e256", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3864b916-11fd-4f07-a334-afc37b91dff4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.222171Z", + "modified": "2025-02-27T00:38:11.222171Z", + "name": "CVE-2021-47644", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging: media: zoran: move videodev alloc\n\nMove some code out of zr36057_init() and create new functions for handling\nzr->video_dev. This permit to ease code reading and fix a zr->video_dev\nmemory leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47644" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--393b3453-cf70-42f4-b250-5cb45737c49e.json b/objects/vulnerability/vulnerability--393b3453-cf70-42f4-b250-5cb45737c49e.json new file mode 100644 index 00000000000..1852afd08e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--393b3453-cf70-42f4-b250-5cb45737c49e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a03cec0-e66f-4eb6-bef4-55cb9c3786dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--393b3453-cf70-42f4-b250-5cb45737c49e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.81379Z", + "modified": "2025-02-27T00:38:15.81379Z", + "name": "CVE-2022-25773", + "description": "This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n * Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-25773" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39608caf-e5c4-4fcd-a49b-6eb0b7113c85.json b/objects/vulnerability/vulnerability--39608caf-e5c4-4fcd-a49b-6eb0b7113c85.json new file mode 100644 index 00000000000..b1f18d6680d --- /dev/null +++ b/objects/vulnerability/vulnerability--39608caf-e5c4-4fcd-a49b-6eb0b7113c85.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1abc94af-bfff-46b9-90a2-31f274066169", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39608caf-e5c4-4fcd-a49b-6eb0b7113c85", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.327006Z", + "modified": "2025-02-27T00:38:15.327006Z", + "name": "CVE-2022-49294", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check if modulo is 0 before dividing.\n\n[How & Why]\nIf a value of 0 is read, then this will cause a divide-by-0 panic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39cd613b-b7e8-4759-aab2-fd3e2a078580.json b/objects/vulnerability/vulnerability--39cd613b-b7e8-4759-aab2-fd3e2a078580.json new file mode 100644 index 00000000000..8de90ca5653 --- /dev/null +++ b/objects/vulnerability/vulnerability--39cd613b-b7e8-4759-aab2-fd3e2a078580.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f92c02e4-4c18-4bd4-8f1b-06b129f6a36c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39cd613b-b7e8-4759-aab2-fd3e2a078580", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.436841Z", + "modified": "2025-02-27T00:38:15.436841Z", + "name": "CVE-2022-49680", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: exynos: Fix refcount leak in exynos_map_pmu\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() checks null pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49680" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a0fd9ed-414c-4c12-8d0e-7e274949cae3.json b/objects/vulnerability/vulnerability--3a0fd9ed-414c-4c12-8d0e-7e274949cae3.json new file mode 100644 index 00000000000..a9813609a40 --- /dev/null +++ b/objects/vulnerability/vulnerability--3a0fd9ed-414c-4c12-8d0e-7e274949cae3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b011737c-a07d-4f6d-a172-4e1306ecac8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a0fd9ed-414c-4c12-8d0e-7e274949cae3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.663638Z", + "modified": "2025-02-27T00:38:15.663638Z", + "name": "CVE-2022-49300", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between nbd_alloc_config() and module removal\n\nWhen nbd module is being removing, nbd_alloc_config() may be\ncalled concurrently by nbd_genl_connect(), although try_module_get()\nwill return false, but nbd_alloc_config() doesn't handle it.\n\nThe race may lead to the leak of nbd_config and its related\nresources (e.g, recv_workq) and oops in nbd_read_stat() due\nto the unload of nbd module as shown below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n Oops: 0000 [#1] SMP PTI\n CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: knbd16-recv recv_work [nbd]\n RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]\n Call Trace:\n recv_work+0x3b/0xb0 [nbd]\n process_one_work+0x1ed/0x390\n worker_thread+0x4a/0x3d0\n kthread+0x12a/0x150\n ret_from_fork+0x22/0x30\n\nFixing it by checking the return value of try_module_get()\nin nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),\nassign nbd->config only when nbd_alloc_config() succeeds to ensure\nthe value of nbd->config is binary (valid or NULL).\n\nAlso adding a debug message to check the reference counter\nof nbd_config during module removal.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a107be0-e0ac-4ea4-81b6-c6128538f36a.json b/objects/vulnerability/vulnerability--3a107be0-e0ac-4ea4-81b6-c6128538f36a.json new file mode 100644 index 00000000000..be46880519b --- /dev/null +++ b/objects/vulnerability/vulnerability--3a107be0-e0ac-4ea4-81b6-c6128538f36a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--054634eb-8ab6-40b0-bcf6-37224356d36f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a107be0-e0ac-4ea4-81b6-c6128538f36a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.549959Z", + "modified": "2025-02-27T00:38:15.549959Z", + "name": "CVE-2022-49393", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl\n\nThis is another instance of incorrect use of list iterator and\nchecking it for NULL.\n\nThe list iterator value 'map' will *always* be set and non-NULL\nby list_for_each_entry(), so it is incorrect to assume that the\niterator value will be NULL if the list is empty (in this case, the\ncheck 'if (!map) {' will always be false and never exit as expected).\n\nTo fix the bug, use a new variable 'iter' as the list iterator,\nwhile use the original variable 'map' as a dedicated pointer to\npoint to the found element.\n\nWithout this patch, Kernel crashes with below trace:\n\nUnable to handle kernel access to user memory outside uaccess routines\n at virtual address 0000ffff7fb03750\n...\nCall trace:\n fastrpc_map_create+0x70/0x290 [fastrpc]\n fastrpc_req_mem_map+0xf0/0x2dc [fastrpc]\n fastrpc_device_ioctl+0x138/0xc60 [fastrpc]\n __arm64_sys_ioctl+0xa8/0xec\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xd4/0xfc\n do_el0_svc+0x28/0x90\n el0_svc+0x3c/0x130\n el0t_64_sync_handler+0xa4/0x130\n el0t_64_sync+0x18c/0x190\nCode: 14000016 f94000a5 eb05029f 54000260 (b94018a6)\n---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49393" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a19d462-3435-4a88-b026-1f1f2870bbfd.json b/objects/vulnerability/vulnerability--3a19d462-3435-4a88-b026-1f1f2870bbfd.json new file mode 100644 index 00000000000..de5d1228aa1 --- /dev/null +++ b/objects/vulnerability/vulnerability--3a19d462-3435-4a88-b026-1f1f2870bbfd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa0ccc31-dfba-48ba-8456-0d9ab5f3aa9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a19d462-3435-4a88-b026-1f1f2870bbfd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.193927Z", + "modified": "2025-02-27T00:38:03.193927Z", + "name": "CVE-2024-12737", + "description": "The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12737" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a600a5f-a8ac-43a4-89d9-1ef04985aae2.json b/objects/vulnerability/vulnerability--3a600a5f-a8ac-43a4-89d9-1ef04985aae2.json new file mode 100644 index 00000000000..52d879391e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3a600a5f-a8ac-43a4-89d9-1ef04985aae2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f44189e-4775-4986-84aa-ec741f0f53e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a600a5f-a8ac-43a4-89d9-1ef04985aae2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.576274Z", + "modified": "2025-02-27T00:38:15.576274Z", + "name": "CVE-2022-49050", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: renesas-rpc-if: fix platform-device leak in error path\n\nMake sure to free the flash platform device in the event that\nregistration fails during probe.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49050" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a6420d7-0a2d-4aee-8ca6-4f3e0bd3c981.json b/objects/vulnerability/vulnerability--3a6420d7-0a2d-4aee-8ca6-4f3e0bd3c981.json new file mode 100644 index 00000000000..6241301027a --- /dev/null +++ b/objects/vulnerability/vulnerability--3a6420d7-0a2d-4aee-8ca6-4f3e0bd3c981.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5dd3f73-11c3-448a-a723-4f7b6cdf3bcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a6420d7-0a2d-4aee-8ca6-4f3e0bd3c981", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.342669Z", + "modified": "2025-02-27T00:38:15.342669Z", + "name": "CVE-2022-49060", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix NULL pointer dereference in smc_pnet_find_ib()\n\ndev_name() was called with dev.parent as argument but without to\nNULL-check it before.\nSolve this by checking the pointer before the call to dev_name().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3acc5994-2c71-48cf-9cfc-4d940ccc965c.json b/objects/vulnerability/vulnerability--3acc5994-2c71-48cf-9cfc-4d940ccc965c.json new file mode 100644 index 00000000000..e7ea69f3470 --- /dev/null +++ b/objects/vulnerability/vulnerability--3acc5994-2c71-48cf-9cfc-4d940ccc965c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93fa6fb5-5f8c-48a0-b9c0-3be3874f5378", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3acc5994-2c71-48cf-9cfc-4d940ccc965c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.525093Z", + "modified": "2025-02-27T00:38:15.525093Z", + "name": "CVE-2022-49074", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Fix GICR_CTLR.RWP polling\n\nIt turns out that our polling of RWP is totally wrong when checking\nfor it in the redistributors, as we test the *distributor* bit index,\nwhereas it is a different bit number in the RDs... Oopsie boo.\n\nThis is embarassing. Not only because it is wrong, but also because\nit took *8 years* to notice the blunder...\n\nJust fix the damn thing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49074" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ade1004-21e7-40ee-8f76-489b67bded74.json b/objects/vulnerability/vulnerability--3ade1004-21e7-40ee-8f76-489b67bded74.json new file mode 100644 index 00000000000..7f05d08c086 --- /dev/null +++ b/objects/vulnerability/vulnerability--3ade1004-21e7-40ee-8f76-489b67bded74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9df3e8f7-7302-488c-a075-c0bca8eaacac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ade1004-21e7-40ee-8f76-489b67bded74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.299126Z", + "modified": "2025-02-27T00:38:15.299126Z", + "name": "CVE-2022-49064", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: unmark inode in use in error path\n\nUnmark inode in use if error encountered. If the in-use flag leakage\noccurs in cachefiles_open_file(), Cachefiles will complain \"Inode\nalready in use\" when later another cookie with the same index key is\nlooked up.\n\nIf the in-use flag leakage occurs in cachefiles_create_tmpfile(), though\nthe \"Inode already in use\" warning won't be triggered, fix the leakage\nanyway.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49064" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ae48e34-53c6-4ffd-90a3-515faddec9e4.json b/objects/vulnerability/vulnerability--3ae48e34-53c6-4ffd-90a3-515faddec9e4.json new file mode 100644 index 00000000000..2ad85a9a65c --- /dev/null +++ b/objects/vulnerability/vulnerability--3ae48e34-53c6-4ffd-90a3-515faddec9e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67a3ebff-7821-4751-a7ae-9314e1e8b07c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ae48e34-53c6-4ffd-90a3-515faddec9e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.419071Z", + "modified": "2025-02-27T00:38:15.419071Z", + "name": "CVE-2022-49447", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: hisi: Add missing of_node_put after of_find_compatible_node\n\nof_find_compatible_node will increment the refcount of the returned\ndevice_node. Calling of_node_put() to avoid the refcount leak", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49447" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b031e2a-e51a-4a03-829b-14d81ae1be67.json b/objects/vulnerability/vulnerability--3b031e2a-e51a-4a03-829b-14d81ae1be67.json new file mode 100644 index 00000000000..738e3459656 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b031e2a-e51a-4a03-829b-14d81ae1be67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c91d30f4-8f44-4adf-9afb-54647b6d6bac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b031e2a-e51a-4a03-829b-14d81ae1be67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.547054Z", + "modified": "2025-02-27T00:38:15.547054Z", + "name": "CVE-2022-49049", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/secretmem: fix panic when growing a memfd_secret\n\nWhen one tries to grow an existing memfd_secret with ftruncate, one gets\na panic [1]. For example, doing the following reliably induces the\npanic:\n\n fd = memfd_secret();\n\n ftruncate(fd, 10);\n ptr = mmap(NULL, 10, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);\n strcpy(ptr, \"123456789\");\n\n munmap(ptr, 10);\n ftruncate(fd, 20);\n\nThe basic reason for this is, when we grow with ftruncate, we call down\ninto simple_setattr, and then truncate_inode_pages_range, and eventually\nwe try to zero part of the memory. The normal truncation code does this\nvia the direct map (i.e., it calls page_address() and hands that to\nmemset()).\n\nFor memfd_secret though, we specifically don't map our pages via the\ndirect map (i.e. we call set_direct_map_invalid_noflush() on every\nfault). So the address returned by page_address() isn't useful, and\nwhen we try to memset() with it we panic.\n\nThis patch avoids the panic by implementing a custom setattr for\nmemfd_secret, which detects resizes specifically (setting the size for\nthe first time works just fine, since there are no existing pages to try\nto zero), and rejects them with EINVAL.\n\nOne could argue growing should be supported, but I think that will\nrequire a significantly more lengthy change. So, I propose a minimal\nfix for the benefit of stable kernels, and then perhaps to extend\nmemfd_secret to support growing in a separate patch.\n\n[1]:\n\n BUG: unable to handle page fault for address: ffffa0a889277028\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD afa01067 P4D afa01067 PUD 83f909067 PMD 83f8bf067 PTE 800ffffef6d88060\n Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n CPU: 0 PID: 281 Comm: repro Not tainted 5.17.0-dbg-DEV #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:memset_erms+0x9/0x10\n Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01\n RSP: 0018:ffffb932c09afbf0 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffda63c4249dc0 RCX: 0000000000000fd8\n RDX: 0000000000000fd8 RSI: 0000000000000000 RDI: ffffa0a889277028\n RBP: ffffb932c09afc00 R08: 0000000000001000 R09: ffffa0a889277028\n R10: 0000000000020023 R11: 0000000000000000 R12: ffffda63c4249dc0\n R13: ffffa0a890d70d98 R14: 0000000000000028 R15: 0000000000000fd8\n FS: 00007f7294899580(0000) GS:ffffa0af9bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffa0a889277028 CR3: 0000000107ef6006 CR4: 0000000000370ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? zero_user_segments+0x82/0x190\n truncate_inode_partial_folio+0xd4/0x2a0\n truncate_inode_pages_range+0x380/0x830\n truncate_setsize+0x63/0x80\n simple_setattr+0x37/0x60\n notify_change+0x3d8/0x4d0\n do_sys_ftruncate+0x162/0x1d0\n __x64_sys_ftruncate+0x1c/0x20\n do_syscall_64+0x44/0xa0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n Modules linked in: xhci_pci xhci_hcd virtio_net net_failover failover virtio_blk virtio_balloon uhci_hcd ohci_pci ohci_hcd evdev ehci_pci ehci_hcd 9pnet_virtio 9p netfs 9pnet\n CR2: ffffa0a889277028\n\n[lkp@intel.com: secretmem_iops can be static]\n Signed-off-by: kernel test robot \n[axelrasmussen@google.com: return EINVAL]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49049" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b77d249-3c3c-4f24-a625-4066a0ebe4fa.json b/objects/vulnerability/vulnerability--3b77d249-3c3c-4f24-a625-4066a0ebe4fa.json new file mode 100644 index 00000000000..d0f4007ff13 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b77d249-3c3c-4f24-a625-4066a0ebe4fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79e1d20e-87b3-4583-87f6-dde5886b5b33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b77d249-3c3c-4f24-a625-4066a0ebe4fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.684961Z", + "modified": "2025-02-27T00:38:15.684961Z", + "name": "CVE-2022-49554", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nzsmalloc: fix races between asynchronous zspage free and page migration\n\nThe asynchronous zspage free worker tries to lock a zspage's entire page\nlist without defending against page migration. Since pages which haven't\nyet been locked can concurrently migrate off the zspage page list while\nlock_zspage() churns away, lock_zspage() can suffer from a few different\nlethal races.\n\nIt can lock a page which no longer belongs to the zspage and unsafely\ndereference page_private(), it can unsafely dereference a torn pointer to\nthe next page (since there's a data race), and it can observe a spurious\nNULL pointer to the next page and thus not lock all of the zspage's pages\n(since a single page migration will reconstruct the entire page list, and\ncreate_page_chain() unconditionally zeroes out each list pointer in the\nprocess).\n\nFix the races by using migrate_read_lock() in lock_zspage() to synchronize\nwith page migration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49554" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b9c47e4-10cb-432e-8f1b-e04eb612d057.json b/objects/vulnerability/vulnerability--3b9c47e4-10cb-432e-8f1b-e04eb612d057.json new file mode 100644 index 00000000000..387f0d8587c --- /dev/null +++ b/objects/vulnerability/vulnerability--3b9c47e4-10cb-432e-8f1b-e04eb612d057.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--facad462-b52f-489b-b628-9ded456b5cf5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b9c47e4-10cb-432e-8f1b-e04eb612d057", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.612364Z", + "modified": "2025-02-27T00:38:15.612364Z", + "name": "CVE-2022-49636", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvlan: fix memory leak in vlan_newlink()\n\nBlamed commit added back a bug I fixed in commit 9bbd917e0bec\n(\"vlan: fix memory leak in vlan_dev_set_egress_priority\")\n\nIf a memory allocation fails in vlan_changelink() after other allocations\nsucceeded, we need to call vlan_dev_free_egress_priority()\nto free all allocated memory because after a failed ->newlink()\nwe do not call any methods like ndo_uninit() or dev->priv_destructor().\n\nIn following example, if the allocation for last element 2000:2001 fails,\nwe need to free eight prior allocations:\n\nip link add link dummy0 dummy0.100 type vlan id 100 \\\n\tegress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001\n\nsyzbot report was:\n\nBUG: memory leak\nunreferenced object 0xffff888117bd1060 (size 32):\ncomm \"syz-executor408\", pid 3759, jiffies 4294956555 (age 34.090s)\nhex dump (first 32 bytes):\n09 00 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[] kmalloc include/linux/slab.h:600 [inline]\n[] vlan_dev_set_egress_priority+0xed/0x170 net/8021q/vlan_dev.c:193\n[] vlan_changelink+0x178/0x1d0 net/8021q/vlan_netlink.c:128\n[] vlan_newlink+0x148/0x260 net/8021q/vlan_netlink.c:185\n[] rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]\n[] __rtnl_newlink+0xa58/0xdc0 net/core/rtnetlink.c:3580\n[] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3593\n[] rtnetlink_rcv_msg+0x21c/0x5c0 net/core/rtnetlink.c:6089\n[] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501\n[] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n[] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345\n[] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921\n[] sock_sendmsg_nosec net/socket.c:714 [inline]\n[] sock_sendmsg+0x56/0x80 net/socket.c:734\n[] ____sys_sendmsg+0x36c/0x390 net/socket.c:2488\n[] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2542\n[] __sys_sendmsg net/socket.c:2571 [inline]\n[] __do_sys_sendmsg net/socket.c:2580 [inline]\n[] __se_sys_sendmsg net/socket.c:2578 [inline]\n[] __x64_sys_sendmsg+0x78/0xf0 net/socket.c:2578\n[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n[] entry_SYSCALL_64_after_hwframe+0x46/0xb0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3bb541ae-b950-41bf-b85f-ebcfab3cbf49.json b/objects/vulnerability/vulnerability--3bb541ae-b950-41bf-b85f-ebcfab3cbf49.json new file mode 100644 index 00000000000..40be3acb3e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3bb541ae-b950-41bf-b85f-ebcfab3cbf49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e07ebe9e-2ca5-4a3a-a646-bc7bb3c68a54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3bb541ae-b950-41bf-b85f-ebcfab3cbf49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.563283Z", + "modified": "2025-02-27T00:38:15.563283Z", + "name": "CVE-2022-49506", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add vblank register/unregister callback functions\n\nWe encountered a kernel panic issue that callback data will be NULL when\nit's using in ovl irq handler. There is a timing issue between\nmtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank().\n\nTo resolve this issue, we use the flow to register/unregister vblank cb:\n- Register callback function and callback data when crtc creates.\n- Unregister callback function and callback data when crtc destroies.\n\nWith this solution, we can assure callback data will not be NULL when\nvblank is disable.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c8ba07b-e5dc-4a71-833f-22a19331422c.json b/objects/vulnerability/vulnerability--3c8ba07b-e5dc-4a71-833f-22a19331422c.json new file mode 100644 index 00000000000..31e6b30b847 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c8ba07b-e5dc-4a71-833f-22a19331422c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2389b6fa-74ed-4317-b5bd-62f30d428eaa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c8ba07b-e5dc-4a71-833f-22a19331422c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.659792Z", + "modified": "2025-02-27T00:38:15.659792Z", + "name": "CVE-2022-49296", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix possible deadlock when holding Fwb to get inline_data\n\n1, mount with wsync.\n2, create a file with O_RDWR, and the request was sent to mds.0:\n\n ceph_atomic_open()-->\n ceph_mdsc_do_request(openc)\n finish_open(file, dentry, ceph_open)-->\n ceph_open()-->\n ceph_init_file()-->\n ceph_init_file_info()-->\n ceph_uninline_data()-->\n {\n ...\n if (inline_version == 1 || /* initial version, no data */\n inline_version == CEPH_INLINE_NONE)\n goto out_unlock;\n ...\n }\n\nThe inline_version will be 1, which is the initial version for the\nnew create file. And here the ci->i_inline_version will keep with 1,\nit's buggy.\n\n3, buffer write to the file immediately:\n\n ceph_write_iter()-->\n ceph_get_caps(file, need=Fw, want=Fb, ...);\n generic_perform_write()-->\n a_ops->write_begin()-->\n ceph_write_begin()-->\n netfs_write_begin()-->\n netfs_begin_read()-->\n netfs_rreq_submit_slice()-->\n netfs_read_from_server()-->\n rreq->netfs_ops->issue_read()-->\n ceph_netfs_issue_read()-->\n {\n ...\n if (ci->i_inline_version != CEPH_INLINE_NONE &&\n ceph_netfs_issue_op_inline(subreq))\n return;\n ...\n }\n ceph_put_cap_refs(ci, Fwb);\n\nThe ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to\nmds.1.\n\n4, then the mds.1 will request the rd lock for CInode::filelock from\nthe auth mds.0, the mds.0 will do the CInode::filelock state transation\nfrom excl --> sync, but it need to revoke the Fxwb caps back from the\nclients.\n\nWhile the kernel client has aleady held the Fwb caps and waiting for\nthe getattr(Fsr).\n\nIt's deadlock!\n\nURL: https://tracker.ceph.com/issues/55377", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49296" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d2d7125-1c30-4ed5-b1c4-5dc8f0ee5aa2.json b/objects/vulnerability/vulnerability--3d2d7125-1c30-4ed5-b1c4-5dc8f0ee5aa2.json new file mode 100644 index 00000000000..1bf21f1282f --- /dev/null +++ b/objects/vulnerability/vulnerability--3d2d7125-1c30-4ed5-b1c4-5dc8f0ee5aa2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68f944c1-bdcc-464f-867c-40328479f256", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d2d7125-1c30-4ed5-b1c4-5dc8f0ee5aa2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.504071Z", + "modified": "2025-02-27T00:38:15.504071Z", + "name": "CVE-2022-49379", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction\n\nMounting NFS rootfs was timing out when deferred_probe_timeout was\nnon-zero [1]. This was because ip_auto_config() initcall times out\nwaiting for the network interfaces to show up when\ndeferred_probe_timeout was non-zero. While ip_auto_config() calls\nwait_for_device_probe() to make sure any currently running deferred\nprobe work or asynchronous probe finishes, that wasn't sufficient to\naccount for devices being deferred until deferred_probe_timeout.\n\nCommit 35a672363ab3 (\"driver core: Ensure wait_for_device_probe() waits\nuntil the deferred_probe_timeout fires\") tried to fix that by making\nsure wait_for_device_probe() waits for deferred_probe_timeout to expire\nbefore returning.\n\nHowever, if wait_for_device_probe() is called from the kernel_init()\ncontext:\n\n- Before deferred_probe_initcall() [2], it causes the boot process to\n hang due to a deadlock.\n\n- After deferred_probe_initcall() [3], it blocks kernel_init() from\n continuing till deferred_probe_timeout expires and beats the point of\n deferred_probe_timeout that's trying to wait for userspace to load\n modules.\n\nNeither of this is good. So revert the changes to\nwait_for_device_probe().\n\n[1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/\n[2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/\n[3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49379" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d8d80aa-0e9c-4afc-8921-8886aa9c04f7.json b/objects/vulnerability/vulnerability--3d8d80aa-0e9c-4afc-8921-8886aa9c04f7.json new file mode 100644 index 00000000000..871535bc9da --- /dev/null +++ b/objects/vulnerability/vulnerability--3d8d80aa-0e9c-4afc-8921-8886aa9c04f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d63d214-9873-4b20-815a-60421ec5d704", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d8d80aa-0e9c-4afc-8921-8886aa9c04f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.722935Z", + "modified": "2025-02-27T00:38:15.722935Z", + "name": "CVE-2022-49309", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()\n\nThere is a deadlock in rtw_surveydone_event_callback(),\nwhich is shown below:\n\n (Thread 1) | (Thread 2)\n | _set_timer()\nrtw_surveydone_event_callback()| mod_timer()\n spin_lock_bh() //(1) | (wait a time)\n ... | rtw_scan_timeout_handler()\n del_timer_sync() | spin_lock_bh() //(2)\n (wait timer to stop) | ...\n\nWe hold pmlmepriv->lock in position (1) of thread 1 and use\ndel_timer_sync() to wait timer to stop, but timer handler\nalso need pmlmepriv->lock in position (2) of thread 2.\nAs a result, rtw_surveydone_event_callback() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_bh(), which could let timer handler to obtain\nthe needed lock. What`s more, we change spin_lock_bh() in\nrtw_scan_timeout_handler() to spin_lock_irq(). Otherwise,\nspin_lock_bh() will also cause deadlock() in timer handler.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49309" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ede9712-c244-4ab9-a80f-33397002f11a.json b/objects/vulnerability/vulnerability--3ede9712-c244-4ab9-a80f-33397002f11a.json new file mode 100644 index 00000000000..3802781a5de --- /dev/null +++ b/objects/vulnerability/vulnerability--3ede9712-c244-4ab9-a80f-33397002f11a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--216cccb3-2dad-4259-b9ba-36a7ef010381", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ede9712-c244-4ab9-a80f-33397002f11a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.562305Z", + "modified": "2025-02-27T00:38:15.562305Z", + "name": "CVE-2022-49310", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: fix a refcount leak in cleanup_dev()\n\nusb_get_dev is called in xillyusb_probe. So it is better to call\nusb_put_dev before xdev is released.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49310" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40caf80b-f73c-442f-bc86-cc73d804fc4d.json b/objects/vulnerability/vulnerability--40caf80b-f73c-442f-bc86-cc73d804fc4d.json new file mode 100644 index 00000000000..dbdef25909c --- /dev/null +++ b/objects/vulnerability/vulnerability--40caf80b-f73c-442f-bc86-cc73d804fc4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93b3e4df-23a0-46dc-bdc1-79bcf4bd2aad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40caf80b-f73c-442f-bc86-cc73d804fc4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.355249Z", + "modified": "2025-02-27T00:38:15.355249Z", + "name": "CVE-2022-49454", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mediatek: Fix refcount leak in mtk_pcie_subsys_powerup()\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49454" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40f7bba6-f309-4b95-a305-2507646604d6.json b/objects/vulnerability/vulnerability--40f7bba6-f309-4b95-a305-2507646604d6.json new file mode 100644 index 00000000000..c309c92601b --- /dev/null +++ b/objects/vulnerability/vulnerability--40f7bba6-f309-4b95-a305-2507646604d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6251646-3cb2-4efa-8d2e-062b9c2a5145", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40f7bba6-f309-4b95-a305-2507646604d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.750899Z", + "modified": "2025-02-27T00:38:15.750899Z", + "name": "CVE-2022-49452", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-eth: retrieve the virtual address before dma_unmap\n\nThe TSO header was DMA unmapped before the virtual address was retrieved\nand then used to free the buffer. This meant that we were actually\nremoving the DMA map and then trying to search for it to help in\nretrieving the virtual address. This lead to a invalid virtual address\nbeing used in the kfree call.\n\nFix this by calling dpaa2_iova_to_virt() prior to the dma_unmap call.\n\n[ 487.231819] Unable to handle kernel paging request at virtual address fffffd9807000008\n\n(...)\n\n[ 487.354061] Hardware name: SolidRun LX2160A Honeycomb (DT)\n[ 487.359535] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 487.366485] pc : kfree+0xac/0x304\n[ 487.369799] lr : kfree+0x204/0x304\n[ 487.373191] sp : ffff80000c4eb120\n[ 487.376493] x29: ffff80000c4eb120 x28: ffff662240c46400 x27: 0000000000000001\n[ 487.383621] x26: 0000000000000001 x25: ffff662246da0cc0 x24: ffff66224af78000\n[ 487.390748] x23: ffffad184f4ce008 x22: ffffad1850185000 x21: ffffad1838d13cec\n[ 487.397874] x20: ffff6601c0000000 x19: fffffd9807000000 x18: 0000000000000000\n[ 487.405000] x17: ffffb910cdc49000 x16: ffffad184d7d9080 x15: 0000000000004000\n[ 487.412126] x14: 0000000000000008 x13: 000000000000ffff x12: 0000000000000000\n[ 487.419252] x11: 0000000000000004 x10: 0000000000000001 x9 : ffffad184d7d927c\n[ 487.426379] x8 : 0000000000000000 x7 : 0000000ffffffd1d x6 : ffff662240a94900\n[ 487.433505] x5 : 0000000000000003 x4 : 0000000000000009 x3 : ffffad184f4ce008\n[ 487.440632] x2 : ffff662243eec000 x1 : 0000000100000100 x0 : fffffc0000000000\n[ 487.447758] Call trace:\n[ 487.450194] kfree+0xac/0x304\n[ 487.453151] dpaa2_eth_free_tx_fd.isra.0+0x33c/0x3e0 [fsl_dpaa2_eth]\n[ 487.459507] dpaa2_eth_tx_conf+0x100/0x2e0 [fsl_dpaa2_eth]\n[ 487.464989] dpaa2_eth_poll+0xdc/0x380 [fsl_dpaa2_eth]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49452" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41ccdd66-a36c-4abe-aa56-fb4cab4fbad3.json b/objects/vulnerability/vulnerability--41ccdd66-a36c-4abe-aa56-fb4cab4fbad3.json new file mode 100644 index 00000000000..db55227fe18 --- /dev/null +++ b/objects/vulnerability/vulnerability--41ccdd66-a36c-4abe-aa56-fb4cab4fbad3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64bccf49-1a09-4145-99e9-637e607237fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41ccdd66-a36c-4abe-aa56-fb4cab4fbad3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.599231Z", + "modified": "2025-02-27T00:38:15.599231Z", + "name": "CVE-2022-49475", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()\n\nIt will cause null-ptr-deref if platform_get_resource_byname() returns NULL,\nwe need check the return value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4200094c-1acd-4965-ab15-bc3e75c55352.json b/objects/vulnerability/vulnerability--4200094c-1acd-4965-ab15-bc3e75c55352.json new file mode 100644 index 00000000000..97ba8886079 --- /dev/null +++ b/objects/vulnerability/vulnerability--4200094c-1acd-4965-ab15-bc3e75c55352.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9433693-1592-43f3-92f6-d23ca637a0b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4200094c-1acd-4965-ab15-bc3e75c55352", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.747211Z", + "modified": "2025-02-27T00:38:15.747211Z", + "name": "CVE-2022-49136", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set\n\nhci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has\nbeen set as that means hci_unregister_dev has been called so it will\nlikely cause a uaf after the timeout as the hdev will be freed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43d0ef89-9a19-469f-a8c5-32c3fa673b2f.json b/objects/vulnerability/vulnerability--43d0ef89-9a19-469f-a8c5-32c3fa673b2f.json new file mode 100644 index 00000000000..7b06c386d9d --- /dev/null +++ b/objects/vulnerability/vulnerability--43d0ef89-9a19-469f-a8c5-32c3fa673b2f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2fc42622-bd3c-462e-a2dc-1be9af91a205", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43d0ef89-9a19-469f-a8c5-32c3fa673b2f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.52993Z", + "modified": "2025-02-27T00:38:15.52993Z", + "name": "CVE-2022-49667", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free after 802.3ad slave unbind\n\ncommit 0622cab0341c (\"bonding: fix 802.3ad aggregator reselection\"),\nresolve case, when there is several aggregation groups in the same bond.\nbond_3ad_unbind_slave will invalidate (clear) aggregator when\n__agg_active_ports return zero. So, ad_clear_agg can be executed even, when\nnum_of_ports!=0. Than bond_3ad_unbind_slave can be executed again for,\npreviously cleared aggregator. NOTE: at this time bond_3ad_unbind_slave\nwill not update slave ports list, because lag_ports==NULL. So, here we\ngot slave ports, pointing to freed aggregator memory.\n\nFix with checking actual number of ports in group (as was before\ncommit 0622cab0341c (\"bonding: fix 802.3ad aggregator reselection\") ),\nbefore ad_clear_agg().\n\nThe KASAN logs are as follows:\n\n[ 767.617392] ==================================================================\n[ 767.630776] BUG: KASAN: use-after-free in bond_3ad_state_machine_handler+0x13dc/0x1470\n[ 767.638764] Read of size 2 at addr ffff00011ba9d430 by task kworker/u8:7/767\n[ 767.647361] CPU: 3 PID: 767 Comm: kworker/u8:7 Tainted: G O 5.15.11 #15\n[ 767.655329] Hardware name: DNI AmazonGo1 A7040 board (DT)\n[ 767.660760] Workqueue: lacp_1 bond_3ad_state_machine_handler\n[ 767.666468] Call trace:\n[ 767.668930] dump_backtrace+0x0/0x2d0\n[ 767.672625] show_stack+0x24/0x30\n[ 767.675965] dump_stack_lvl+0x68/0x84\n[ 767.679659] print_address_description.constprop.0+0x74/0x2b8\n[ 767.685451] kasan_report+0x1f0/0x260\n[ 767.689148] __asan_load2+0x94/0xd0\n[ 767.692667] bond_3ad_state_machine_handler+0x13dc/0x1470", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49667" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43e13b8e-91b0-47be-b63a-608165683292.json b/objects/vulnerability/vulnerability--43e13b8e-91b0-47be-b63a-608165683292.json new file mode 100644 index 00000000000..7ab3afc2e8c --- /dev/null +++ b/objects/vulnerability/vulnerability--43e13b8e-91b0-47be-b63a-608165683292.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16aa1c30-6b07-459b-bc77-c1c17f051f64", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43e13b8e-91b0-47be-b63a-608165683292", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.592562Z", + "modified": "2025-02-27T00:38:01.592562Z", + "name": "CVE-2024-13803", + "description": "The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--443df9cc-6432-4ce1-9fbd-a058c5814ef5.json b/objects/vulnerability/vulnerability--443df9cc-6432-4ce1-9fbd-a058c5814ef5.json new file mode 100644 index 00000000000..66a5aa255cf --- /dev/null +++ b/objects/vulnerability/vulnerability--443df9cc-6432-4ce1-9fbd-a058c5814ef5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f594601e-31a6-42d5-9ad0-ba1d21c4bab1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--443df9cc-6432-4ce1-9fbd-a058c5814ef5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.371957Z", + "modified": "2025-02-27T00:38:15.371957Z", + "name": "CVE-2022-49212", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init\n\nThe reference counting issue happens in several error handling paths\non a refcounted object \"nc->dmac\". In these paths, the function simply\nreturns the error code, forgetting to balance the reference count of\n\"nc->dmac\", increased earlier by dma_request_channel(), which may\ncause refcount leaks.\n\nFix it by decrementing the refcount of specific object in those error\npaths.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44694b10-9c9e-4eae-9d9d-70855c782faa.json b/objects/vulnerability/vulnerability--44694b10-9c9e-4eae-9d9d-70855c782faa.json new file mode 100644 index 00000000000..4c03b706fe2 --- /dev/null +++ b/objects/vulnerability/vulnerability--44694b10-9c9e-4eae-9d9d-70855c782faa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36229302-5eed-4785-a223-10e062c0bdb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44694b10-9c9e-4eae-9d9d-70855c782faa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.604767Z", + "modified": "2025-02-27T00:38:15.604767Z", + "name": "CVE-2022-49236", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix UAF due to race between btf_try_get_module and load_module\n\nWhile working on code to populate kfunc BTF ID sets for module BTF from\nits initcall, I noticed that by the time the initcall is invoked, the\nmodule BTF can already be seen by userspace (and the BPF verifier). The\nexisting btf_try_get_module calls try_module_get which only fails if\nmod->state == MODULE_STATE_GOING, i.e. it can increment module reference\nwhen module initcall is happening in parallel.\n\nCurrently, BTF parsing happens from MODULE_STATE_COMING notifier\ncallback. At this point, the module initcalls have not been invoked.\nThe notifier callback parses and prepares the module BTF, allocates an\nID, which publishes it to userspace, and then adds it to the btf_modules\nlist allowing the kernel to invoke btf_try_get_module for the BTF.\n\nHowever, at this point, the module has not been fully initialized (i.e.\nits initcalls have not finished). The code in module.c can still fail\nand free the module, without caring for other users. However, nothing\nstops btf_try_get_module from succeeding between the state transition\nfrom MODULE_STATE_COMING to MODULE_STATE_LIVE.\n\nThis leads to a use-after-free issue when BPF program loads\nsuccessfully in the state transition, load_module's do_init_module call\nfails and frees the module, and BPF program fd on close calls module_put\nfor the freed module. Future patch has test case to verify we don't\nregress in this area in future.\n\nThere are multiple points after prepare_coming_module (in load_module)\nwhere failure can occur and module loading can return error. We\nillustrate and test for the race using the last point where it can\npractically occur (in module __init function).\n\nAn illustration of the race:\n\nCPU 0 CPU 1\n\t\t\t load_module\n\t\t\t notifier_call(MODULE_STATE_COMING)\n\t\t\t btf_parse_module\n\t\t\t btf_alloc_id\t// Published to userspace\n\t\t\t list_add(&btf_mod->list, btf_modules)\n\t\t\t mod->init(...)\n...\t\t\t\t^\nbpf_check\t\t |\ncheck_pseudo_btf_id |\n btf_try_get_module |\n returns true | ...\n... | module __init in progress\nreturn prog_fd | ...\n... V\n\t\t\t if (ret < 0)\n\t\t\t free_module(mod)\n\t\t\t ...\nclose(prog_fd)\n ...\n bpf_prog_free_deferred\n module_put(used_btf.mod) // use-after-free\n\nWe fix this issue by setting a flag BTF_MODULE_F_LIVE, from the notifier\ncallback when MODULE_STATE_LIVE state is reached for the module, so that\nwe return NULL from btf_try_get_module for modules that are not fully\nformed. Since try_module_get already checks that module is not in\nMODULE_STATE_GOING state, and that is the only transition a live module\ncan make before being removed from btf_modules list, this is enough to\nclose the race and prevent the bug.\n\nA later selftest patch crafts the race condition artifically to verify\nthat it has been fixed, and that verifier fails to load program (with\nENXIO).\n\nLastly, a couple of comments:\n\n 1. Even if this race didn't exist, it seems more appropriate to only\n access resources (ksyms and kfuncs) of a fully formed module which\n has been initialized completely.\n\n 2. This patch was born out of need for synchronization against module\n initcall for the next patch, so it is needed for correctness even\n without the aforementioned race condition. The BTF resources\n initialized by module initcall are set up once and then only looked\n up, so just waiting until the initcall has finished ensures correct\n behavior.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4513c093-564d-441d-baa7-dad6fb9b1d94.json b/objects/vulnerability/vulnerability--4513c093-564d-441d-baa7-dad6fb9b1d94.json new file mode 100644 index 00000000000..dd45f05d31c --- /dev/null +++ b/objects/vulnerability/vulnerability--4513c093-564d-441d-baa7-dad6fb9b1d94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5111ff59-ed12-4004-983d-97e57b304ab0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4513c093-564d-441d-baa7-dad6fb9b1d94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.503169Z", + "modified": "2025-02-27T00:38:15.503169Z", + "name": "CVE-2022-49665", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource\n\nUnlike release_mem_region(), a call to release_resource() does not\nfree the resource, so it has to be freed explicitly to avoid a memory\nleak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--453dc81a-6dbe-43e2-9b35-45c7bdc5d039.json b/objects/vulnerability/vulnerability--453dc81a-6dbe-43e2-9b35-45c7bdc5d039.json new file mode 100644 index 00000000000..5c9219b4a94 --- /dev/null +++ b/objects/vulnerability/vulnerability--453dc81a-6dbe-43e2-9b35-45c7bdc5d039.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6759e681-39f8-43b5-a035-657caef791dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--453dc81a-6dbe-43e2-9b35-45c7bdc5d039", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.214187Z", + "modified": "2025-02-27T00:38:03.214187Z", + "name": "CVE-2024-12878", + "description": "The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12878" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45c48007-2a14-46bc-bb97-027fd902f642.json b/objects/vulnerability/vulnerability--45c48007-2a14-46bc-bb97-027fd902f642.json new file mode 100644 index 00000000000..3523043723f --- /dev/null +++ b/objects/vulnerability/vulnerability--45c48007-2a14-46bc-bb97-027fd902f642.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6cb36df-dd56-4ece-a937-cbe759f9400f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45c48007-2a14-46bc-bb97-027fd902f642", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.542086Z", + "modified": "2025-02-27T00:38:15.542086Z", + "name": "CVE-2022-49266", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix rq-qos breakage from skipping rq_qos_done_bio()\n\na647a524a467 (\"block: don't call rq_qos_ops->done_bio if the bio isn't\ntracked\") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.\nWhile this fixed a potential oops, it also broke blk-iocost by skipping the\ndone_bio callback for merged bios.\n\nBefore, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),\nrq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED\ndistinguishing the former from the latter. rq_qos_done_bio() is not called\nfor bios which wenth through rq_qos_merge(). This royally confuses\nblk-iocost as the merged bios never finish and are considered perpetually\nin-flight.\n\nOne reliably reproducible failure mode is an intermediate cgroup geting\nstuck active preventing its children from being activated due to the\nleaf-only rule, leading to loss of control. The following is from\nresctl-bench protection scenario which emulates isolating a web server like\nworkload from a memory bomb run on an iocost configuration which should\nyield a reasonable level of protection.\n\n # cat /sys/block/nvme2n1/device/model\n Samsung SSD 970 PRO 512GB\n # cat /sys/fs/cgroup/io.cost.model\n 259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025\n # cat /sys/fs/cgroup/io.cost.qos\n 259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00\n # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n ...\n Memory Hog Summary\n ==================\n\n IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m\n W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m\n\n Isolation and Request Latency Impact Distributions:\n\n min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev\n isol% 15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82\n lat-imp% 0 0 0 0 0 4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6\n\n Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%\n\nThe isolation result of 58.12% is close to what this device would show\nwithout any IO control.\n\nFix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and\ncalling rq_qos_done_bio() on them too. For consistency and clarity, rename\nBIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into\nrq_qos_done_bio() so that it's next to the code paths that set the flags.\n\nWith the patch applied, the above same benchmark shows:\n\n # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n ...\n Memory Hog Summary\n ==================\n\n IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m\n W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m\n\n Isolation and Request Latency Impact Distributions:\n\n min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev\n isol% 84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42 2.81\n lat-imp% 0 0 0 0 0 2.81 5.73 11.11 13.92 17.53 22.61 4.10 4.68\n\n Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49266" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--462d3759-2bb6-4dd6-9d0d-549dc5b0edc0.json b/objects/vulnerability/vulnerability--462d3759-2bb6-4dd6-9d0d-549dc5b0edc0.json new file mode 100644 index 00000000000..5c1e4db887d --- /dev/null +++ b/objects/vulnerability/vulnerability--462d3759-2bb6-4dd6-9d0d-549dc5b0edc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5f4128d-d3dd-4633-bccb-3e5f2662ae4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--462d3759-2bb6-4dd6-9d0d-549dc5b0edc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.28463Z", + "modified": "2025-02-27T00:38:15.28463Z", + "name": "CVE-2022-49334", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: Fix xarray node memory leak\n\nIf xas_split_alloc() fails to allocate the necessary nodes to complete the\nxarray entry split, it sets the xa_state to -ENOMEM, which xas_nomem()\nthen interprets as \"Please allocate more memory\", not as \"Please free\nany unnecessary memory\" (which was the intended outcome). It's confusing\nto use xas_nomem() to free memory in this context, so call xas_destroy()\ninstead.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49334" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4675d9fa-c629-480d-b779-6b5d5d69671a.json b/objects/vulnerability/vulnerability--4675d9fa-c629-480d-b779-6b5d5d69671a.json new file mode 100644 index 00000000000..7720aa4427a --- /dev/null +++ b/objects/vulnerability/vulnerability--4675d9fa-c629-480d-b779-6b5d5d69671a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be5099e9-a0b0-4ced-a79c-c4548c73dbf1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4675d9fa-c629-480d-b779-6b5d5d69671a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.73143Z", + "modified": "2025-02-27T00:38:15.73143Z", + "name": "CVE-2022-49365", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()\n\nThe > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of bounds\naccess.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4699dafc-d428-4e16-bf8b-34d96e849938.json b/objects/vulnerability/vulnerability--4699dafc-d428-4e16-bf8b-34d96e849938.json new file mode 100644 index 00000000000..dceff1bb17a --- /dev/null +++ b/objects/vulnerability/vulnerability--4699dafc-d428-4e16-bf8b-34d96e849938.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa384cb7-dbaa-48c3-8988-fa0b2395f304", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4699dafc-d428-4e16-bf8b-34d96e849938", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.620946Z", + "modified": "2025-02-27T00:38:15.620946Z", + "name": "CVE-2022-49486", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: Fix refcount leak in imx_sgtl5000_probe\n\nof_find_i2c_device_by_node() takes a reference,\nIn error paths, we should call put_device() to drop\nthe reference to aviod refount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--46afb023-2552-44d6-9a64-591884a178ab.json b/objects/vulnerability/vulnerability--46afb023-2552-44d6-9a64-591884a178ab.json new file mode 100644 index 00000000000..177c6fa0288 --- /dev/null +++ b/objects/vulnerability/vulnerability--46afb023-2552-44d6-9a64-591884a178ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1eba6a8b-9941-4999-9164-7be3ba1c0b7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--46afb023-2552-44d6-9a64-591884a178ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.710676Z", + "modified": "2025-02-27T00:38:15.710676Z", + "name": "CVE-2022-49556", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak\n\nFor some sev ioctl interfaces, the length parameter that is passed maybe\nless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data\nthat PSP firmware returns. In this case, kmalloc will allocate memory\nthat is the size of the input rather than the size of the data.\nSince PSP firmware doesn't fully overwrite the allocated buffer, these\nsev ioctl interface may return uninitialized kernel slab memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49556" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4795a02c-0255-4c67-95d3-a65ac1f2c814.json b/objects/vulnerability/vulnerability--4795a02c-0255-4c67-95d3-a65ac1f2c814.json new file mode 100644 index 00000000000..348a874ef2c --- /dev/null +++ b/objects/vulnerability/vulnerability--4795a02c-0255-4c67-95d3-a65ac1f2c814.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81059dd8-ad6f-4539-827f-1ae7a8f09943", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4795a02c-0255-4c67-95d3-a65ac1f2c814", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.03309Z", + "modified": "2025-02-27T00:38:03.03309Z", + "name": "CVE-2024-53573", + "description": "Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53573" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--482e15b6-f2f5-47ff-bc88-9e979699bfd7.json b/objects/vulnerability/vulnerability--482e15b6-f2f5-47ff-bc88-9e979699bfd7.json new file mode 100644 index 00000000000..fdd2f2d5949 --- /dev/null +++ b/objects/vulnerability/vulnerability--482e15b6-f2f5-47ff-bc88-9e979699bfd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c189914e-3d62-4aea-a76c-5b1cabcc7661", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--482e15b6-f2f5-47ff-bc88-9e979699bfd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.223336Z", + "modified": "2025-02-27T00:38:11.223336Z", + "name": "CVE-2021-47634", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl\n\nHulk Robot reported a KASAN report about use-after-free:\n ==================================================================\n BUG: KASAN: use-after-free in __list_del_entry_valid+0x13d/0x160\n Read of size 8 at addr ffff888035e37d98 by task ubiattach/1385\n [...]\n Call Trace:\n klist_dec_and_del+0xa7/0x4a0\n klist_put+0xc7/0x1a0\n device_del+0x4d4/0xed0\n cdev_device_del+0x1a/0x80\n ubi_attach_mtd_dev+0x2951/0x34b0 [ubi]\n ctrl_cdev_ioctl+0x286/0x2f0 [ubi]\n\n Allocated by task 1414:\n device_add+0x60a/0x18b0\n cdev_device_add+0x103/0x170\n ubi_create_volume+0x1118/0x1a10 [ubi]\n ubi_cdev_ioctl+0xb7f/0x1ba0 [ubi]\n\n Freed by task 1385:\n cdev_device_del+0x1a/0x80\n ubi_remove_volume+0x438/0x6c0 [ubi]\n ubi_cdev_ioctl+0xbf4/0x1ba0 [ubi]\n [...]\n ==================================================================\n\nThe lock held by ctrl_cdev_ioctl is ubi_devices_mutex, but the lock held\nby ubi_cdev_ioctl is ubi->device_mutex. Therefore, the two locks can be\nconcurrent.\n\nctrl_cdev_ioctl contains two operations: ubi_attach and ubi_detach.\nubi_detach is bug-free because it uses reference counting to prevent\nconcurrency. However, uif_init and uif_close in ubi_attach may race with\nubi_cdev_ioctl.\n\nuif_init will race with ubi_cdev_ioctl as in the following stack.\n cpu1 cpu2 cpu3\n_______________________|________________________|______________________\nctrl_cdev_ioctl\n ubi_attach_mtd_dev\n uif_init\n ubi_cdev_ioctl\n ubi_create_volume\n cdev_device_add\n ubi_add_volume\n // sysfs exist\n kill_volumes\n ubi_cdev_ioctl\n ubi_remove_volume\n cdev_device_del\n // first free\n ubi_free_volume\n cdev_del\n // double free\n cdev_device_del\n\nAnd uif_close will race with ubi_cdev_ioctl as in the following stack.\n cpu1 cpu2 cpu3\n_______________________|________________________|______________________\nctrl_cdev_ioctl\n ubi_attach_mtd_dev\n uif_init\n ubi_cdev_ioctl\n ubi_create_volume\n cdev_device_add\n ubi_debugfs_init_dev\n //error goto out_uif;\n uif_close\n kill_volumes\n ubi_cdev_ioctl\n ubi_remove_volume\n cdev_device_del\n // first free\n ubi_free_volume\n // double free\n\nThe cause of this problem is that commit 714fb87e8bc0 make device\n\"available\" before it becomes accessible via sysfs. Therefore, we\nroll back the modification. We will fix the race condition between\nubi device creation and udev by removing ubi_get_device in\nvol_attribute_show and dev_attribute_show.This avoids accessing\nuninitialized ubi_devices[ubi_num].\n\nubi_get_device is used to prevent devices from being deleted during\nsysfs execution. However, now kernfs ensures that devices will not\nbe deleted before all reference counting are released.\nThe key process is shown in the following stack.\n\ndevice_del\n device_remove_attrs\n device_remove_groups\n sysfs_remove_groups\n sysfs_remove_group\n remove_files\n kernfs_remove_by_name\n kernfs_remove_by_name_ns\n __kernfs_remove\n kernfs_drain", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4888e300-365f-428a-943d-7ba930885ee8.json b/objects/vulnerability/vulnerability--4888e300-365f-428a-943d-7ba930885ee8.json new file mode 100644 index 00000000000..33df7c8ee29 --- /dev/null +++ b/objects/vulnerability/vulnerability--4888e300-365f-428a-943d-7ba930885ee8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--caa63e1c-7a31-43b6-bbed-e3f22e062ed0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4888e300-365f-428a-943d-7ba930885ee8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.253015Z", + "modified": "2025-02-27T00:38:15.253015Z", + "name": "CVE-2022-49234", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Avoid cross-chip syncing of VLAN filtering\n\nChanges to VLAN filtering are not applicable to cross-chip\nnotifications.\n\nOn a system like this:\n\n.-----. .-----. .-----.\n| sw1 +---+ sw2 +---+ sw3 |\n'-1-2-' '-1-2-' '-1-2-'\n\nBefore this change, upon sw1p1 leaving a bridge, a call to\ndsa_port_vlan_filtering would also be made to sw2p1 and sw3p1.\n\nIn this scenario:\n\n.---------. .-----. .-----.\n| sw1 +---+ sw2 +---+ sw3 |\n'-1-2-3-4-' '-1-2-' '-1-2-'\n\nWhen sw1p4 would leave a bridge, dsa_port_vlan_filtering would be\ncalled for sw2 and sw3 with a non-existing port - leading to array\nout-of-bounds accesses and crashes on mv88e6xxx.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4889d972-4a86-4d68-8cb2-1300bcc0da44.json b/objects/vulnerability/vulnerability--4889d972-4a86-4d68-8cb2-1300bcc0da44.json new file mode 100644 index 00000000000..b3a78f0436e --- /dev/null +++ b/objects/vulnerability/vulnerability--4889d972-4a86-4d68-8cb2-1300bcc0da44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e05b3053-c00a-44d5-854b-782f80702082", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4889d972-4a86-4d68-8cb2-1300bcc0da44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.217929Z", + "modified": "2025-02-27T00:38:11.217929Z", + "name": "CVE-2021-47656", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix use-after-free in jffs2_clear_xattr_subsystem\n\nWhen we mount a jffs2 image, assume that the first few blocks of\nthe image are normal and contain at least one xattr-related inode,\nbut the next block is abnormal. As a result, an error is returned\nin jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then\ncalled in jffs2_build_filesystem() and then again in\njffs2_do_fill_super().\n\nFinally we can observe the following report:\n ==================================================================\n BUG: KASAN: use-after-free in jffs2_clear_xattr_subsystem+0x95/0x6ac\n Read of size 8 at addr ffff8881243384e0 by task mount/719\n\n Call Trace:\n dump_stack+0x115/0x16b\n jffs2_clear_xattr_subsystem+0x95/0x6ac\n jffs2_do_fill_super+0x84f/0xc30\n jffs2_fill_super+0x2ea/0x4c0\n mtd_get_sb+0x254/0x400\n mtd_get_sb_by_nr+0x4f/0xd0\n get_tree_mtd+0x498/0x840\n jffs2_get_tree+0x25/0x30\n vfs_get_tree+0x8d/0x2e0\n path_mount+0x50f/0x1e50\n do_mount+0x107/0x130\n __se_sys_mount+0x1c5/0x2f0\n __x64_sys_mount+0xc7/0x160\n do_syscall_64+0x45/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\n Allocated by task 719:\n kasan_save_stack+0x23/0x60\n __kasan_kmalloc.constprop.0+0x10b/0x120\n kasan_slab_alloc+0x12/0x20\n kmem_cache_alloc+0x1c0/0x870\n jffs2_alloc_xattr_ref+0x2f/0xa0\n jffs2_scan_medium.cold+0x3713/0x4794\n jffs2_do_mount_fs.cold+0xa7/0x2253\n jffs2_do_fill_super+0x383/0xc30\n jffs2_fill_super+0x2ea/0x4c0\n [...]\n\n Freed by task 719:\n kmem_cache_free+0xcc/0x7b0\n jffs2_free_xattr_ref+0x78/0x98\n jffs2_clear_xattr_subsystem+0xa1/0x6ac\n jffs2_do_mount_fs.cold+0x5e6/0x2253\n jffs2_do_fill_super+0x383/0xc30\n jffs2_fill_super+0x2ea/0x4c0\n [...]\n\n The buggy address belongs to the object at ffff8881243384b8\n which belongs to the cache jffs2_xattr_ref of size 48\n The buggy address is located 40 bytes inside of\n 48-byte region [ffff8881243384b8, ffff8881243384e8)\n [...]\n ==================================================================\n\nThe triggering of the BUG is shown in the following stack:\n-----------------------------------------------------------\njffs2_fill_super\n jffs2_do_fill_super\n jffs2_do_mount_fs\n jffs2_build_filesystem\n jffs2_scan_medium\n jffs2_scan_eraseblock <--- ERROR\n jffs2_clear_xattr_subsystem <--- free\n jffs2_clear_xattr_subsystem <--- free again\n-----------------------------------------------------------\n\nAn error is returned in jffs2_do_mount_fs(). If the error is returned\nby jffs2_sum_init(), the jffs2_clear_xattr_subsystem() does not need to\nbe executed. If the error is returned by jffs2_build_filesystem(), the\njffs2_clear_xattr_subsystem() also does not need to be executed again.\nSo move jffs2_clear_xattr_subsystem() from 'out_inohash' to 'out_root'\nto fix this UAF problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48f899be-7c15-4329-9d1e-4889fb3e9aa1.json b/objects/vulnerability/vulnerability--48f899be-7c15-4329-9d1e-4889fb3e9aa1.json new file mode 100644 index 00000000000..3a8de5ebd9e --- /dev/null +++ b/objects/vulnerability/vulnerability--48f899be-7c15-4329-9d1e-4889fb3e9aa1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdcd20c9-0c51-4f9c-b4b1-811f80cf2a5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48f899be-7c15-4329-9d1e-4889fb3e9aa1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.345558Z", + "modified": "2025-02-27T00:38:15.345558Z", + "name": "CVE-2022-49500", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwl1251: dynamically allocate memory used for DMA\n\nWith introduction of vmap'ed stacks, stack parameters can no\nlonger be used for DMA and now leads to kernel panic.\n\nIt happens at several places for the wl1251 (e.g. when\naccessed through SDIO) making it unuseable on e.g. the\nOpenPandora.\n\nWe solve this by allocating temporary buffers or use wl1251_read32().\n\nTested on v5.18-rc5 with OpenPandora.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49500" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4913f139-b9fd-443c-a249-6ecce1bf04d9.json b/objects/vulnerability/vulnerability--4913f139-b9fd-443c-a249-6ecce1bf04d9.json new file mode 100644 index 00000000000..7cfc5eac87e --- /dev/null +++ b/objects/vulnerability/vulnerability--4913f139-b9fd-443c-a249-6ecce1bf04d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0402625a-763e-4056-9cd7-b2de2e2f56b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4913f139-b9fd-443c-a249-6ecce1bf04d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.148346Z", + "modified": "2025-02-27T00:38:04.148346Z", + "name": "CVE-2024-50693", + "description": "SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50693" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--493c0f93-55dc-4ee6-9b22-8f416d9bebb0.json b/objects/vulnerability/vulnerability--493c0f93-55dc-4ee6-9b22-8f416d9bebb0.json new file mode 100644 index 00000000000..4177c851f99 --- /dev/null +++ b/objects/vulnerability/vulnerability--493c0f93-55dc-4ee6-9b22-8f416d9bebb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85a98e44-6019-471f-b09b-2f980cd26f77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--493c0f93-55dc-4ee6-9b22-8f416d9bebb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.685928Z", + "modified": "2025-02-27T00:38:15.685928Z", + "name": "CVE-2022-49205", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix double uncharge the mem of sk_msg\n\nIf tcp_bpf_sendmsg is running during a tear down operation, psock may be\nfreed.\n\ntcp_bpf_sendmsg()\n tcp_bpf_send_verdict()\n sk_msg_return()\n tcp_bpf_sendmsg_redir()\n unlikely(!psock))\n sk_msg_free()\n\nThe mem of msg has been uncharged in tcp_bpf_send_verdict() by\nsk_msg_return(), and would be uncharged by sk_msg_free() again. When psock\nis null, we can simply returning an error code, this would then trigger\nthe sk_msg_free_nocharge in the error path of __SK_REDIRECT and would have\nthe side effect of throwing an error up to user space. This would be a\nslight change in behavior from user side but would look the same as an\nerror if the redirect on the socket threw an error.\n\nThis issue can cause the following info:\nWARNING: CPU: 0 PID: 2136 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x13c/0x260\nCall Trace:\n \n __sk_destruct+0x24/0x1f0\n sk_psock_destroy+0x19b/0x1c0\n process_one_work+0x1b3/0x3c0\n worker_thread+0x30/0x350\n ? process_one_work+0x3c0/0x3c0\n kthread+0xe6/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49205" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--494955f1-2931-41c5-a13a-4d4ca173a682.json b/objects/vulnerability/vulnerability--494955f1-2931-41c5-a13a-4d4ca173a682.json new file mode 100644 index 00000000000..5b363d44de0 --- /dev/null +++ b/objects/vulnerability/vulnerability--494955f1-2931-41c5-a13a-4d4ca173a682.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c126bdcc-39db-4c3a-8c61-67ee230cb264", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--494955f1-2931-41c5-a13a-4d4ca173a682", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.703931Z", + "modified": "2025-02-27T00:38:15.703931Z", + "name": "CVE-2022-49499", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix null pointer dereferences without iommu\n\nCheck if 'aspace' is set before using it as it will stay null without\nIOMMU, such as on msm8974.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--494f8455-60ff-4138-9d14-7cafbc731fd3.json b/objects/vulnerability/vulnerability--494f8455-60ff-4138-9d14-7cafbc731fd3.json new file mode 100644 index 00000000000..042db93fc48 --- /dev/null +++ b/objects/vulnerability/vulnerability--494f8455-60ff-4138-9d14-7cafbc731fd3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29fd8be4-a278-48e5-b5ab-08787b5b5d89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--494f8455-60ff-4138-9d14-7cafbc731fd3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.389532Z", + "modified": "2025-02-27T00:38:15.389532Z", + "name": "CVE-2022-49094", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix slab-out-of-bounds bug in decrypt_internal\n\nThe memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in\ntls_set_sw_offload(). The return value of crypto_aead_ivsize()\nfor \"ccm(aes)\" is 16. So memcpy() require 16 bytes from 12 bytes\nmemory space will trigger slab-out-of-bounds bug as following:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in decrypt_internal+0x385/0xc40 [tls]\nRead of size 16 at addr ffff888114e84e60 by task tls/10911\n\nCall Trace:\n \n dump_stack_lvl+0x34/0x44\n print_report.cold+0x5e/0x5db\n ? decrypt_internal+0x385/0xc40 [tls]\n kasan_report+0xab/0x120\n ? decrypt_internal+0x385/0xc40 [tls]\n kasan_check_range+0xf9/0x1e0\n memcpy+0x20/0x60\n decrypt_internal+0x385/0xc40 [tls]\n ? tls_get_rec+0x2e0/0x2e0 [tls]\n ? process_rx_list+0x1a5/0x420 [tls]\n ? tls_setup_from_iter.constprop.0+0x2e0/0x2e0 [tls]\n decrypt_skb_update+0x9d/0x400 [tls]\n tls_sw_recvmsg+0x3c8/0xb50 [tls]\n\nAllocated by task 10911:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n tls_set_sw_offload+0x2eb/0xa20 [tls]\n tls_setsockopt+0x68c/0x700 [tls]\n __sys_setsockopt+0xfe/0x1b0\n\nReplace the crypto_aead_ivsize() with prot->iv_size + prot->salt_size\nwhen memcpy() iv value in TLS_1_3_VERSION scenario.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49a11bf2-3963-4371-8987-209744908e17.json b/objects/vulnerability/vulnerability--49a11bf2-3963-4371-8987-209744908e17.json new file mode 100644 index 00000000000..26767180f07 --- /dev/null +++ b/objects/vulnerability/vulnerability--49a11bf2-3963-4371-8987-209744908e17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e0b01fb-97e1-45c3-b6bf-feff8dde2f3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49a11bf2-3963-4371-8987-209744908e17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.561287Z", + "modified": "2025-02-27T00:38:15.561287Z", + "name": "CVE-2022-49255", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix missing free nid in f2fs_handle_failed_inode\n\nThis patch fixes xfstests/generic/475 failure.\n\n[ 293.680694] F2FS-fs (dm-1): May loss orphan inode, run fsck to fix.\n[ 293.685358] Buffer I/O error on dev dm-1, logical block 8388592, async page read\n[ 293.691527] Buffer I/O error on dev dm-1, logical block 8388592, async page read\n[ 293.691764] sh (7615): drop_caches: 3\n[ 293.691819] sh (7616): drop_caches: 3\n[ 293.694017] Buffer I/O error on dev dm-1, logical block 1, async page read\n[ 293.695659] sh (7618): drop_caches: 3\n[ 293.696979] sh (7617): drop_caches: 3\n[ 293.700290] sh (7623): drop_caches: 3\n[ 293.708621] sh (7626): drop_caches: 3\n[ 293.711386] sh (7628): drop_caches: 3\n[ 293.711825] sh (7627): drop_caches: 3\n[ 293.716738] sh (7630): drop_caches: 3\n[ 293.719613] sh (7632): drop_caches: 3\n[ 293.720971] sh (7633): drop_caches: 3\n[ 293.727741] sh (7634): drop_caches: 3\n[ 293.730783] sh (7636): drop_caches: 3\n[ 293.732681] sh (7635): drop_caches: 3\n[ 293.732988] sh (7637): drop_caches: 3\n[ 293.738836] sh (7639): drop_caches: 3\n[ 293.740568] sh (7641): drop_caches: 3\n[ 293.743053] sh (7640): drop_caches: 3\n[ 293.821889] ------------[ cut here ]------------\n[ 293.824654] kernel BUG at fs/f2fs/node.c:3334!\n[ 293.826226] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 293.828713] CPU: 0 PID: 7653 Comm: umount Tainted: G OE 5.17.0-rc1-custom #1\n[ 293.830946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 293.832526] RIP: 0010:f2fs_destroy_node_manager+0x33f/0x350 [f2fs]\n[ 293.833905] Code: e8 d6 3d f9 f9 48 8b 45 d0 65 48 2b 04 25 28 00 00 00 75 1a 48 81 c4 28 03 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b\n[ 293.837783] RSP: 0018:ffffb04ec31e7a20 EFLAGS: 00010202\n[ 293.839062] RAX: 0000000000000001 RBX: ffff9df947db2eb8 RCX: 0000000080aa0072\n[ 293.840666] RDX: 0000000000000000 RSI: ffffe86c0432a140 RDI: ffffffffc0b72a21\n[ 293.842261] RBP: ffffb04ec31e7d70 R08: ffff9df94ca85780 R09: 0000000080aa0072\n[ 293.843909] R10: ffff9df94ca85700 R11: ffff9df94e1ccf58 R12: ffff9df947db2e00\n[ 293.845594] R13: ffff9df947db2ed0 R14: ffff9df947db2eb8 R15: ffff9df947db2eb8\n[ 293.847855] FS: 00007f5a97379800(0000) GS:ffff9dfa77c00000(0000) knlGS:0000000000000000\n[ 293.850647] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 293.852940] CR2: 00007f5a97528730 CR3: 000000010bc76005 CR4: 0000000000370ef0\n[ 293.854680] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 293.856423] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 293.858380] Call Trace:\n[ 293.859302] \n[ 293.860311] ? ttwu_do_wakeup+0x1c/0x170\n[ 293.861800] ? ttwu_do_activate+0x6d/0xb0\n[ 293.863057] ? _raw_spin_unlock_irqrestore+0x29/0x40\n[ 293.864411] ? try_to_wake_up+0x9d/0x5e0\n[ 293.865618] ? debug_smp_processor_id+0x17/0x20\n[ 293.866934] ? debug_smp_processor_id+0x17/0x20\n[ 293.868223] ? free_unref_page+0xbf/0x120\n[ 293.869470] ? __free_slab+0xcb/0x1c0\n[ 293.870614] ? preempt_count_add+0x7a/0xc0\n[ 293.871811] ? __slab_free+0xa0/0x2d0\n[ 293.872918] ? __wake_up_common_lock+0x8a/0xc0\n[ 293.874186] ? __slab_free+0xa0/0x2d0\n[ 293.875305] ? free_inode_nonrcu+0x20/0x20\n[ 293.876466] ? free_inode_nonrcu+0x20/0x20\n[ 293.877650] ? debug_smp_processor_id+0x17/0x20\n[ 293.878949] ? call_rcu+0x11a/0x240\n[ 293.880060] ? f2fs_destroy_stats+0x59/0x60 [f2fs]\n[ 293.881437] ? kfree+0x1fe/0x230\n[ 293.882674] f2fs_put_super+0x160/0x390 [f2fs]\n[ 293.883978] generic_shutdown_super+0x7a/0x120\n[ 293.885274] kill_block_super+0x27/0x50\n[ 293.886496] kill_f2fs_super+0x7f/0x100 [f2fs]\n[ 293.887806] deactivate_locked_super+0x35/0xa0\n[ 293.889271] deactivate_super+0x40/0x50\n[ 293.890513] cleanup_mnt+0x139/0x190\n[ 293.891689] __cleanup_mnt+0x12/0x20\n[ 293.892850] task_work_run+0x64/0xa0\n[ 293.894035] exit_to_user_mode_prepare+0x1b7/\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49255" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a245853-3ee2-4104-be6e-c2e6017c6839.json b/objects/vulnerability/vulnerability--4a245853-3ee2-4104-be6e-c2e6017c6839.json new file mode 100644 index 00000000000..8b283b5b6a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a245853-3ee2-4104-be6e-c2e6017c6839.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9cf5ef7b-1da9-475d-b3c6-d1c29858749b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a245853-3ee2-4104-be6e-c2e6017c6839", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.726807Z", + "modified": "2025-02-27T00:38:07.726807Z", + "name": "CVE-2025-25793", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a93c89c-bb9f-4a10-b15c-4e6190ce9907.json b/objects/vulnerability/vulnerability--4a93c89c-bb9f-4a10-b15c-4e6190ce9907.json new file mode 100644 index 00000000000..00d14e10dbb --- /dev/null +++ b/objects/vulnerability/vulnerability--4a93c89c-bb9f-4a10-b15c-4e6190ce9907.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e4d050c-c9ab-4470-ad36-32629d45d2ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a93c89c-bb9f-4a10-b15c-4e6190ce9907", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.420931Z", + "modified": "2025-02-27T00:38:15.420931Z", + "name": "CVE-2022-49529", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: fix the null pointer while the smu is disabled\n\nIt needs to check if the pp_funcs is initialized while release the\ncontext, otherwise it will trigger null pointer panic while the software\nsmu is not enabled.\n\n[ 1109.404555] BUG: kernel NULL pointer dereference, address: 0000000000000078\n[ 1109.404609] #PF: supervisor read access in kernel mode\n[ 1109.404638] #PF: error_code(0x0000) - not-present page\n[ 1109.404657] PGD 0 P4D 0\n[ 1109.404672] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 1109.404701] CPU: 7 PID: 9150 Comm: amdgpu_test Tainted: G OEL 5.16.0-custom #1\n[ 1109.404732] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006\n[ 1109.404765] RIP: 0010:amdgpu_dpm_force_performance_level+0x1d/0x170 [amdgpu]\n[ 1109.405109] Code: 5d c3 44 8b a3 f0 80 00 00 eb e5 66 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 08 4c 8b b7 f0 7d 00 00 <49> 83 7e 78 00 0f 84 f2 00 00 00 80 bf 87 80 00 00 00 48 89 fb 0f\n[ 1109.405176] RSP: 0018:ffffaf3083ad7c20 EFLAGS: 00010282\n[ 1109.405203] RAX: 0000000000000000 RBX: ffff9796b1c14600 RCX: 0000000002862007\n[ 1109.405229] RDX: ffff97968591c8c0 RSI: 0000000000000001 RDI: ffff9796a3700000\n[ 1109.405260] RBP: ffffaf3083ad7c50 R08: ffffffff9897de00 R09: ffff979688d9db60\n[ 1109.405286] R10: 0000000000000000 R11: ffff979688d9db90 R12: 0000000000000001\n[ 1109.405316] R13: ffff9796a3700000 R14: 0000000000000000 R15: ffff9796a3708fc0\n[ 1109.405345] FS: 00007ff055cff180(0000) GS:ffff9796bfdc0000(0000) knlGS:0000000000000000\n[ 1109.405378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1109.405400] CR2: 0000000000000078 CR3: 000000000a394000 CR4: 00000000000506e0\n[ 1109.405434] Call Trace:\n[ 1109.405445] \n[ 1109.405456] ? delete_object_full+0x1d/0x20\n[ 1109.405480] amdgpu_ctx_set_stable_pstate+0x7c/0xa0 [amdgpu]\n[ 1109.405698] amdgpu_ctx_fini.part.0+0xcb/0x100 [amdgpu]\n[ 1109.405911] amdgpu_ctx_do_release+0x71/0x80 [amdgpu]\n[ 1109.406121] amdgpu_ctx_ioctl+0x52d/0x550 [amdgpu]\n[ 1109.406327] ? _raw_spin_unlock+0x1a/0x30\n[ 1109.406354] ? drm_gem_handle_delete+0x81/0xb0 [drm]\n[ 1109.406400] ? amdgpu_ctx_get_entity+0x2c0/0x2c0 [amdgpu]\n[ 1109.406609] drm_ioctl_kernel+0xb6/0x140 [drm]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b10912d-7220-447b-a504-085210f34311.json b/objects/vulnerability/vulnerability--4b10912d-7220-447b-a504-085210f34311.json new file mode 100644 index 00000000000..76c1d424b75 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b10912d-7220-447b-a504-085210f34311.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af43b662-35f7-4f56-ade0-a5c9b809edc8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b10912d-7220-447b-a504-085210f34311", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.183062Z", + "modified": "2025-02-27T00:38:11.183062Z", + "name": "CVE-2021-47657", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()\n\nIf virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it\nhappened in the bug report by syzbot), virtio_gpu_array_put_free() could be\ncalled with objs equal to NULL.\n\nEnsure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise\nreturn from the function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b9c739f-7cca-4431-ab7a-43c447ef71f7.json b/objects/vulnerability/vulnerability--4b9c739f-7cca-4431-ab7a-43c447ef71f7.json new file mode 100644 index 00000000000..0216e3eec32 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b9c739f-7cca-4431-ab7a-43c447ef71f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7671dc54-1136-4447-817a-b7c1b140e65e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b9c739f-7cca-4431-ab7a-43c447ef71f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.684043Z", + "modified": "2025-02-27T00:38:15.684043Z", + "name": "CVE-2022-49404", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix potential integer multiplication overflow errors\n\nWhen multiplying of different types, an overflow is possible even when\nstoring the result in a larger type. This is because the conversion is\ndone after the multiplication. So arithmetic overflow and thus in\nincorrect value is possible.\n\nCorrect an instance of this in the inter packet delay calculation. Fix by\nensuring one of the operands is u64 which will promote the other to u64 as\nwell ensuring no overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bb37121-948c-461e-9cab-0bf8bacd343a.json b/objects/vulnerability/vulnerability--4bb37121-948c-461e-9cab-0bf8bacd343a.json new file mode 100644 index 00000000000..940050214bc --- /dev/null +++ b/objects/vulnerability/vulnerability--4bb37121-948c-461e-9cab-0bf8bacd343a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64a8445c-32f4-4cb8-a214-2f1e7b32f9b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bb37121-948c-461e-9cab-0bf8bacd343a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.641027Z", + "modified": "2025-02-27T00:38:15.641027Z", + "name": "CVE-2022-49433", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Prevent use of lock before it is initialized\n\nIf there is a failure during probe of hfi1 before the sdma_map_lock is\ninitialized, the call to hfi1_free_devdata() will attempt to use a lock\nthat has not been initialized. If the locking correctness validator is on\nthen an INFO message and stack trace resembling the following may be seen:\n\n INFO: trying to register non-static key.\n The code is fine but needs lockdep annotation, or maybe\n you didn't initialize this object before use?\n turning off the locking correctness validator.\n Call Trace:\n register_lock_class+0x11b/0x880\n __lock_acquire+0xf3/0x7930\n lock_acquire+0xff/0x2d0\n _raw_spin_lock_irq+0x46/0x60\n sdma_clean+0x42a/0x660 [hfi1]\n hfi1_free_devdata+0x3a7/0x420 [hfi1]\n init_one+0x867/0x11a0 [hfi1]\n pci_device_probe+0x40e/0x8d0\n\nThe use of sdma_map_lock in sdma_clean() is for freeing the sdma_map\nmemory, and sdma_map is not allocated/initialized until after\nsdma_map_lock has been initialized. This code only needs to be run if\nsdma_map is not NULL, and so checking for that condition will avoid trying\nto use the lock before it is initialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49433" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bd924f3-b73f-4773-b64f-9163abae47a1.json b/objects/vulnerability/vulnerability--4bd924f3-b73f-4773-b64f-9163abae47a1.json new file mode 100644 index 00000000000..1e4f4b5f03e --- /dev/null +++ b/objects/vulnerability/vulnerability--4bd924f3-b73f-4773-b64f-9163abae47a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06892bda-5eb8-4fcb-84be-299ecdebc683", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bd924f3-b73f-4773-b64f-9163abae47a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.622797Z", + "modified": "2025-02-27T00:38:15.622797Z", + "name": "CVE-2022-49663", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: do not assume mac header is set in skb_tunnel_check_pmtu()\n\nRecently added debug in commit f9aefd6b2aa3 (\"net: warn if mac header\nwas not set\") caught a bug in skb_tunnel_check_pmtu(), as shown\nin this syzbot report [1].\n\nIn ndo_start_xmit() paths, there is really no need to use skb->mac_header,\nbecause skb->data is supposed to point at it.\n\n[1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/skbuff.h:2784 [inline]\nWARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_tunnel_check_pmtu+0x5de/0x2f90 net/ipv4/ip_tunnel_core.c:413\nModules linked in:\nCPU: 1 PID: 8604 Comm: syz-executor.3 Not tainted 5.19.0-rc2-syzkaller-00443-g8720bd951b8e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:skb_mac_header_len include/linux/skbuff.h:2784 [inline]\nRIP: 0010:skb_tunnel_check_pmtu+0x5de/0x2f90 net/ipv4/ip_tunnel_core.c:413\nCode: 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 80 3c 02 00 0f 84 b9 fe ff ff 4c 89 ff e8 7c 0f d7 f9 e9 ac fe ff ff e8 c2 13 8a f9 <0f> 0b e9 28 fc ff ff e8 b6 13 8a f9 48 8b 54 24 70 48 b8 00 00 00\nRSP: 0018:ffffc90002e4f520 EFLAGS: 00010212\nRAX: 0000000000000324 RBX: ffff88804d5fd500 RCX: ffffc90005b52000\nRDX: 0000000000040000 RSI: ffffffff87f05e3e RDI: 0000000000000003\nRBP: ffffc90002e4f650 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000000 R12: 000000000000ffff\nR13: 0000000000000000 R14: 000000000000ffcd R15: 000000000000001f\nFS: 00007f3babba9700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000080 CR3: 0000000075319000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\ngeneve_xmit_skb drivers/net/geneve.c:927 [inline]\ngeneve_xmit+0xcf8/0x35d0 drivers/net/geneve.c:1107\n__netdev_start_xmit include/linux/netdevice.h:4805 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4819 [inline]\n__dev_direct_xmit+0x500/0x730 net/core/dev.c:4309\ndev_direct_xmit include/linux/netdevice.h:3007 [inline]\npacket_direct_xmit+0x1b8/0x2c0 net/packet/af_packet.c:282\npacket_snd net/packet/af_packet.c:3073 [inline]\npacket_sendmsg+0x21f4/0x55d0 net/packet/af_packet.c:3104\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg+0xcf/0x120 net/socket.c:734\n____sys_sendmsg+0x6eb/0x810 net/socket.c:2489\n___sys_sendmsg+0xf3/0x170 net/socket.c:2543\n__sys_sendmsg net/socket.c:2572 [inline]\n__do_sys_sendmsg net/socket.c:2581 [inline]\n__se_sys_sendmsg net/socket.c:2579 [inline]\n__x64_sys_sendmsg+0x132/0x220 net/socket.c:2579\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f3baaa89109\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3babba9168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3baab9bf60 RCX: 00007f3baaa89109\nRDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000003\nRBP: 00007f3baaae305d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffe74f2543f R14: 00007f3babba9300 R15: 0000000000022000\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49663" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cc37e36-d728-4430-945b-0a8676fdbd00.json b/objects/vulnerability/vulnerability--4cc37e36-d728-4430-945b-0a8676fdbd00.json new file mode 100644 index 00000000000..484665a27f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4cc37e36-d728-4430-945b-0a8676fdbd00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d779ebb-c497-44b4-8dec-0a4debafb91f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cc37e36-d728-4430-945b-0a8676fdbd00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.318318Z", + "modified": "2025-02-27T00:38:15.318318Z", + "name": "CVE-2022-49253", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: go7007: s2250-board: fix leak in probe()\n\nCall i2c_unregister_device(audio) on this error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49253" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cfca830-c466-483f-933b-3bbe5325d6db.json b/objects/vulnerability/vulnerability--4cfca830-c466-483f-933b-3bbe5325d6db.json new file mode 100644 index 00000000000..4872dce717e --- /dev/null +++ b/objects/vulnerability/vulnerability--4cfca830-c466-483f-933b-3bbe5325d6db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a07e42f-3fe2-42da-ab5c-d6c26c3add5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cfca830-c466-483f-933b-3bbe5325d6db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.596482Z", + "modified": "2025-02-27T00:38:15.596482Z", + "name": "CVE-2022-49540", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix race in schedule and flush work\n\nWhile booting secondary CPUs, cpus_read_[lock/unlock] is not keeping\nonline cpumask stable. The transient online mask results in below\ncalltrace.\n\n[ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083]\n[ 0.346652] Detected PIPT I-cache on CPU2\n[ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083]\n[ 0.377255] Detected PIPT I-cache on CPU3\n[ 0.377823] CPU3: Booted secondary processor 0x0000000003 [0x410fd083]\n[ 0.379040] ------------[ cut here ]------------\n[ 0.383662] WARNING: CPU: 0 PID: 10 at kernel/workqueue.c:3084 __flush_work+0x12c/0x138\n[ 0.384850] Modules linked in:\n[ 0.385403] CPU: 0 PID: 10 Comm: rcu_tasks_rude_ Not tainted 5.17.0-rc3-v8+ #13\n[ 0.386473] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 0.387289] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.388308] pc : __flush_work+0x12c/0x138\n[ 0.388970] lr : __flush_work+0x80/0x138\n[ 0.389620] sp : ffffffc00aaf3c60\n[ 0.390139] x29: ffffffc00aaf3d20 x28: ffffffc009c16af0 x27: ffffff80f761df48\n[ 0.391316] x26: 0000000000000004 x25: 0000000000000003 x24: 0000000000000100\n[ 0.392493] x23: ffffffffffffffff x22: ffffffc009c16b10 x21: ffffffc009c16b28\n[ 0.393668] x20: ffffffc009e53861 x19: ffffff80f77fbf40 x18: 00000000d744fcc9\n[ 0.394842] x17: 000000000000000b x16: 00000000000001c2 x15: ffffffc009e57550\n[ 0.396016] x14: 0000000000000000 x13: ffffffffffffffff x12: 0000000100000000\n[ 0.397190] x11: 0000000000000462 x10: ffffff8040258008 x9 : 0000000100000000\n[ 0.398364] x8 : 0000000000000000 x7 : ffffffc0093c8bf4 x6 : 0000000000000000\n[ 0.399538] x5 : 0000000000000000 x4 : ffffffc00a976e40 x3 : ffffffc00810444c\n[ 0.400711] x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000\n[ 0.401886] Call trace:\n[ 0.402309] __flush_work+0x12c/0x138\n[ 0.402941] schedule_on_each_cpu+0x228/0x278\n[ 0.403693] rcu_tasks_rude_wait_gp+0x130/0x144\n[ 0.404502] rcu_tasks_kthread+0x220/0x254\n[ 0.405264] kthread+0x174/0x1ac\n[ 0.405837] ret_from_fork+0x10/0x20\n[ 0.406456] irq event stamp: 102\n[ 0.406966] hardirqs last enabled at (101): [] _raw_spin_unlock_irq+0x78/0xb4\n[ 0.408304] hardirqs last disabled at (102): [] el1_dbg+0x24/0x5c\n[ 0.409410] softirqs last enabled at (54): [] local_bh_enable+0xc/0x2c\n[ 0.410645] softirqs last disabled at (50): [] local_bh_disable+0xc/0x2c\n[ 0.411890] ---[ end trace 0000000000000000 ]---\n[ 0.413000] smp: Brought up 1 node, 4 CPUs\n[ 0.413762] SMP: Total of 4 processors activated.\n[ 0.414566] CPU features: detected: 32-bit EL0 Support\n[ 0.415414] CPU features: detected: 32-bit EL1 Support\n[ 0.416278] CPU features: detected: CRC32 instructions\n[ 0.447021] Callback from call_rcu_tasks_rude() invoked.\n[ 0.506693] Callback from call_rcu_tasks() invoked.\n\nThis commit therefore fixes this issue by applying a single-CPU\noptimization to the RCU Tasks Rude grace-period process. The key point\nhere is that the purpose of this RCU flavor is to force a schedule on\neach online CPU since some past event. But the rcu_tasks_rude_wait_gp()\nfunction runs in the context of the RCU Tasks Rude's grace-period kthread,\nso there must already have been a context switch on the current CPU since\nthe call to either synchronize_rcu_tasks_rude() or call_rcu_tasks_rude().\nSo if there is only a single CPU online, RCU Tasks Rude's grace-period\nkthread does not need to anything at all.\n\nIt turns out that the rcu_tasks_rude_wait_gp() function's call to\nschedule_on_each_cpu() causes problems during early boot. During that\ntime, there is only one online CPU, namely the boot CPU. Therefore,\napplying this single-CPU optimization fixes early-boot instances of\nthis problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d13584d-5f76-4452-bebf-803fca24f3ac.json b/objects/vulnerability/vulnerability--4d13584d-5f76-4452-bebf-803fca24f3ac.json new file mode 100644 index 00000000000..df99e4782de --- /dev/null +++ b/objects/vulnerability/vulnerability--4d13584d-5f76-4452-bebf-803fca24f3ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6e912c4-0ec6-4b89-895a-d649e13de6a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d13584d-5f76-4452-bebf-803fca24f3ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.7369Z", + "modified": "2025-02-27T00:38:15.7369Z", + "name": "CVE-2022-49153", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: socket: free skb in send6 when ipv6 is disabled\n\nI got a memory leak report:\n\nunreferenced object 0xffff8881191fc040 (size 232):\n comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] slab_post_alloc_hook+0x84/0x3b0\n [] kmem_cache_alloc_node+0x167/0x340\n [] __alloc_skb+0x1db/0x200\n [] wg_socket_send_buffer_to_peer+0x3d/0xc0\n [] wg_packet_send_handshake_initiation+0xfa/0x110\n [] wg_packet_handshake_send_worker+0x21/0x30\n [] process_one_work+0x2e8/0x770\n [] worker_thread+0x4a/0x4b0\n [] kthread+0x120/0x160\n [] ret_from_fork+0x1f/0x30\n\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49153" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d167b94-836a-430b-89ba-5207d321d7ca.json b/objects/vulnerability/vulnerability--4d167b94-836a-430b-89ba-5207d321d7ca.json new file mode 100644 index 00000000000..d6a68d705b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d167b94-836a-430b-89ba-5207d321d7ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b102d6d2-4309-4809-bd39-3f2b8fd4a026", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d167b94-836a-430b-89ba-5207d321d7ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.618936Z", + "modified": "2025-02-27T00:38:15.618936Z", + "name": "CVE-2022-49093", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: fix coalescing for page_pool fragment recycling\n\nFix a use-after-free when using page_pool with page fragments. We\nencountered this problem during normal RX in the hns3 driver:\n\n(1) Initially we have three descriptors in the RX queue. The first one\n allocates PAGE1 through page_pool, and the other two allocate one\n half of PAGE2 each. Page references look like this:\n\n RX_BD1 _______ PAGE1\n RX_BD2 _______ PAGE2\n RX_BD3 _________/\n\n(2) Handle RX on the first descriptor. Allocate SKB1, eventually added\n to the receive queue by tcp_queue_rcv().\n\n(3) Handle RX on the second descriptor. Allocate SKB2 and pass it to\n netif_receive_skb():\n\n netif_receive_skb(SKB2)\n ip_rcv(SKB2)\n SKB3 = skb_clone(SKB2)\n\n SKB2 and SKB3 share a reference to PAGE2 through\n skb_shinfo()->dataref. The other ref to PAGE2 is still held by\n RX_BD3:\n\n SKB2 ---+- PAGE2\n SKB3 __/ /\n RX_BD3 _________/\n\n (3b) Now while handling TCP, coalesce SKB3 with SKB1:\n\n tcp_v4_rcv(SKB3)\n tcp_try_coalesce(to=SKB1, from=SKB3) // succeeds\n kfree_skb_partial(SKB3)\n skb_release_data(SKB3) // drops one dataref\n\n SKB1 _____ PAGE1\n \\____\n SKB2 _____ PAGE2\n /\n RX_BD3 _________/\n\n In skb_try_coalesce(), __skb_frag_ref() takes a page reference to\n PAGE2, where it should instead have increased the page_pool frag\n reference, pp_frag_count. Without coalescing, when releasing both\n SKB2 and SKB3, a single reference to PAGE2 would be dropped. Now\n when releasing SKB1 and SKB2, two references to PAGE2 will be\n dropped, resulting in underflow.\n\n (3c) Drop SKB2:\n\n af_packet_rcv(SKB2)\n consume_skb(SKB2)\n skb_release_data(SKB2) // drops second dataref\n page_pool_return_skb_page(PAGE2) // drops one pp_frag_count\n\n SKB1 _____ PAGE1\n \\____\n PAGE2\n /\n RX_BD3 _________/\n\n(4) Userspace calls recvmsg()\n Copies SKB1 and releases it. Since SKB3 was coalesced with SKB1, we\n release the SKB3 page as well:\n\n tcp_eat_recv_skb(SKB1)\n skb_release_data(SKB1)\n page_pool_return_skb_page(PAGE1)\n page_pool_return_skb_page(PAGE2) // drops second pp_frag_count\n\n(5) PAGE2 is freed, but the third RX descriptor was still using it!\n In our case this causes IOMMU faults, but it would silently corrupt\n memory if the IOMMU was disabled.\n\nChange the logic that checks whether pp_recycle SKBs can be coalesced.\nWe still reject differing pp_recycle between 'from' and 'to' SKBs, but\nin order to avoid the situation described above, we also reject\ncoalescing when both 'from' and 'to' are pp_recycled and 'from' is\ncloned.\n\nThe new logic allows coalescing a cloned pp_recycle SKB into a page\nrefcounted one, because in this case the release (4) will drop the right\nreference, the one taken by skb_try_coalesce().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d2ca8cf-3b73-4e30-8061-c56aed2809a0.json b/objects/vulnerability/vulnerability--4d2ca8cf-3b73-4e30-8061-c56aed2809a0.json new file mode 100644 index 00000000000..899dfd2047f --- /dev/null +++ b/objects/vulnerability/vulnerability--4d2ca8cf-3b73-4e30-8061-c56aed2809a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2838094-c4b2-4d24-992b-c9a176af3357", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d2ca8cf-3b73-4e30-8061-c56aed2809a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.581017Z", + "modified": "2025-02-27T00:38:15.581017Z", + "name": "CVE-2022-49082", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()\n\nThe function mpt3sas_transport_port_remove() called in\n_scsih_expander_node_remove() frees the port field of the sas_expander\nstructure, leading to the following use-after-free splat from KASAN when\nthe ioc_info() call following that function is executed (e.g. when doing\nrmmod of the driver module):\n\n[ 3479.371167] ==================================================================\n[ 3479.378496] BUG: KASAN: use-after-free in _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.386936] Read of size 1 at addr ffff8881c037691c by task rmmod/1531\n[ 3479.393524]\n[ 3479.395035] CPU: 18 PID: 1531 Comm: rmmod Not tainted 5.17.0-rc8+ #1436\n[ 3479.401712] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.1 06/02/2021\n[ 3479.409263] Call Trace:\n[ 3479.411743] \n[ 3479.413875] dump_stack_lvl+0x45/0x59\n[ 3479.417582] print_address_description.constprop.0+0x1f/0x120\n[ 3479.423389] ? _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.429469] kasan_report.cold+0x83/0xdf\n[ 3479.433438] ? _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.439514] _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.445411] ? _raw_spin_unlock_irqrestore+0x2d/0x40\n[ 3479.452032] scsih_remove+0x525/0xc90 [mpt3sas]\n[ 3479.458212] ? mpt3sas_expander_remove+0x1d0/0x1d0 [mpt3sas]\n[ 3479.465529] ? down_write+0xde/0x150\n[ 3479.470746] ? up_write+0x14d/0x460\n[ 3479.475840] ? kernfs_find_ns+0x137/0x310\n[ 3479.481438] pci_device_remove+0x65/0x110\n[ 3479.487013] __device_release_driver+0x316/0x680\n[ 3479.493180] driver_detach+0x1ec/0x2d0\n[ 3479.498499] bus_remove_driver+0xe7/0x2d0\n[ 3479.504081] pci_unregister_driver+0x26/0x250\n[ 3479.510033] _mpt3sas_exit+0x2b/0x6cf [mpt3sas]\n[ 3479.516144] __x64_sys_delete_module+0x2fd/0x510\n[ 3479.522315] ? free_module+0xaa0/0xaa0\n[ 3479.527593] ? __cond_resched+0x1c/0x90\n[ 3479.532951] ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n[ 3479.539607] ? syscall_enter_from_user_mode+0x21/0x70\n[ 3479.546161] ? trace_hardirqs_on+0x1c/0x110\n[ 3479.551828] do_syscall_64+0x35/0x80\n[ 3479.556884] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 3479.563402] RIP: 0033:0x7f1fc482483b\n...\n[ 3479.943087] ==================================================================\n\nFix this by introducing the local variable port_id to store the port ID\nvalue before executing mpt3sas_transport_port_remove(). This local variable\nis then used in the call to ioc_info() instead of dereferencing the freed\nport structure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d8b5e04-0665-41e7-9e0b-6d6212f9e1ae.json b/objects/vulnerability/vulnerability--4d8b5e04-0665-41e7-9e0b-6d6212f9e1ae.json new file mode 100644 index 00000000000..a696fe65b09 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d8b5e04-0665-41e7-9e0b-6d6212f9e1ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ac66d60-27f8-4a7f-9c5d-8cda365b11ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d8b5e04-0665-41e7-9e0b-6d6212f9e1ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.637355Z", + "modified": "2025-02-27T00:38:15.637355Z", + "name": "CVE-2022-49344", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix a data-race in unix_dgram_peer_wake_me().\n\nunix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s\nlock held and check if its receive queue is full. Here we need to\nuse unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise\nKCSAN will report a data-race.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49344" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4db5f85f-4edf-4c90-9df6-53d79e2968a3.json b/objects/vulnerability/vulnerability--4db5f85f-4edf-4c90-9df6-53d79e2968a3.json new file mode 100644 index 00000000000..1b8a3e798c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--4db5f85f-4edf-4c90-9df6-53d79e2968a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--abce001f-39f7-4774-8e12-60faeaa70a32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4db5f85f-4edf-4c90-9df6-53d79e2968a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.33484Z", + "modified": "2025-02-27T00:38:15.33484Z", + "name": "CVE-2022-49141", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: fix possible NULL pointer dereference\n\nAs the possible failure of the allocation, kzalloc() may return NULL\npointer.\nTherefore, it should be better to check the 'sgi' in order to prevent\nthe dereference of NULL pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e0bf561-4725-4cb7-9f2d-a3ce1c95d5e2.json b/objects/vulnerability/vulnerability--4e0bf561-4725-4cb7-9f2d-a3ce1c95d5e2.json new file mode 100644 index 00000000000..4442bcf93cc --- /dev/null +++ b/objects/vulnerability/vulnerability--4e0bf561-4725-4cb7-9f2d-a3ce1c95d5e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77ca99a1-98df-4306-a1b5-86cdebef0f62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e0bf561-4725-4cb7-9f2d-a3ce1c95d5e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.750009Z", + "modified": "2025-02-27T00:38:15.750009Z", + "name": "CVE-2022-49283", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: sysfb: fix platform-device leak in error path\n\nMake sure to free the platform device also in the unlikely event that\nregistration fails.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49283" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e88f8ca-bbfb-4760-b004-7de8a6736e99.json b/objects/vulnerability/vulnerability--4e88f8ca-bbfb-4760-b004-7de8a6736e99.json new file mode 100644 index 00000000000..e1c89c0a915 --- /dev/null +++ b/objects/vulnerability/vulnerability--4e88f8ca-bbfb-4760-b004-7de8a6736e99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af8555a9-b4f6-430a-b288-c9a64110b7b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e88f8ca-bbfb-4760-b004-7de8a6736e99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.505001Z", + "modified": "2025-02-27T00:38:15.505001Z", + "name": "CVE-2022-49080", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller. But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new. This would happen if mempolicy was updated on\nthe shared shmem file while the sp->lock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n shm = shmat(shmid, 0, 0);\n loop many times {\n mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n maxnode, 0);\n }", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49080" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ed8f2fe-8565-4630-9cbb-8e25a2d8f30d.json b/objects/vulnerability/vulnerability--4ed8f2fe-8565-4630-9cbb-8e25a2d8f30d.json new file mode 100644 index 00000000000..b1de3713bd3 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ed8f2fe-8565-4630-9cbb-8e25a2d8f30d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--217dad0f-285b-471d-9dcb-82dff8bc605b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ed8f2fe-8565-4630-9cbb-8e25a2d8f30d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.465014Z", + "modified": "2025-02-27T00:38:07.465014Z", + "name": "CVE-2025-22868", + "description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22868" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fd71642-a283-4261-8d8e-c9f69555b985.json b/objects/vulnerability/vulnerability--4fd71642-a283-4261-8d8e-c9f69555b985.json new file mode 100644 index 00000000000..3bc5a424d08 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fd71642-a283-4261-8d8e-c9f69555b985.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fd27949-e74d-44be-ad2a-3dfaf7fa5cb6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fd71642-a283-4261-8d8e-c9f69555b985", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.571543Z", + "modified": "2025-02-27T00:38:15.571543Z", + "name": "CVE-2022-49390", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: fix UAF bug for real_dev\n\nCreate a new macsec device but not get reference to real_dev. That can\nnot ensure that real_dev is freed after macsec. That will trigger the\nUAF bug for real_dev as following:\n\n==================================================================\nBUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662\nCall Trace:\n ...\n macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662\n dev_get_iflink+0x73/0xe0 net/core/dev.c:637\n default_operstate net/core/link_watch.c:42 [inline]\n rfc2863_policy+0x233/0x2d0 net/core/link_watch.c:54\n linkwatch_do_dev+0x2a/0x150 net/core/link_watch.c:161\n\nAllocated by task 22209:\n ...\n alloc_netdev_mqs+0x98/0x1100 net/core/dev.c:10549\n rtnl_create_link+0x9d7/0xc00 net/core/rtnetlink.c:3235\n veth_newlink+0x20e/0xa90 drivers/net/veth.c:1748\n\nFreed by task 8:\n ...\n kfree+0xd6/0x4d0 mm/slub.c:4552\n kvfree+0x42/0x50 mm/util.c:615\n device_release+0x9f/0x240 drivers/base/core.c:2229\n kobject_cleanup lib/kobject.c:673 [inline]\n kobject_release lib/kobject.c:704 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x1c8/0x540 lib/kobject.c:721\n netdev_run_todo+0x72e/0x10b0 net/core/dev.c:10327\n\nAfter commit faab39f63c1f (\"net: allow out-of-order netdev unregistration\")\nand commit e5f80fcf869a (\"ipv6: give an IPv6 dev to blackhole_netdev\"), we\ncan add dev_hold_track() in macsec_dev_init() and dev_put_track() in\nmacsec_free_netdev() to fix the problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5052d84e-e73f-4350-b9df-fddb11cf19dc.json b/objects/vulnerability/vulnerability--5052d84e-e73f-4350-b9df-fddb11cf19dc.json new file mode 100644 index 00000000000..4377a925bf4 --- /dev/null +++ b/objects/vulnerability/vulnerability--5052d84e-e73f-4350-b9df-fddb11cf19dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b4fce607-1e0e-4747-9470-14bad3e1c045", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5052d84e-e73f-4350-b9df-fddb11cf19dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.600138Z", + "modified": "2025-02-27T00:38:15.600138Z", + "name": "CVE-2022-49190", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/resource: fix kfree() of bootmem memory again\n\nSince commit ebff7d8f270d (\"mem hotunplug: fix kfree() of bootmem\nmemory\"), we could get a resource allocated during boot via\nalloc_resource(). And it's required to release the resource using\nfree_resource(). Howerver, many people use kfree directly which will\nresult in kernel BUG. In order to fix this without fixing every call\nsite, just leak a couple of bytes in such corner case.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49190" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50e09a32-80c3-4a86-aaa3-2730a49f0a63.json b/objects/vulnerability/vulnerability--50e09a32-80c3-4a86-aaa3-2730a49f0a63.json new file mode 100644 index 00000000000..07aa327c88d --- /dev/null +++ b/objects/vulnerability/vulnerability--50e09a32-80c3-4a86-aaa3-2730a49f0a63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc97ca67-7d08-4f12-9f45-6247d2328d34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50e09a32-80c3-4a86-aaa3-2730a49f0a63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.573413Z", + "modified": "2025-02-27T00:38:15.573413Z", + "name": "CVE-2022-49286", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: use try_get_ops() in tpm-space.c\n\nAs part of the series conversion to remove nested TPM operations:\n\nhttps://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/\n\nexposure of the chip->tpm_mutex was removed from much of the upper\nlevel code. In this conversion, tpm2_del_space() was missed. This\ndidn't matter much because it's usually called closely after a\nconverted operation, so there's only a very tiny race window where the\nchip can be removed before the space flushing is done which causes a\nNULL deref on the mutex. However, there are reports of this window\nbeing hit in practice, so fix this by converting tpm2_del_space() to\nuse tpm_try_get_ops(), which performs all the teardown checks before\nacquring the mutex.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49286" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51015415-93fd-4234-9ad8-5a59fffd8c4c.json b/objects/vulnerability/vulnerability--51015415-93fd-4234-9ad8-5a59fffd8c4c.json new file mode 100644 index 00000000000..b783c74d8aa --- /dev/null +++ b/objects/vulnerability/vulnerability--51015415-93fd-4234-9ad8-5a59fffd8c4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--729608ba-0eb8-49e0-a12f-284cb27acc25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51015415-93fd-4234-9ad8-5a59fffd8c4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.953546Z", + "modified": "2025-02-27T00:38:07.953546Z", + "name": "CVE-2025-20118", + "description": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20118" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5107f7a5-f125-49da-90d2-322a6d015096.json b/objects/vulnerability/vulnerability--5107f7a5-f125-49da-90d2-322a6d015096.json new file mode 100644 index 00000000000..58ba5d8705b --- /dev/null +++ b/objects/vulnerability/vulnerability--5107f7a5-f125-49da-90d2-322a6d015096.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--debec37b-5306-4b11-b722-9a7bbbb6a535", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5107f7a5-f125-49da-90d2-322a6d015096", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.302936Z", + "modified": "2025-02-27T00:38:15.302936Z", + "name": "CVE-2022-49305", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()\n\nThere is a deadlock in ieee80211_beacons_stop(), which is shown below:\n\n (Thread 1) | (Thread 2)\n | ieee80211_send_beacon()\nieee80211_beacons_stop() | mod_timer()\n spin_lock_irqsave() //(1) | (wait a time)\n ... | ieee80211_send_beacon_cb()\n del_timer_sync() | spin_lock_irqsave() //(2)\n (wait timer to stop) | ...\n\nWe hold ieee->beacon_lock in position (1) of thread 1 and use\ndel_timer_sync() to wait timer to stop, but timer handler\nalso need ieee->beacon_lock in position (2) of thread 2.\nAs a result, ieee80211_beacons_stop() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_irqsave(), which could let timer handler to obtain\nthe needed lock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49305" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5151d249-04b6-4328-9728-70480764ce72.json b/objects/vulnerability/vulnerability--5151d249-04b6-4328-9728-70480764ce72.json new file mode 100644 index 00000000000..75fd1b20dd9 --- /dev/null +++ b/objects/vulnerability/vulnerability--5151d249-04b6-4328-9728-70480764ce72.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42ad62de-e5cd-4886-874e-831fad561f69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5151d249-04b6-4328-9728-70480764ce72", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.717872Z", + "modified": "2025-02-27T00:38:07.717872Z", + "name": "CVE-2025-25790", + "description": "An arbitrary file upload vulnerability in the component \\controller\\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5210bc5c-a566-4386-afcd-9ec23b3322e5.json b/objects/vulnerability/vulnerability--5210bc5c-a566-4386-afcd-9ec23b3322e5.json new file mode 100644 index 00000000000..8af51119dc5 --- /dev/null +++ b/objects/vulnerability/vulnerability--5210bc5c-a566-4386-afcd-9ec23b3322e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0cffad36-3c04-4258-82e3-5d3b85c8460b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5210bc5c-a566-4386-afcd-9ec23b3322e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.64995Z", + "modified": "2025-02-27T00:38:01.64995Z", + "name": "CVE-2024-13624", + "description": "The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5268c12a-4588-4688-aab5-1d4f56063898.json b/objects/vulnerability/vulnerability--5268c12a-4588-4688-aab5-1d4f56063898.json new file mode 100644 index 00000000000..0fa9cbdead5 --- /dev/null +++ b/objects/vulnerability/vulnerability--5268c12a-4588-4688-aab5-1d4f56063898.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e28d7efe-d028-4dbe-a823-22f30d035d26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5268c12a-4588-4688-aab5-1d4f56063898", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.795106Z", + "modified": "2025-02-27T00:38:15.795106Z", + "name": "CVE-2022-49611", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/speculation: Fill RSB on vmexit for IBRS\n\nPrevent RSB underflow/poisoning attacks with RSB. While at it, add a\nbunch of comments to attempt to document the current state of tribal\nknowledge about RSB attacks and what exactly is being mitigated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--527558ba-8f6c-42a6-8b4a-a2f04b4c73fb.json b/objects/vulnerability/vulnerability--527558ba-8f6c-42a6-8b4a-a2f04b4c73fb.json new file mode 100644 index 00000000000..e57bb25b5cb --- /dev/null +++ b/objects/vulnerability/vulnerability--527558ba-8f6c-42a6-8b4a-a2f04b4c73fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b22861ec-5fc6-4a43-a97d-0cd0dafd6efa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--527558ba-8f6c-42a6-8b4a-a2f04b4c73fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.682186Z", + "modified": "2025-02-27T00:38:15.682186Z", + "name": "CVE-2022-49534", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT\n\nThere is a potential memory leak in lpfc_ignore_els_cmpl() and\nlpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT\n(lpfc_rcv_plogi()'s login_mbox).\n\nCheck if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(),\nand then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for\nservice parameters.\n\nFor lpfc_els_rsp_reject() failure, free both the ctx_buf for service\nparameters and the login_mbox.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49534" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52ea8fee-9bda-4d11-9f24-13021ee680ed.json b/objects/vulnerability/vulnerability--52ea8fee-9bda-4d11-9f24-13021ee680ed.json new file mode 100644 index 00000000000..7c17ec2de7d --- /dev/null +++ b/objects/vulnerability/vulnerability--52ea8fee-9bda-4d11-9f24-13021ee680ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3f2bf3e-1630-457e-b9d8-fece5cb40486", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52ea8fee-9bda-4d11-9f24-13021ee680ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.373871Z", + "modified": "2025-02-27T00:38:15.373871Z", + "name": "CVE-2022-49151", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. We should check that in endpoint is actually present to\nprevent this warning.\n\nFound pipes are now saved to struct mcba_priv and code uses them\ndirectly instead of making pipes in place.\n\nFail log:\n\n| usb 5-1: BOGUS urb xfer, pipe 3 != type 1\n| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| Modules linked in:\n| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0\n| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\n| Workqueue: usb_hub_wq hub_event\n| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| ...\n| Call Trace:\n| \n| mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]\n| mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858\n| usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n| call_driver_probe drivers/base/dd.c:517 [inline]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49151" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53093602-5c20-4194-8a1a-6037783aa5cb.json b/objects/vulnerability/vulnerability--53093602-5c20-4194-8a1a-6037783aa5cb.json new file mode 100644 index 00000000000..2732a9042dd --- /dev/null +++ b/objects/vulnerability/vulnerability--53093602-5c20-4194-8a1a-6037783aa5cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d666ac9-e5fa-4925-836e-5a23d7b03f89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53093602-5c20-4194-8a1a-6037783aa5cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.306834Z", + "modified": "2025-02-27T00:38:15.306834Z", + "name": "CVE-2022-49682", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxtensa: Fix refcount leak bug in time.c\n\nIn calibrate_ccount(), of_find_compatible_node() will return a node\npointer with refcount incremented. We should use of_node_put() when\nit is not used anymore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49682" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--531caf86-613b-44fd-be44-3716976a500f.json b/objects/vulnerability/vulnerability--531caf86-613b-44fd-be44-3716976a500f.json new file mode 100644 index 00000000000..7d209243776 --- /dev/null +++ b/objects/vulnerability/vulnerability--531caf86-613b-44fd-be44-3716976a500f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc3fe42c-e649-4bac-badf-127330b3bd03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--531caf86-613b-44fd-be44-3716976a500f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.242733Z", + "modified": "2025-02-27T00:38:15.242733Z", + "name": "CVE-2022-49276", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_scan_medium\n\nIf an error is returned in jffs2_scan_eraseblock() and some memory\nhas been added to the jffs2_summary *s, we can observe the following\nkmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88812b889c40 (size 64):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n 40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.\n 00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................\n backtrace:\n [] __kmalloc+0x613/0x910\n [] jffs2_sum_add_dirent_mem+0x5c/0xa0\n [] jffs2_scan_medium.cold+0x36e5/0x4794\n [] jffs2_do_mount_fs.cold+0xa7/0x2267\n [] jffs2_do_fill_super+0x383/0xc30\n [] jffs2_fill_super+0x2ea/0x4c0\n [] mtd_get_sb+0x254/0x400\n [] mtd_get_sb_by_nr+0x4f/0xd0\n [] get_tree_mtd+0x498/0x840\n [] jffs2_get_tree+0x25/0x30\n [] vfs_get_tree+0x8d/0x2e0\n [] path_mount+0x50f/0x1e50\n [] do_mount+0x107/0x130\n [] __se_sys_mount+0x1c5/0x2f0\n [] __x64_sys_mount+0xc7/0x160\n [] do_syscall_64+0x45/0x70\nunreferenced object 0xffff888114b54840 (size 32):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............\n 00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_add_inode_mem+0x54/0x90\n [] jffs2_scan_medium.cold+0x4481/0x4794\n [...]\nunreferenced object 0xffff888114b57280 (size 32):\n comm \"mount\", pid 692, jiffies 4294838393 (age 34.357s)\n hex dump (first 32 bytes):\n 10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............\n 00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_add_xattr_mem+0x54/0x90\n [] jffs2_scan_medium.cold+0x298c/0x4794\n [...]\nunreferenced object 0xffff8881116cd510 (size 16):\n comm \"mount\", pid 692, jiffies 4294838395 (age 34.355s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_add_xref_mem+0x54/0x90\n [] jffs2_scan_medium.cold+0x3a20/0x4794\n [...]\n--------------------------------------------\n\nTherefore, we should call jffs2_sum_reset_collected(s) on exit to\nrelease the memory added in s. In addition, a new tag \"out_buf\" is\nadded to prevent the NULL pointer reference caused by s being NULL.\n(thanks to Zhang Yi for this analysis)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49276" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53342e8e-33eb-43c3-84bc-8aac58393bff.json b/objects/vulnerability/vulnerability--53342e8e-33eb-43c3-84bc-8aac58393bff.json new file mode 100644 index 00000000000..f22ea19a54b --- /dev/null +++ b/objects/vulnerability/vulnerability--53342e8e-33eb-43c3-84bc-8aac58393bff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cef79541-d461-4ef6-9e42-c5246475c208", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53342e8e-33eb-43c3-84bc-8aac58393bff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.639223Z", + "modified": "2025-02-27T00:38:15.639223Z", + "name": "CVE-2022-49244", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFix this by calling of_node_put() in error handling too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49244" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--536b3060-dfd0-4bd8-b313-788a80516145.json b/objects/vulnerability/vulnerability--536b3060-dfd0-4bd8-b313-788a80516145.json new file mode 100644 index 00000000000..91fcfc36e98 --- /dev/null +++ b/objects/vulnerability/vulnerability--536b3060-dfd0-4bd8-b313-788a80516145.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cdf562a-b377-4d7c-b21d-df1c5593e2db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--536b3060-dfd0-4bd8-b313-788a80516145", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.277761Z", + "modified": "2025-02-27T00:38:15.277761Z", + "name": "CVE-2022-49271", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent bad output lengths in smb2_ioctl_query_info()\n\nWhen calling smb2_ioctl_query_info() with\nsmb_query_info::flags=PASSTHRU_FSCTL and\nsmb_query_info::output_buffer_length=0, the following would return\n0x10\n\n\tbuffer = memdup_user(arg + sizeof(struct smb_query_info),\n\t\t\t qi.output_buffer_length);\n\tif (IS_ERR(buffer)) {\n\t\tkfree(vars);\n\t\treturn PTR_ERR(buffer);\n\t}\n\nrather than a valid pointer thus making IS_ERR() check fail. This\nwould then cause a NULL ptr deference in @buffer when accessing it\nlater in smb2_ioctl_query_ioctl(). While at it, prevent having a\n@buffer smaller than 8 bytes to correctly handle SMB2_SET_INFO\nFileEndOfFileInformation requests when\nsmb_query_info::flags=PASSTHRU_SET_INFO.\n\nHere is a small C reproducer which triggers a NULL ptr in @buffer when\npassing an invalid smb_query_info::flags\n\n\t#include \n\t#include \n\t#include \n\t#include \n\t#include \n\t#include \n\n\t#define die(s) perror(s), exit(1)\n\t#define QUERY_INFO 0xc018cf07\n\n\tint main(int argc, char *argv[])\n\t{\n\t\tint fd;\n\n\t\tif (argc < 2)\n\t\t\texit(1);\n\t\tfd = open(argv[1], O_RDONLY);\n\t\tif (fd == -1)\n\t\t\tdie(\"open\");\n\t\tif (ioctl(fd, QUERY_INFO, (uint32_t[]) { 0, 0, 0, 4, 0, 0}) == -1)\n\t\t\tdie(\"ioctl\");\n\t\tclose(fd);\n\t\treturn 0;\n\t}\n\n\tmount.cifs //srv/share /mnt -o ...\n\tgcc repro.c && ./a.out /mnt/f0\n\n\t[ 114.138620] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\n\t[ 114.139310] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\t[ 114.139775] CPU: 2 PID: 995 Comm: a.out Not tainted 5.17.0-rc8 #1\n\t[ 114.140148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n\t[ 114.140818] RIP: 0010:smb2_ioctl_query_info+0x206/0x410 [cifs]\n\t[ 114.141221] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 c8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 28 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 49 8b 3f e8 58 02 fb ff 48 8b 14 24\n\t[ 114.142348] RSP: 0018:ffffc90000b47b00 EFLAGS: 00010256\n\t[ 114.142692] RAX: dffffc0000000000 RBX: ffff888115503200 RCX: ffffffffa020580d\n\t[ 114.143119] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa043a380\n\t[ 114.143544] RBP: ffff888115503278 R08: 0000000000000001 R09: 0000000000000003\n\t[ 114.143983] R10: fffffbfff4087470 R11: 0000000000000001 R12: ffff888115503288\n\t[ 114.144424] R13: 00000000ffffffea R14: ffff888115503228 R15: 0000000000000000\n\t[ 114.144852] FS: 00007f7aeabdf740(0000) GS:ffff888151600000(0000) knlGS:0000000000000000\n\t[ 114.145338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 114.145692] CR2: 00007f7aeacfdf5e CR3: 000000012000e000 CR4: 0000000000350ee0\n\t[ 114.146131] Call Trace:\n\t[ 114.146291] \n\t[ 114.146432] ? smb2_query_reparse_tag+0x890/0x890 [cifs]\n\t[ 114.146800] ? cifs_mapchar+0x460/0x460 [cifs]\n\t[ 114.147121] ? rcu_read_lock_sched_held+0x3f/0x70\n\t[ 114.147412] ? cifs_strndup_to_utf16+0x15b/0x250 [cifs]\n\t[ 114.147775] ? dentry_path_raw+0xa6/0xf0\n\t[ 114.148024] ? cifs_convert_path_to_utf16+0x198/0x220 [cifs]\n\t[ 114.148413] ? smb2_check_message+0x1080/0x1080 [cifs]\n\t[ 114.148766] ? rcu_read_lock_sched_held+0x3f/0x70\n\t[ 114.149065] cifs_ioctl+0x1577/0x3320 [cifs]\n\t[ 114.149371] ? lock_downgrade+0x6f0/0x6f0\n\t[ 114.149631] ? cifs_readdir+0x2e60/0x2e60 [cifs]\n\t[ 114.149956] ? rcu_read_lock_sched_held+0x3f/0x70\n\t[ 114.150250] ? __rseq_handle_notify_resume+0x80b/0xbe0\n\t[ 114.150562] ? __up_read+0x192/0x710\n\t[ 114.150791] ? __ia32_sys_rseq+0xf0/0xf0\n\t[ 114.151025] ? __x64_sys_openat+0x11f/0x1d0\n\t[ 114.151296] __x64_sys_ioctl+0x127/0x190\n\t[ 114.151549] do_syscall_64+0x3b/0x90\n\t[ 114.151768] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\t[ 114.152079] RIP: 0033:0x7f7aead043df\n\t[ 114.152306] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49271" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53c783a5-d0d3-49f5-be12-c07e68054348.json b/objects/vulnerability/vulnerability--53c783a5-d0d3-49f5-be12-c07e68054348.json new file mode 100644 index 00000000000..7400e98533e --- /dev/null +++ b/objects/vulnerability/vulnerability--53c783a5-d0d3-49f5-be12-c07e68054348.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5d69e2b-fde1-4692-948c-15ac0d43d892", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53c783a5-d0d3-49f5-be12-c07e68054348", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.726613Z", + "modified": "2025-02-27T00:38:15.726613Z", + "name": "CVE-2022-49251", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: va-macro: fix accessing array out of bounds for enum type\n\nAccessing enums using integer would result in array out of bounds access\non platforms like aarch64 where sizeof(long) is 8 compared to enum size\nwhich is 4 bytes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49251" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53ff63b2-f38c-4f7b-b672-339fd8bc1063.json b/objects/vulnerability/vulnerability--53ff63b2-f38c-4f7b-b672-339fd8bc1063.json new file mode 100644 index 00000000000..8fb399c4332 --- /dev/null +++ b/objects/vulnerability/vulnerability--53ff63b2-f38c-4f7b-b672-339fd8bc1063.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27663f27-0945-463f-bac0-63fcbd0d8806", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53ff63b2-f38c-4f7b-b672-339fd8bc1063", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.343641Z", + "modified": "2025-02-27T00:38:15.343641Z", + "name": "CVE-2022-49476", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix kernel crash at mt7921_pci_remove\n\nThe crash log shown it is possible that mt7921_irq_handler is called while\ndevm_free_irq is being handled so mt76_free_device need to be postponed\nuntil devm_free_irq is completed to solve the crash we free the mt76 device\ntoo early.\n\n[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 9299.339705] #PF: supervisor read access in kernel mode\n[ 9299.339735] #PF: error_code(0x0000) - not-present page\n[ 9299.339768] PGD 0 P4D 0\n[ 9299.339786] Oops: 0000 [#1] SMP PTI\n[ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1\n[ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022\n[ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]\n[ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082\n[ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5\n[ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020\n[ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011\n[ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080\n[ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228\n[ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000\n[ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0\n[ 9299.340432] PKRU: 55555554\n[ 9299.340449] Call Trace:\n[ 9299.340467] \n[ 9299.340485] __free_irq+0x221/0x350\n[ 9299.340527] free_irq+0x30/0x70\n[ 9299.340553] devm_free_irq+0x55/0x80\n[ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]\n[ 9299.340616] pci_device_remove+0x3b/0xa0\n[ 9299.340651] __device_release_driver+0x17a/0x240\n[ 9299.340686] device_driver_detach+0x3c/0xa0\n[ 9299.340714] unbind_store+0x113/0x130\n[ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0\n[ 9299.340775] new_sync_write+0x15c/0x1f0\n[ 9299.340806] vfs_write+0x1d2/0x270\n[ 9299.340831] ksys_write+0x67/0xe0\n[ 9299.340857] do_syscall_64+0x3b/0x90\n[ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--541a89f8-558d-41bf-9a3d-84ba2b268d03.json b/objects/vulnerability/vulnerability--541a89f8-558d-41bf-9a3d-84ba2b268d03.json new file mode 100644 index 00000000000..af008034007 --- /dev/null +++ b/objects/vulnerability/vulnerability--541a89f8-558d-41bf-9a3d-84ba2b268d03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b94b8f3-5469-4dcf-aa48-8fbf479b833e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--541a89f8-558d-41bf-9a3d-84ba2b268d03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.758368Z", + "modified": "2025-02-27T00:38:15.758368Z", + "name": "CVE-2022-49445", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()\n\nIt will cause null-ptr-deref when using 'res', if platform_get_resource()\nreturns NULL, so move using 'res' after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5451c178-799e-491c-8785-0af893139516.json b/objects/vulnerability/vulnerability--5451c178-799e-491c-8785-0af893139516.json new file mode 100644 index 00000000000..5035efe5aeb --- /dev/null +++ b/objects/vulnerability/vulnerability--5451c178-799e-491c-8785-0af893139516.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bab31ee3-f2ca-4b52-85bf-04c5c8a673b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5451c178-799e-491c-8785-0af893139516", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.415191Z", + "modified": "2025-02-27T00:38:15.415191Z", + "name": "CVE-2022-49322", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix sleeping function called from invalid context on RT kernel\n\nWhen setting bootparams=\"trace_event=initcall:initcall_start tp_printk=1\" in the\ncmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the\natomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,\nthese locks are replaced with sleepable rt-spinlock, so the stack calltrace will\nbe triggered.\nFix it by raw_spin_lock_irqsave when PREEMPT_RT and \"trace_event=initcall:initcall_start\ntp_printk=1\" enabled.\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0\n preempt_count: 2, expected: 0\n RCU nest depth: 0, expected: 0\n Preemption disabled at:\n [] try_to_wake_up+0x7e/0xba0\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x60/0x8c\n dump_stack+0x10/0x12\n __might_resched.cold+0x11d/0x155\n rt_spin_lock+0x40/0x70\n trace_event_buffer_commit+0x2fa/0x4c0\n ? map_vsyscall+0x93/0x93\n trace_event_raw_event_initcall_start+0xbe/0x110\n ? perf_trace_initcall_finish+0x210/0x210\n ? probe_sched_wakeup+0x34/0x40\n ? ttwu_do_wakeup+0xda/0x310\n ? trace_hardirqs_on+0x35/0x170\n ? map_vsyscall+0x93/0x93\n do_one_initcall+0x217/0x3c0\n ? trace_event_raw_event_initcall_level+0x170/0x170\n ? push_cpu_stop+0x400/0x400\n ? cblist_init_generic+0x241/0x290\n kernel_init_freeable+0x1ac/0x347\n ? _raw_spin_unlock_irq+0x65/0x80\n ? rest_init+0xf0/0xf0\n kernel_init+0x1e/0x150\n ret_from_fork+0x22/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49322" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55b7cde0-b8e7-448f-8793-8578cd1e2bb9.json b/objects/vulnerability/vulnerability--55b7cde0-b8e7-448f-8793-8578cd1e2bb9.json new file mode 100644 index 00000000000..e78ed630816 --- /dev/null +++ b/objects/vulnerability/vulnerability--55b7cde0-b8e7-448f-8793-8578cd1e2bb9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ef5ccd8-8870-451d-bb3a-7ac939134def", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55b7cde0-b8e7-448f-8793-8578cd1e2bb9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.347499Z", + "modified": "2025-02-27T00:38:15.347499Z", + "name": "CVE-2022-49163", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: fix a bug of accessing array out of bounds\n\nWhen error occurs in parsing jpeg, the slot isn't acquired yet, it may\nbe the default value MXC_MAX_SLOTS.\nIf the driver access the slot using the incorrect slot number, it will\naccess array out of bounds.\nThe result is the driver will change num_domains, which follows\nslot_data in struct mxc_jpeg_dev.\nThen the driver won't detach the pm domain at rmmod, which will lead to\nkernel panic when trying to insmod again.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--560ad270-1815-419e-b4d8-21ab04a792fd.json b/objects/vulnerability/vulnerability--560ad270-1815-419e-b4d8-21ab04a792fd.json new file mode 100644 index 00000000000..6c87df1c534 --- /dev/null +++ b/objects/vulnerability/vulnerability--560ad270-1815-419e-b4d8-21ab04a792fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a1b9cb6-98c6-4923-ba27-5d3dce2bb5bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--560ad270-1815-419e-b4d8-21ab04a792fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.186593Z", + "modified": "2025-02-27T00:38:11.186593Z", + "name": "CVE-2021-47660", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()'\n\nAll error handling paths lead to 'out' where many resources are freed.\n\nDo it as well here instead of a direct return, otherwise 'log', 'ra' and\n'log->one_page_buf' (at least) will leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56111008-a542-4883-b941-7d031321538f.json b/objects/vulnerability/vulnerability--56111008-a542-4883-b941-7d031321538f.json new file mode 100644 index 00000000000..43ff3581231 --- /dev/null +++ b/objects/vulnerability/vulnerability--56111008-a542-4883-b941-7d031321538f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94c69703-a02d-4cdf-bbee-dc71ac92b0d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56111008-a542-4883-b941-7d031321538f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.326046Z", + "modified": "2025-02-27T00:38:04.326046Z", + "name": "CVE-2024-6810", + "description": "The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6810" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56a8fcbb-1d07-4604-b0f7-b898c9631c12.json b/objects/vulnerability/vulnerability--56a8fcbb-1d07-4604-b0f7-b898c9631c12.json new file mode 100644 index 00000000000..95d3f0c6653 --- /dev/null +++ b/objects/vulnerability/vulnerability--56a8fcbb-1d07-4604-b0f7-b898c9631c12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--17962b2a-0f41-4bfe-a2bf-e6afa6be49d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56a8fcbb-1d07-4604-b0f7-b898c9631c12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.496707Z", + "modified": "2025-02-27T00:38:15.496707Z", + "name": "CVE-2022-49613", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix PM usage_count for console handover\n\nWhen console is enabled, univ8250_console_setup() calls\nserial8250_console_setup() before .dev is set to uart_port. Therefore,\nit will not call pm_runtime_get_sync(). Later, when the actual driver\nis going to take over univ8250_console_exit() is called. As .dev is\nalready set, serial8250_console_exit() makes pm_runtime_put_sync() call\nwith usage count being zero triggering PM usage count warning\n(extra debug for univ8250_console_setup(), univ8250_console_exit(), and\nserial8250_register_ports()):\n\n[ 0.068987] univ8250_console_setup ttyS0 nodev\n[ 0.499670] printk: console [ttyS0] enabled\n[ 0.717955] printk: console [ttyS0] printing thread started\n[ 1.960163] serial8250_register_ports assigned dev for ttyS0\n[ 1.976830] printk: console [ttyS0] disabled\n[ 1.976888] printk: console [ttyS0] printing thread stopped\n[ 1.977073] univ8250_console_exit ttyS0 usage:0\n[ 1.977075] serial8250 serial8250: Runtime PM usage count underflow!\n[ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A\n[ 1.977812] univ8250_console_setup ttyS0 usage:2\n[ 1.978167] printk: console [ttyS0] printing thread started\n[ 1.978203] printk: console [ttyS0] enabled\n\nTo fix the issue, call pm_runtime_get_sync() in\nserial8250_register_ports() as soon as .dev is set for an uart_port\nif it has console enabled.\n\nThis problem became apparent only recently because 82586a721595 (\"PM:\nruntime: Avoid device usage count underflows\") added the warning\nprintout. I confirmed this problem also occurs with v5.18 (w/o the\nwarning printout, obviously).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49613" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56d3b290-2f28-4707-831f-a06dba2a791b.json b/objects/vulnerability/vulnerability--56d3b290-2f28-4707-831f-a06dba2a791b.json new file mode 100644 index 00000000000..93f40890fd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--56d3b290-2f28-4707-831f-a06dba2a791b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5dd9c97e-3824-4e20-a86c-a1bfc7bcda5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56d3b290-2f28-4707-831f-a06dba2a791b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.403563Z", + "modified": "2025-02-27T00:38:15.403563Z", + "name": "CVE-2022-49168", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clean up repair bio if submit fails\n\nThe submit helper will always run bio_endio() on the bio if it fails to\nsubmit, so cleaning up the bio just leads to a variety of use-after-free\nand NULL pointer dereference bugs because we race with the endio\nfunction that is cleaning up the bio. Instead just return BLK_STS_OK as\nthe repair function has to continue to process the rest of the pages,\nand the endio for the repair bio will do the appropriate cleanup for the\npage that it was given.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49168" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5714d85d-0852-499c-b42a-2e561c78a61d.json b/objects/vulnerability/vulnerability--5714d85d-0852-499c-b42a-2e561c78a61d.json new file mode 100644 index 00000000000..fc222e1be6c --- /dev/null +++ b/objects/vulnerability/vulnerability--5714d85d-0852-499c-b42a-2e561c78a61d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1184b71-48d0-458c-9fcf-e9da85aaf457", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5714d85d-0852-499c-b42a-2e561c78a61d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.127038Z", + "modified": "2025-02-27T00:38:04.127038Z", + "name": "CVE-2024-50691", + "description": "SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50691" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57687335-e478-46d5-ab12-a36ef820a52f.json b/objects/vulnerability/vulnerability--57687335-e478-46d5-ab12-a36ef820a52f.json new file mode 100644 index 00000000000..ab8a7ade1bc --- /dev/null +++ b/objects/vulnerability/vulnerability--57687335-e478-46d5-ab12-a36ef820a52f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2787f35-ca09-4e57-94c3-bfa257f4fa4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57687335-e478-46d5-ab12-a36ef820a52f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.325167Z", + "modified": "2025-02-27T00:38:15.325167Z", + "name": "CVE-2022-49160", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash during module load unload test\n\nDuring purex packet handling the driver was incorrectly freeing a\npre-allocated structure. Fix this by skipping that entry.\n\nSystem crashed with the following stack during a module unload test.\n\nCall Trace:\n\tsbitmap_init_node+0x7f/0x1e0\n\tsbitmap_queue_init_node+0x24/0x150\n\tblk_mq_init_bitmaps+0x3d/0xa0\n\tblk_mq_init_tags+0x68/0x90\n\tblk_mq_alloc_map_and_rqs+0x44/0x120\n\tblk_mq_alloc_set_map_and_rqs+0x63/0x150\n\tblk_mq_alloc_tag_set+0x11b/0x230\n\tscsi_add_host_with_dma.cold+0x3f/0x245\n\tqla2x00_probe_one+0xd5a/0x1b80 [qla2xxx]\n\nCall Trace with slub_debug and debug kernel:\n\tkasan_report_invalid_free+0x50/0x80\n\t__kasan_slab_free+0x137/0x150\n\tslab_free_freelist_hook+0xc6/0x190\n\tkfree+0xe8/0x2e0\n\tqla2x00_free_device+0x3bb/0x5d0 [qla2xxx]\n\tqla2x00_remove_one+0x668/0xcf0 [qla2xxx]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49160" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5836f3d6-a461-4eb5-9a15-965b9dbe7068.json b/objects/vulnerability/vulnerability--5836f3d6-a461-4eb5-9a15-965b9dbe7068.json new file mode 100644 index 00000000000..8a4a66dc4c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--5836f3d6-a461-4eb5-9a15-965b9dbe7068.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99977411-0cdc-4e48-9dca-2c14a70cd214", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5836f3d6-a461-4eb5-9a15-965b9dbe7068", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.330963Z", + "modified": "2025-02-27T00:38:15.330963Z", + "name": "CVE-2022-49553", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: validate BOOT sectors_per_clusters\n\nWhen the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a\nshift value. Make sure that the shift value is not too large before using\nit (NTFS max cluster size is 2MB). Return -EVINVAL if it too large.\n\nThis prevents negative shift values and shift values that are larger than\nthe field size.\n\nPrevents this UBSAN error:\n\n UBSAN: shift-out-of-bounds in ../fs/ntfs3/super.c:673:16\n shift exponent -192 is negative", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49553" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5853c70b-da92-4c40-a8df-2c0a8ba9a4b4.json b/objects/vulnerability/vulnerability--5853c70b-da92-4c40-a8df-2c0a8ba9a4b4.json new file mode 100644 index 00000000000..74694eb9b91 --- /dev/null +++ b/objects/vulnerability/vulnerability--5853c70b-da92-4c40-a8df-2c0a8ba9a4b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cabd5ba3-82ec-4e57-b442-b5335efa2ad5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5853c70b-da92-4c40-a8df-2c0a8ba9a4b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.626663Z", + "modified": "2025-02-27T00:38:15.626663Z", + "name": "CVE-2022-49451", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix list protocols enumeration in the base protocol\n\nWhile enumerating protocols implemented by the SCMI platform using\nBASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is\ncurrently validated in an improper way since the check employs a sum\nbetween unsigned integers that could overflow and cause the check itself\nto be silently bypassed if the returned value 'loop_num_ret' is big\nenough.\n\nFix the validation avoiding the addition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58c50c18-f1cb-4889-b135-2d47bdde441d.json b/objects/vulnerability/vulnerability--58c50c18-f1cb-4889-b135-2d47bdde441d.json new file mode 100644 index 00000000000..db270780c18 --- /dev/null +++ b/objects/vulnerability/vulnerability--58c50c18-f1cb-4889-b135-2d47bdde441d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aeb68f58-dcaa-40ca-ae34-458a58bb8e65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58c50c18-f1cb-4889-b135-2d47bdde441d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.434683Z", + "modified": "2025-02-27T00:38:15.434683Z", + "name": "CVE-2022-49069", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw\n\n[Why]\nBelow general protection fault observed when WebGL Aquarium is run for\nlonger duration. If drm debug logs are enabled and set to 0x1f then the\nissue is observed within 10 minutes of run.\n\n[ 100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI\n[ 100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tainted: G W 5.15.30 #12 d726c6a2d6ebe5cf9223931cbca6892f916fe18b\n[ 100.754419] RIP: 0010:CalculateSwathWidth+0x1f7/0x44f\n[ 100.767109] Code: 00 00 00 f2 42 0f 11 04 f0 48 8b 85 88 00 00 00 f2 42 0f 10 04 f0 48 8b 85 98 00 00 00 f2 42 0f 11 04 f0 48 8b 45 10 0f 57 c0 42 0f 2a 04 b0 0f 57 c9 f3 43 0f 2a 0c b4 e8 8c e2 f3 ff 48 8b\n[ 100.781269] RSP: 0018:ffffa9230079eeb0 EFLAGS: 00010246\n[ 100.812528] RAX: 2d33302d32323032 RBX: 0000000000000500 RCX: 0000000000000000\n[ 100.819656] RDX: 0000000000000001 RSI: ffff99deb712c49c RDI: 0000000000000000\n[ 100.826781] RBP: ffffa9230079ef50 R08: ffff99deb712460c R09: ffff99deb712462c\n[ 100.833907] R10: ffff99deb7124940 R11: ffff99deb7124d70 R12: ffff99deb712ae44\n[ 100.841033] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa9230079f0a0\n[ 100.848159] FS: 00007af121212640(0000) GS:ffff99deba780000(0000) knlGS:0000000000000000\n[ 100.856240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 100.861980] CR2: 0000209000fe1000 CR3: 000000011b18c000 CR4: 0000000000350ee0\n[ 100.869106] Call Trace:\n[ 100.871555] \n[ 100.873655] ? asm_sysvec_reschedule_ipi+0x12/0x20\n[ 100.878449] CalculateSwathAndDETConfiguration+0x1a3/0x6dd\n[ 100.883937] dml31_ModeSupportAndSystemConfigurationFull+0x2ce4/0x76da\n[ 100.890467] ? kallsyms_lookup_buildid+0xc8/0x163\n[ 100.895173] ? kallsyms_lookup_buildid+0xc8/0x163\n[ 100.899874] ? __sprint_symbol+0x80/0x135\n[ 100.903883] ? dm_update_plane_state+0x3f9/0x4d2\n[ 100.908500] ? symbol_string+0xb7/0xde\n[ 100.912250] ? number+0x145/0x29b\n[ 100.915566] ? vsnprintf+0x341/0x5ff\n[ 100.919141] ? desc_read_finalized_seq+0x39/0x87\n[ 100.923755] ? update_load_avg+0x1b9/0x607\n[ 100.927849] ? compute_mst_dsc_configs_for_state+0x7d/0xd5b\n[ 100.933416] ? fetch_pipe_params+0xa4d/0xd0c\n[ 100.937686] ? dc_fpu_end+0x3d/0xa8\n[ 100.941175] dml_get_voltage_level+0x16b/0x180\n[ 100.945619] dcn30_internal_validate_bw+0x10e/0x89b\n[ 100.950495] ? dcn31_validate_bandwidth+0x68/0x1fc\n[ 100.955285] ? resource_build_scaling_params+0x98b/0xb8c\n[ 100.960595] ? dcn31_validate_bandwidth+0x68/0x1fc\n[ 100.965384] dcn31_validate_bandwidth+0x9a/0x1fc\n[ 100.970001] dc_validate_global_state+0x238/0x295\n[ 100.974703] amdgpu_dm_atomic_check+0x9c1/0xbce\n[ 100.979235] ? _printk+0x59/0x73\n[ 100.982467] drm_atomic_check_only+0x403/0x78b\n[ 100.986912] drm_mode_atomic_ioctl+0x49b/0x546\n[ 100.991358] ? drm_ioctl+0x1c1/0x3b3\n[ 100.994936] ? drm_atomic_set_property+0x92a/0x92a\n[ 100.999725] drm_ioctl_kernel+0xdc/0x149\n[ 101.003648] drm_ioctl+0x27f/0x3b3\n[ 101.007051] ? drm_atomic_set_property+0x92a/0x92a\n[ 101.011842] amdgpu_drm_ioctl+0x49/0x7d\n[ 101.015679] __se_sys_ioctl+0x7c/0xb8\n[ 101.015685] do_syscall_64+0x5f/0xb8\n[ 101.015690] ? __irq_exit_rcu+0x34/0x96\n\n[How]\nIt calles populate_dml_pipes which uses doubles to initialize.\nAdding FPU protection avoids context switch and probable loss of vba context\nas there is potential contention while drm debug logs are enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49069" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58c813f1-d8f2-4f3f-a3b5-e35b9f4485f0.json b/objects/vulnerability/vulnerability--58c813f1-d8f2-4f3f-a3b5-e35b9f4485f0.json new file mode 100644 index 00000000000..e819496449c --- /dev/null +++ b/objects/vulnerability/vulnerability--58c813f1-d8f2-4f3f-a3b5-e35b9f4485f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa733a72-d720-4156-9cbd-dce5490a6516", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58c813f1-d8f2-4f3f-a3b5-e35b9f4485f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.667248Z", + "modified": "2025-02-27T00:38:15.667248Z", + "name": "CVE-2022-49231", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw88: fix memory overrun and memory leak during hw_scan\n\nPreviously we allocated less memory than actual required, overwrite\nto the buffer causes the mm module to complaint and raise access\nviolation faults. Along with potential memory leaks when returned\nearly. Fix these by passing the correct size and proper deinit flow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49231" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58f39e10-8a84-4678-aa5b-7b225d108a59.json b/objects/vulnerability/vulnerability--58f39e10-8a84-4678-aa5b-7b225d108a59.json new file mode 100644 index 00000000000..b3ce19da694 --- /dev/null +++ b/objects/vulnerability/vulnerability--58f39e10-8a84-4678-aa5b-7b225d108a59.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ffa4bfc1-4860-415c-b0cb-684f43c3dcb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58f39e10-8a84-4678-aa5b-7b225d108a59", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.611856Z", + "modified": "2025-02-27T00:38:01.611856Z", + "name": "CVE-2024-13633", + "description": "The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59219a07-4fa6-4e55-8ea8-8605980e8f86.json b/objects/vulnerability/vulnerability--59219a07-4fa6-4e55-8ea8-8605980e8f86.json new file mode 100644 index 00000000000..1208c32e07b --- /dev/null +++ b/objects/vulnerability/vulnerability--59219a07-4fa6-4e55-8ea8-8605980e8f86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1736a1c-5e54-42d1-a108-9a022d7f203b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59219a07-4fa6-4e55-8ea8-8605980e8f86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.772903Z", + "modified": "2025-02-27T00:38:15.772903Z", + "name": "CVE-2022-49524", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: Fix the error handling in cx23885_initdev()\n\nWhen the driver fails to call the dma_set_mask(), the driver will get\nthe following splat:\n\n[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240\n[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590\n[ 55.856822] Call Trace:\n[ 55.860327] __process_removed_driver+0x3c/0x240\n[ 55.861347] bus_for_each_dev+0x102/0x160\n[ 55.861681] i2c_del_driver+0x2f/0x50\n\nThis is because the driver has initialized the i2c related resources\nin cx23885_dev_setup() but not released them in error handling, fix this\nbug by modifying the error path that jumps after failing to call the\ndma_set_mask().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49524" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59809b5e-775a-4489-a08c-b013e5ffc244.json b/objects/vulnerability/vulnerability--59809b5e-775a-4489-a08c-b013e5ffc244.json new file mode 100644 index 00000000000..0b215df42df --- /dev/null +++ b/objects/vulnerability/vulnerability--59809b5e-775a-4489-a08c-b013e5ffc244.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33fdce6c-4a34-4c4a-b5d6-d81d35f4a0fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59809b5e-775a-4489-a08c-b013e5ffc244", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.356196Z", + "modified": "2025-02-27T00:38:15.356196Z", + "name": "CVE-2022-49337", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: dlmfs: fix error handling of user_dlm_destroy_lock\n\nWhen user_dlm_destroy_lock failed, it didn't clean up the flags it set\nbefore exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of\nlock is still in used, next time when unlink invokes this function, it\nwill return succeed, and then unlink will remove inode and dentry if lock\nis not in used(file closed), but the dlm lock is still linked in dlm lock\nresource, then when bast come in, it will trigger a panic due to\nuser-after-free. See the following panic call trace. To fix this,\nUSER_LOCK_IN_TEARDOWN should be reverted if fail. And also error should\nbe returned if USER_LOCK_IN_TEARDOWN is set to let user know that unlink\nfail.\n\nFor the case of ocfs2_dlm_unlock failure, besides USER_LOCK_IN_TEARDOWN,\nUSER_LOCK_BUSY is also required to be cleared. Even though spin lock is\nreleased in between, but USER_LOCK_IN_TEARDOWN is still set, for\nUSER_LOCK_BUSY, if before every place that waits on this flag,\nUSER_LOCK_IN_TEARDOWN is checked to bail out, that will make sure no flow\nwaits on the busy flag set by user_dlm_destroy_lock(), then we can\nsimplely revert USER_LOCK_BUSY when ocfs2_dlm_unlock fails. Fix\nuser_dlm_cluster_lock() which is the only function not following this.\n\n[ 941.336392] (python,26174,16):dlmfs_unlink:562 ERROR: unlink\n004fb0000060000b5a90b8c847b72e1, error -16 from destroy\n[ 989.757536] ------------[ cut here ]------------\n[ 989.757709] kernel BUG at fs/ocfs2/dlmfs/userdlm.c:173!\n[ 989.757876] invalid opcode: 0000 [#1] SMP\n[ 989.758027] Modules linked in: ksplice_2zhuk2jr_ib_ipoib_new(O)\nksplice_2zhuk2jr(O) mptctl mptbase xen_netback xen_blkback xen_gntalloc\nxen_gntdev xen_evtchn cdc_ether usbnet mii ocfs2 jbd2 rpcsec_gss_krb5\nauth_rpcgss nfsv4 nfsv3 nfs_acl nfs fscache lockd grace ocfs2_dlmfs\nocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs bnx2fc\nfcoe libfcoe libfc scsi_transport_fc sunrpc ipmi_devintf bridge stp llc\nrds_rdma rds bonding ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad\nrdma_cm ib_cm iw_cm falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE)\nmlx4_vnic falcon_kal(E) falcon_lsm_pinned_13402(E) mlx4_ib ib_sa ib_mad\nib_core ib_addr xenfs xen_privcmd dm_multipath iTCO_wdt iTCO_vendor_support\npcspkr sb_edac edac_core i2c_i801 lpc_ich mfd_core ipmi_ssif i2c_core ipmi_si\nipmi_msghandler\n[ 989.760686] ioatdma sg ext3 jbd mbcache sd_mod ahci libahci ixgbe dca ptp\npps_core vxlan udp_tunnel ip6_udp_tunnel megaraid_sas mlx4_core crc32c_intel\nbe2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio\nlibiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi wmi\ndm_mirror dm_region_hash dm_log dm_mod [last unloaded:\nksplice_2zhuk2jr_ib_ipoib_old]\n[ 989.761987] CPU: 10 PID: 19102 Comm: dlm_thread Tainted: P OE\n4.1.12-124.57.1.el6uek.x86_64 #2\n[ 989.762290] Hardware name: Oracle Corporation ORACLE SERVER\nX5-2/ASM,MOTHERBOARD,1U, BIOS 30350100 06/17/2021\n[ 989.762599] task: ffff880178af6200 ti: ffff88017f7c8000 task.ti:\nffff88017f7c8000\n[ 989.762848] RIP: e030:[] []\n__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]\n[ 989.763185] RSP: e02b:ffff88017f7cbcb8 EFLAGS: 00010246\n[ 989.763353] RAX: 0000000000000000 RBX: ffff880174d48008 RCX:\n0000000000000003\n[ 989.763565] RDX: 0000000000120012 RSI: 0000000000000003 RDI:\nffff880174d48170\n[ 989.763778] RBP: ffff88017f7cbcc8 R08: ffff88021f4293b0 R09:\n0000000000000000\n[ 989.763991] R10: ffff880179c8c000 R11: 0000000000000003 R12:\nffff880174d48008\n[ 989.764204] R13: 0000000000000003 R14: ffff880179c8c000 R15:\nffff88021db7a000\n[ 989.764422] FS: 0000000000000000(0000) GS:ffff880247480000(0000)\nknlGS:ffff880247480000\n[ 989.764685] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 989.764865] CR2: ffff8000007f6800 CR3: 0000000001ae0000 CR4:\n0000000000042660\n[ 989.765081] Stack:\n[ 989.765167] 00000000000\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49337" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59c438be-be33-438f-a127-99e7577262e1.json b/objects/vulnerability/vulnerability--59c438be-be33-438f-a127-99e7577262e1.json new file mode 100644 index 00000000000..7bb6623e2e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--59c438be-be33-438f-a127-99e7577262e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ab0dece-2ffb-4c48-a7b9-85c95d234cff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59c438be-be33-438f-a127-99e7577262e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.199516Z", + "modified": "2025-02-27T00:38:11.199516Z", + "name": "CVE-2021-47651", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: rpmpd: Check for null return of devm_kcalloc\n\nBecause of the possible failure of the allocation, data->domains might\nbe NULL pointer and will cause the dereference of the NULL pointer\nlater.\nTherefore, it might be better to check it and directly return -ENOMEM\nwithout releasing data manually if fails, because the comment of the\ndevm_kmalloc() says \"Memory allocated with this function is\nautomatically freed on driver detach.\".", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59ee0e20-89c5-4ae2-bc67-ec7f8a4e3b80.json b/objects/vulnerability/vulnerability--59ee0e20-89c5-4ae2-bc67-ec7f8a4e3b80.json new file mode 100644 index 00000000000..a11b60ea5a5 --- /dev/null +++ b/objects/vulnerability/vulnerability--59ee0e20-89c5-4ae2-bc67-ec7f8a4e3b80.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6842bb05-bf88-458e-b9be-f9ab589e6713", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59ee0e20-89c5-4ae2-bc67-ec7f8a4e3b80", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.646617Z", + "modified": "2025-02-27T00:38:15.646617Z", + "name": "CVE-2022-49138", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Ignore multiple conn complete events\n\nWhen one of the three connection complete events is received multiple\ntimes for the same handle, the device is registered multiple times which\nleads to memory corruptions. Therefore, consequent events for a single\nconnection are ignored.\n\nThe conn->state can hold different values, therefore HCI_CONN_HANDLE_UNSET\nis introduced to identify new connections. To make sure the events do not\ncontain this or another invalid handle HCI_CONN_HANDLE_MAX and checks\nare introduced.\n\nBuglink: https://bugzilla.kernel.org/show_bug.cgi?id=215497", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59f937f8-41e7-4a5b-85c4-fbc2622197c7.json b/objects/vulnerability/vulnerability--59f937f8-41e7-4a5b-85c4-fbc2622197c7.json new file mode 100644 index 00000000000..a6a4c1902c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--59f937f8-41e7-4a5b-85c4-fbc2622197c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a57e6db9-1808-417d-98fd-bec65c621dec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59f937f8-41e7-4a5b-85c4-fbc2622197c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.608575Z", + "modified": "2025-02-27T00:38:15.608575Z", + "name": "CVE-2022-49459", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe\n\nplatform_get_resource() may return NULL, add proper check to\navoid potential NULL dereferencing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49459" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5adeffc8-a0b4-4b9b-a050-9c8d5448d5b6.json b/objects/vulnerability/vulnerability--5adeffc8-a0b4-4b9b-a050-9c8d5448d5b6.json new file mode 100644 index 00000000000..b12772e541a --- /dev/null +++ b/objects/vulnerability/vulnerability--5adeffc8-a0b4-4b9b-a050-9c8d5448d5b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f18da9d9-035c-480d-b41c-a3cce6731232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5adeffc8-a0b4-4b9b-a050-9c8d5448d5b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.430856Z", + "modified": "2025-02-27T00:38:15.430856Z", + "name": "CVE-2022-49246", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: atmel: Fix error handling in snd_proto_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFix this by calling of_node_put() in error handling too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49246" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bb0eb2b-0b93-48a9-84e2-325ccd41f077.json b/objects/vulnerability/vulnerability--5bb0eb2b-0b93-48a9-84e2-325ccd41f077.json new file mode 100644 index 00000000000..ab5d76bc005 --- /dev/null +++ b/objects/vulnerability/vulnerability--5bb0eb2b-0b93-48a9-84e2-325ccd41f077.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--476c929b-682c-47ad-bff1-850ecc413286", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bb0eb2b-0b93-48a9-84e2-325ccd41f077", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.414168Z", + "modified": "2025-02-27T00:38:15.414168Z", + "name": "CVE-2022-49488", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected\n\nThere is a possibility for mdp5_get_global_state to return\n-EDEADLK when acquiring the modeset lock, but currently global_state in\nmdp5_mixer_release doesn't check for if an error is returned.\n\nTo avoid a NULL dereference error, let's have mdp5_mixer_release\ncheck if an error is returned and propagate that error.\n\nPatchwork: https://patchwork.freedesktop.org/patch/485181/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ca9a946-ac4d-4e59-a7e1-eb2ada51b1f0.json b/objects/vulnerability/vulnerability--5ca9a946-ac4d-4e59-a7e1-eb2ada51b1f0.json new file mode 100644 index 00000000000..0212e0a1220 --- /dev/null +++ b/objects/vulnerability/vulnerability--5ca9a946-ac4d-4e59-a7e1-eb2ada51b1f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cb9d951-7b9d-4730-9371-b059abf7b434", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ca9a946-ac4d-4e59-a7e1-eb2ada51b1f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.753652Z", + "modified": "2025-02-27T00:38:15.753652Z", + "name": "CVE-2022-49256", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Actually free the watch\n\nfree_watch() does everything barring actually freeing the watch object. Fix\nthis by adding the missing kfree.\n\nkmemleak produces a report something like the following. Note that as an\naddress can be seen in the first word, the watch would appear to have gone\nthrough call_rcu().\n\nBUG: memory leak\nunreferenced object 0xffff88810ce4a200 (size 96):\n comm \"syz-executor352\", pid 3605, jiffies 4294947473 (age 13.720s)\n hex dump (first 32 bytes):\n e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H.............\n 80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kmalloc include/linux/slab.h:581 [inline]\n [] kzalloc include/linux/slab.h:714 [inline]\n [] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800\n [] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016\n [] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [] entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d177ca8-9062-4aca-bf3a-b0b768c8839a.json b/objects/vulnerability/vulnerability--5d177ca8-9062-4aca-bf3a-b0b768c8839a.json new file mode 100644 index 00000000000..d49b77f5cf8 --- /dev/null +++ b/objects/vulnerability/vulnerability--5d177ca8-9062-4aca-bf3a-b0b768c8839a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7fca3c20-f4d4-4ea2-ae4c-0df0f6ae4827", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d177ca8-9062-4aca-bf3a-b0b768c8839a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.304928Z", + "modified": "2025-02-27T00:38:15.304928Z", + "name": "CVE-2022-49079", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone\n\nbtrfs_can_activate_zone() can be called with the device_list_mutex already\nheld, which will lead to a deadlock:\n\ninsert_dev_extents() // Takes device_list_mutex\n`-> insert_dev_extent()\n `-> btrfs_insert_empty_item()\n `-> btrfs_insert_empty_items()\n `-> btrfs_search_slot()\n `-> btrfs_cow_block()\n `-> __btrfs_cow_block()\n `-> btrfs_alloc_tree_block()\n `-> btrfs_reserve_extent()\n `-> find_free_extent()\n `-> find_free_extent_update_loop()\n `-> can_allocate_chunk()\n `-> btrfs_can_activate_zone() // Takes device_list_mutex again\n\nInstead of using the RCU on fs_devices->device_list we\ncan use fs_devices->alloc_list, protected by the chunk_mutex to traverse\nthe list of active devices.\n\nWe are in the chunk allocation thread. The newer chunk allocation\nhappens from the devices in the fs_device->alloc_list protected by the\nchunk_mutex.\n\n btrfs_create_chunk()\n lockdep_assert_held(&info->chunk_mutex);\n gather_device_info\n list_for_each_entry(device, &fs_devices->alloc_list, dev_alloc_list)\n\nAlso, a device that reappears after the mount won't join the alloc_list\nyet and, it will be in the dev_list, which we don't want to consider in\nthe context of the chunk alloc.\n\n [15.166572] WARNING: possible recursive locking detected\n [15.167117] 5.17.0-rc6-dennis #79 Not tainted\n [15.167487] --------------------------------------------\n [15.167733] kworker/u8:3/146 is trying to acquire lock:\n [15.167733] ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: find_free_extent+0x15a/0x14f0 [btrfs]\n [15.167733]\n [15.167733] but task is already holding lock:\n [15.167733] ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_create_pending_block_groups+0x20a/0x560 [btrfs]\n [15.167733]\n [15.167733] other info that might help us debug this:\n [15.167733] Possible unsafe locking scenario:\n [15.167733]\n [15.171834] CPU0\n [15.171834] ----\n [15.171834] lock(&fs_devs->device_list_mutex);\n [15.171834] lock(&fs_devs->device_list_mutex);\n [15.171834]\n [15.171834] *** DEADLOCK ***\n [15.171834]\n [15.171834] May be due to missing lock nesting notation\n [15.171834]\n [15.171834] 5 locks held by kworker/u8:3/146:\n [15.171834] #0: ffff888100050938 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1c3/0x5a0\n [15.171834] #1: ffffc9000067be80 ((work_completion)(&fs_info->async_data_reclaim_work)){+.+.}-{0:0}, at: process_one_work+0x1c3/0x5a0\n [15.176244] #2: ffff88810521e620 (sb_internal){.+.+}-{0:0}, at: flush_space+0x335/0x600 [btrfs]\n [15.176244] #3: ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_create_pending_block_groups+0x20a/0x560 [btrfs]\n [15.176244] #4: ffff8881152e4b78 (btrfs-dev-00){++++}-{3:3}, at: __btrfs_tree_lock+0x27/0x130 [btrfs]\n [15.179641]\n [15.179641] stack backtrace:\n [15.179641] CPU: 1 PID: 146 Comm: kworker/u8:3 Not tainted 5.17.0-rc6-dennis #79\n [15.179641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1.fc35 04/01/2014\n [15.179641] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]\n [15.179641] Call Trace:\n [15.179641] \n [15.179641] dump_stack_lvl+0x45/0x59\n [15.179641] __lock_acquire.cold+0x217/0x2b2\n [15.179641] lock_acquire+0xbf/0x2b0\n [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs]\n [15.183838] __mutex_lock+0x8e/0x970\n [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs]\n [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs]\n [15.183838] ? lock_is_held_type+0xd7/0x130\n [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs]\n [15.183838] find_free_extent+0x15a/0x14f0 [btrfs]\n [15.183838] ? _raw_spin_unlock+0x24/0x40\n [15.183838] ? btrfs_get_alloc_profile+0x106/0x230 [btrfs]\n [15.187601] btrfs_reserve_extent+0x131/0x260 [btrfs]\n [15.\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49079" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5dab70e2-06c7-4af0-86ba-2e5c54f3b5c4.json b/objects/vulnerability/vulnerability--5dab70e2-06c7-4af0-86ba-2e5c54f3b5c4.json new file mode 100644 index 00000000000..cc32bd527ae --- /dev/null +++ b/objects/vulnerability/vulnerability--5dab70e2-06c7-4af0-86ba-2e5c54f3b5c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ae69a4c-f876-462d-811f-94f2fd504554", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5dab70e2-06c7-4af0-86ba-2e5c54f3b5c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.298018Z", + "modified": "2025-02-27T00:38:15.298018Z", + "name": "CVE-2022-49494", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()\n\nIt will cause null-ptr-deref when using 'res', if platform_get_resource()\nreturns NULL, so move using 'res' after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e13a420-5c5e-4008-a46c-2df7011ed044.json b/objects/vulnerability/vulnerability--5e13a420-5c5e-4008-a46c-2df7011ed044.json new file mode 100644 index 00000000000..c78212bc04b --- /dev/null +++ b/objects/vulnerability/vulnerability--5e13a420-5c5e-4008-a46c-2df7011ed044.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f88dd744-9d47-475a-94ee-0609f7f8abbf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e13a420-5c5e-4008-a46c-2df7011ed044", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.752747Z", + "modified": "2025-02-27T00:38:15.752747Z", + "name": "CVE-2022-49549", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/MCE/AMD: Fix memory leak when threshold_create_bank() fails\n\nIn mce_threshold_create_device(), if threshold_create_bank() fails, the\npreviously allocated threshold banks array @bp will be leaked because\nthe call to mce_threshold_remove_device() will not free it.\n\nThis happens because mce_threshold_remove_device() fetches the pointer\nthrough the threshold_banks per-CPU variable but bp is written there\nonly after the bank creation is successful, and not before, when\nthreshold_create_bank() fails.\n\nAdd a helper which unwinds all the bank creation work previously done\nand pass into it the previously allocated threshold banks array for\nfreeing.\n\n [ bp: Massage. ]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49549" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e4dc561-6d0f-4573-a7aa-952dde9b8e08.json b/objects/vulnerability/vulnerability--5e4dc561-6d0f-4573-a7aa-952dde9b8e08.json new file mode 100644 index 00000000000..be7fb9408f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e4dc561-6d0f-4573-a7aa-952dde9b8e08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef6b7f65-79a2-4118-961d-a1650bc2a102", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e4dc561-6d0f-4573-a7aa-952dde9b8e08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.515556Z", + "modified": "2025-02-27T00:38:15.515556Z", + "name": "CVE-2022-49543", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix the warning of dev_wake in mhi_pm_disable_transition()\n\nWhen test device recovery with below command, it has warning in message\nas below.\necho assert > /sys/kernel/debug/ath11k/wcn6855\\ hw2.0/simulate_fw_crash\necho assert > /sys/kernel/debug/ath11k/qca6390\\ hw2.0/simulate_fw_crash\n\nwarning message:\n[ 1965.642121] ath11k_pci 0000:06:00.0: simulating firmware assert crash\n[ 1968.471364] ieee80211 phy0: Hardware restart was requested\n[ 1968.511305] ------------[ cut here ]------------\n[ 1968.511368] WARNING: CPU: 3 PID: 1546 at drivers/bus/mhi/core/pm.c:505 mhi_pm_disable_transition+0xb37/0xda0 [mhi]\n[ 1968.511443] Modules linked in: ath11k_pci ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core\n[ 1968.511563] CPU: 3 PID: 1546 Comm: kworker/u17:0 Kdump: loaded Tainted: G W 5.17.0-rc3-wt-ath+ #579\n[ 1968.511629] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\n[ 1968.511704] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]\n[ 1968.511787] RIP: 0010:mhi_pm_disable_transition+0xb37/0xda0 [mhi]\n[ 1968.511870] Code: a9 fe ff ff 4c 89 ff 44 89 04 24 e8 03 46 f6 e5 44 8b 04 24 41 83 f8 01 0f 84 21 fe ff ff e9 4c fd ff ff 0f 0b e9 af f8 ff ff <0f> 0b e9 5c f8 ff ff 48 89 df e8 da 9e ee e3 e9 12 fd ff ff 4c 89\n[ 1968.511923] RSP: 0018:ffffc900024efbf0 EFLAGS: 00010286\n[ 1968.511969] RAX: 00000000ffffffff RBX: ffff88811d241250 RCX: ffffffffc0176922\n[ 1968.512014] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888118a90a24\n[ 1968.512059] RBP: ffff888118a90800 R08: 0000000000000000 R09: ffff888118a90a27\n[ 1968.512102] R10: ffffed1023152144 R11: 0000000000000001 R12: ffff888118a908ac\n[ 1968.512229] R13: ffff888118a90928 R14: dffffc0000000000 R15: ffff888118a90a24\n[ 1968.512310] FS: 0000000000000000(0000) GS:ffff888234200000(0000) knlGS:0000000000000000\n[ 1968.512405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1968.512493] CR2: 00007f5538f443a8 CR3: 000000016dc28001 CR4: 00000000003706e0\n[ 1968.512587] Call Trace:\n[ 1968.512672] \n[ 1968.512751] ? _raw_spin_unlock_irq+0x1f/0x40\n[ 1968.512859] mhi_pm_st_worker+0x3ac/0x790 [mhi]\n[ 1968.512959] ? mhi_pm_mission_mode_transition.isra.0+0x7d0/0x7d0 [mhi]\n[ 1968.513063] process_one_work+0x86a/0x1400\n[ 1968.513184] ? pwq_dec_nr_in_flight+0x230/0x230\n[ 1968.513312] ? move_linked_works+0x125/0x290\n[ 1968.513416] worker_thread+0x6db/0xf60\n[ 1968.513536] ? process_one_work+0x1400/0x1400\n[ 1968.513627] kthread+0x241/0x2d0\n[ 1968.513733] ? kthread_complete_and_exit+0x20/0x20\n[ 1968.513821] ret_from_fork+0x22/0x30\n[ 1968.513924] \n\nReason is mhi_deassert_dev_wake() from mhi_device_put() is called\nbut mhi_assert_dev_wake() from __mhi_device_get_sync() is not called\nin progress of recovery. Commit 8e0559921f9a (\"bus: mhi: core:\nSkip device wake in error or shutdown state\") add check for the\npm_state of mhi in __mhi_device_get_sync(), and the pm_state is not\nthe normal state untill recovery is completed, so it leads the\ndev_wake is not 0 and above warning print in mhi_pm_disable_transition()\nwhile checking mhi_cntrl->dev_wake.\n\nAdd check in ath11k_pci_write32()/ath11k_pci_read32() to skip call\nmhi_device_put() if mhi_device_get_sync() does not really do wake,\nthen the warning gone.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e7d9f49-28b0-4a78-91a3-1c422a8938dc.json b/objects/vulnerability/vulnerability--5e7d9f49-28b0-4a78-91a3-1c422a8938dc.json new file mode 100644 index 00000000000..2aa80dfb5e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e7d9f49-28b0-4a78-91a3-1c422a8938dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cd7f4a8-a895-429c-848e-2ce9d3a18161", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e7d9f49-28b0-4a78-91a3-1c422a8938dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.910201Z", + "modified": "2025-02-27T00:38:01.910201Z", + "name": "CVE-2024-57040", + "description": "TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5eb6a991-c65d-48fe-8a41-d52a5a8cfe2d.json b/objects/vulnerability/vulnerability--5eb6a991-c65d-48fe-8a41-d52a5a8cfe2d.json new file mode 100644 index 00000000000..3aca63d0f62 --- /dev/null +++ b/objects/vulnerability/vulnerability--5eb6a991-c65d-48fe-8a41-d52a5a8cfe2d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6810f2e-0c11-44fe-8d0f-ac2995f0914b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5eb6a991-c65d-48fe-8a41-d52a5a8cfe2d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.478526Z", + "modified": "2025-02-27T00:38:15.478526Z", + "name": "CVE-2022-49269", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: sanitize CAN ID checks in isotp_bind()\n\nSyzbot created an environment that lead to a state machine status that\ncan not be reached with a compliant CAN ID address configuration.\nThe provided address information consisted of CAN ID 0x6000001 and 0xC28001\nwhich both boil down to 11 bit CAN IDs 0x001 in sending and receiving.\n\nSanitize the SFF/EFF CAN ID values before performing the address checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49269" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f163387-fc20-4a79-bc38-b8c7a70761fe.json b/objects/vulnerability/vulnerability--5f163387-fc20-4a79-bc38-b8c7a70761fe.json new file mode 100644 index 00000000000..0dfbbdd8e0b --- /dev/null +++ b/objects/vulnerability/vulnerability--5f163387-fc20-4a79-bc38-b8c7a70761fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5bf551e3-40a9-4a2f-8430-cb316ff34809", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f163387-fc20-4a79-bc38-b8c7a70761fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.437743Z", + "modified": "2025-02-27T00:38:15.437743Z", + "name": "CVE-2022-49146", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: use virtio_device_ready() in virtio_device_restore()\n\nAfter waking up a suspended VM, the kernel prints the following trace\nfor virtio drivers which do not directly call virtio_device_ready() in\nthe .restore:\n\n PM: suspend exit\n irq 22: nobody cared (try booting with the \"irqpoll\" option)\n Call Trace:\n \n dump_stack_lvl+0x38/0x49\n dump_stack+0x10/0x12\n __report_bad_irq+0x3a/0xaf\n note_interrupt.cold+0xb/0x60\n handle_irq_event+0x71/0x80\n handle_fasteoi_irq+0x95/0x1e0\n __common_interrupt+0x6b/0x110\n common_interrupt+0x63/0xe0\n asm_common_interrupt+0x1e/0x40\n ? __do_softirq+0x75/0x2f3\n irq_exit_rcu+0x93/0xe0\n sysvec_apic_timer_interrupt+0xac/0xd0\n \n \n asm_sysvec_apic_timer_interrupt+0x12/0x20\n arch_cpu_idle+0x12/0x20\n default_idle_call+0x39/0xf0\n do_idle+0x1b5/0x210\n cpu_startup_entry+0x20/0x30\n start_secondary+0xf3/0x100\n secondary_startup_64_no_verify+0xc3/0xcb\n \n handlers:\n [<000000008f9bac49>] vp_interrupt\n [<000000008f9bac49>] vp_interrupt\n Disabling IRQ #22\n\nThis happens because we don't invoke .enable_cbs callback in\nvirtio_device_restore(). That callback is used by some transports\n(e.g. virtio-pci) to enable interrupts.\n\nLet's fix it, by calling virtio_device_ready() as we do in\nvirtio_dev_probe(). This function calls .enable_cts callback and sets\nDRIVER_OK status bit.\n\nThis fix also avoids setting DRIVER_OK twice for those drivers that\ncall virtio_device_ready() in the .restore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f41a46e-4ad4-419c-aa35-9a9ab8e5ba0b.json b/objects/vulnerability/vulnerability--5f41a46e-4ad4-419c-aa35-9a9ab8e5ba0b.json new file mode 100644 index 00000000000..47111526273 --- /dev/null +++ b/objects/vulnerability/vulnerability--5f41a46e-4ad4-419c-aa35-9a9ab8e5ba0b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d805724-73b1-4b40-8989-237dbbbe67dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f41a46e-4ad4-419c-aa35-9a9ab8e5ba0b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.439575Z", + "modified": "2025-02-27T00:38:15.439575Z", + "name": "CVE-2022-49239", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\nThis is similar to commit 64b92de9603f\n(\"ASoC: wcd9335: fix a leaked reference by adding missing of_node_put\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5fd1e609-42f7-42f6-b6c2-0ad205c896a8.json b/objects/vulnerability/vulnerability--5fd1e609-42f7-42f6-b6c2-0ad205c896a8.json new file mode 100644 index 00000000000..a0537aa87c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--5fd1e609-42f7-42f6-b6c2-0ad205c896a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a782aea8-4cd1-4583-9dae-df8609d04a25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5fd1e609-42f7-42f6-b6c2-0ad205c896a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.686875Z", + "modified": "2025-02-27T00:38:15.686875Z", + "name": "CVE-2022-49272", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock\n\nsyzbot caught a potential deadlock between the PCM\nruntime->buffer_mutex and the mm->mmap_lock. It was brought by the\nrecent fix to cover the racy read/write and other ioctls, and in that\ncommit, I overlooked a (hopefully only) corner case that may take the\nrevert lock, namely, the OSS mmap. The OSS mmap operation\nexceptionally allows to re-configure the parameters inside the OSS\nmmap syscall, where mm->mmap_mutex is already held. Meanwhile, the\ncopy_from/to_user calls at read/write operations also take the\nmm->mmap_lock internally, hence it may lead to a AB/BA deadlock.\n\nA similar problem was already seen in the past and we fixed it with a\nrefcount (in commit b248371628aa). The former fix covered only the\ncall paths with OSS read/write and OSS ioctls, while we need to cover\nthe concurrent access via both ALSA and OSS APIs now.\n\nThis patch addresses the problem above by replacing the buffer_mutex\nlock in the read/write operations with a refcount similar as we've\nused for OSS. The new field, runtime->buffer_accessing, keeps the\nnumber of concurrent read/write operations. Unlike the former\nbuffer_mutex protection, this protects only around the\ncopy_from/to_user() calls; the other codes are basically protected by\nthe PCM stream lock. The refcount can be a negative, meaning blocked\nby the ioctls. If a negative value is seen, the read/write aborts\nwith -EBUSY. In the ioctl side, OTOH, they check this refcount, too,\nand set to a negative value for blocking unless it's already being\naccessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49272" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60bbf970-2daa-4d59-8c07-babf7450ec1e.json b/objects/vulnerability/vulnerability--60bbf970-2daa-4d59-8c07-babf7450ec1e.json new file mode 100644 index 00000000000..f671b19a1c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--60bbf970-2daa-4d59-8c07-babf7450ec1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--809f815d-d7a9-43f6-9c06-b136e8a4d6d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60bbf970-2daa-4d59-8c07-babf7450ec1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.928213Z", + "modified": "2025-02-27T00:38:07.928213Z", + "name": "CVE-2025-20161", + "description": "A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. \r\nNote: Administrators should validate the hash of any software image before installation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20161" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6125651e-e73e-4dba-8b39-6cdb53031aad.json b/objects/vulnerability/vulnerability--6125651e-e73e-4dba-8b39-6cdb53031aad.json new file mode 100644 index 00000000000..7cd76013a1b --- /dev/null +++ b/objects/vulnerability/vulnerability--6125651e-e73e-4dba-8b39-6cdb53031aad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--731d301b-ee06-4fd8-95af-54a2819ab7cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6125651e-e73e-4dba-8b39-6cdb53031aad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.468094Z", + "modified": "2025-02-27T00:38:15.468094Z", + "name": "CVE-2022-49437", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: Fix refcount leak in xive_spapr_init\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61335db0-e13e-4277-8560-d766ea6be959.json b/objects/vulnerability/vulnerability--61335db0-e13e-4277-8560-d766ea6be959.json new file mode 100644 index 00000000000..b8a736532f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--61335db0-e13e-4277-8560-d766ea6be959.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3f8978f-5ee2-49e2-9d2e-ba51483b220e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61335db0-e13e-4277-8560-d766ea6be959", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.28852Z", + "modified": "2025-02-27T00:38:15.28852Z", + "name": "CVE-2022-49315", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()\n\nThere is a deadlock in rtllib_beacons_stop(), which is shown\nbelow:\n\n (Thread 1) | (Thread 2)\n | rtllib_send_beacon()\nrtllib_beacons_stop() | mod_timer()\n spin_lock_irqsave() //(1) | (wait a time)\n ... | rtllib_send_beacon_cb()\n del_timer_sync() | spin_lock_irqsave() //(2)\n (wait timer to stop) | ...\n\nWe hold ieee->beacon_lock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need ieee->beacon_lock in position (2) of thread 2.\nAs a result, rtllib_beacons_stop() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_irqsave(), which could let timer handler to obtain\nthe needed lock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49315" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61d85dcc-7aae-4da7-a7c0-aedfeb36df62.json b/objects/vulnerability/vulnerability--61d85dcc-7aae-4da7-a7c0-aedfeb36df62.json new file mode 100644 index 00000000000..f316dd29615 --- /dev/null +++ b/objects/vulnerability/vulnerability--61d85dcc-7aae-4da7-a7c0-aedfeb36df62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1d6318f-dac3-482d-875f-f00d65c9003b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61d85dcc-7aae-4da7-a7c0-aedfeb36df62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.501336Z", + "modified": "2025-02-27T00:38:15.501336Z", + "name": "CVE-2022-49089", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition\n\nThe documentation of the function rvt_error_qp says both r_lock and s_lock\nneed to be held when calling that function. It also asserts using lockdep\nthat both of those locks are held. However, the commit I referenced in\nFixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no\nlonger covered by r_lock. This results in the lockdep assertion failing\nand also possibly in a race condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49089" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61eddd9a-b2c5-4b93-b404-16b7b8e0e449.json b/objects/vulnerability/vulnerability--61eddd9a-b2c5-4b93-b404-16b7b8e0e449.json new file mode 100644 index 00000000000..e8a37f418d5 --- /dev/null +++ b/objects/vulnerability/vulnerability--61eddd9a-b2c5-4b93-b404-16b7b8e0e449.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a38c3c0-46b8-44fc-9890-d8fc6a888111", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61eddd9a-b2c5-4b93-b404-16b7b8e0e449", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.238986Z", + "modified": "2025-02-27T00:38:11.238986Z", + "name": "CVE-2021-47633", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = &chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62265c12-52f3-4b67-8eee-3d35f8d347a5.json b/objects/vulnerability/vulnerability--62265c12-52f3-4b67-8eee-3d35f8d347a5.json new file mode 100644 index 00000000000..e1bb585e7dd --- /dev/null +++ b/objects/vulnerability/vulnerability--62265c12-52f3-4b67-8eee-3d35f8d347a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf0db40d-4bb9-421d-ac80-1dfa77ade0e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62265c12-52f3-4b67-8eee-3d35f8d347a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.442387Z", + "modified": "2025-02-27T00:38:15.442387Z", + "name": "CVE-2022-49075", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve overflow the qgroup limit\n\nWe use extent_changeset->bytes_changed in qgroup_reserve_data() to record\nhow many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the\nbytes_changed is set as \"unsigned int\", and it will overflow if we try to\nfallocate a range larger than 4GiB. The result is we reserve less bytes\nand eventually break the qgroup limit.\n\nUnlike regular buffered/direct write, which we use one changeset for\neach ordered extent, which can never be larger than 256M. For\nfallocate, we use one changeset for the whole range, thus it no longer\nrespects the 256M per extent limit, and caused the problem.\n\nThe following example test script reproduces the problem:\n\n $ cat qgroup-overflow.sh\n #!/bin/bash\n\n DEV=/dev/sdj\n MNT=/mnt/sdj\n\n mkfs.btrfs -f $DEV\n mount $DEV $MNT\n\n # Set qgroup limit to 2GiB.\n btrfs quota enable $MNT\n btrfs qgroup limit 2G $MNT\n\n # Try to fallocate a 3GiB file. This should fail.\n echo\n echo \"Try to fallocate a 3GiB file...\"\n fallocate -l 3G $MNT/3G.file\n\n # Try to fallocate a 5GiB file.\n echo\n echo \"Try to fallocate a 5GiB file...\"\n fallocate -l 5G $MNT/5G.file\n\n # See we break the qgroup limit.\n echo\n sync\n btrfs qgroup show -r $MNT\n\n umount $MNT\n\nWhen running the test:\n\n $ ./qgroup-overflow.sh\n (...)\n\n Try to fallocate a 3GiB file...\n fallocate: fallocate failed: Disk quota exceeded\n\n Try to fallocate a 5GiB file...\n\n qgroupid         rfer         excl     max_rfer\n --------         ----         ----     --------\n 0/5           5.00GiB      5.00GiB      2.00GiB\n\nSince we have no control of how bytes_changed is used, it's better to\nset it to u64.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49075" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--627043a1-4278-41b7-b366-bf259de6d558.json b/objects/vulnerability/vulnerability--627043a1-4278-41b7-b366-bf259de6d558.json new file mode 100644 index 00000000000..317e9c8550d --- /dev/null +++ b/objects/vulnerability/vulnerability--627043a1-4278-41b7-b366-bf259de6d558.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e11f201e-2dfa-4b7e-8908-d7d18b9fbce3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--627043a1-4278-41b7-b366-bf259de6d558", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.263772Z", + "modified": "2025-02-27T00:38:15.263772Z", + "name": "CVE-2022-49522", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: jz4740: Apply DMA engine limits to maximum segment size\n\nDo what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and\nlimit the maximum segment size based on the DMA engine's capabilities. This\nis needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c\nDMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]\nCPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19\nWorkqueue: kblockd blk_mq_run_work_fn\nStack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac\n 814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444\n 00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62\n 6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009\n 805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000\n ...\nCall Trace:\n[<80107670>] show_stack+0x84/0x120\n[<80528cd8>] __warn+0xb8/0xec\n[<80528d78>] warn_slowpath_fmt+0x6c/0xb8\n[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c\n[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118\n[<8016a27c>] dma_map_sg_attrs+0x14/0x28\n[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4\n[<804f6714>] jz4740_mmc_pre_request+0x30/0x54\n[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc\n[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4\n[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664\n[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370\n[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164\n[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94\n[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc\n[<80134c14>] process_one_work+0x1b8/0x264\n[<80134ff8>] worker_thread+0x2ec/0x3b8\n[<8013b13c>] kthread+0x104/0x10c\n[<80101dcc>] ret_from_kernel_thread+0x14/0x1c\n\n---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49522" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62c2c362-4693-4bb0-968b-856c1079b36a.json b/objects/vulnerability/vulnerability--62c2c362-4693-4bb0-968b-856c1079b36a.json new file mode 100644 index 00000000000..0e3285f50da --- /dev/null +++ b/objects/vulnerability/vulnerability--62c2c362-4693-4bb0-968b-856c1079b36a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--522c7ec3-1960-4f46-a519-38e94fd87eaa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62c2c362-4693-4bb0-968b-856c1079b36a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.521353Z", + "modified": "2025-02-27T00:38:15.521353Z", + "name": "CVE-2022-49174", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix ext4_mb_mark_bb() with flex_bg with fast_commit\n\nIn case of flex_bg feature (which is by default enabled), extents for\nany given inode might span across blocks from two different block group.\next4_mb_mark_bb() only reads the buffer_head of block bitmap once for the\nstarting block group, but it fails to read it again when the extent length\nboundary overflows to another block group. Then in this below loop it\naccesses memory beyond the block group bitmap buffer_head and results\ninto a data abort.\n\n\tfor (i = 0; i < clen; i++)\n\t\tif (!mb_test_bit(blkoff + i, bitmap_bh->b_data) == !state)\n\t\t\talready++;\n\nThis patch adds this functionality for checking block group boundary in\next4_mb_mark_bb() and update the buffer_head(bitmap_bh) for every different\nblock group.\n\nw/o this patch, I was easily able to hit a data access abort using Power platform.\n\n<...>\n[ 74.327662] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1141: group 11, block bitmap and bg descriptor inconsistent: 21248 vs 23294 free clusters\n[ 74.533214] EXT4-fs (loop3): shut down requested (2)\n[ 74.536705] Aborting journal on device loop3-8.\n[ 74.702705] BUG: Unable to handle kernel data access on read at 0xc00000005e980000\n[ 74.703727] Faulting instruction address: 0xc0000000007bffb8\ncpu 0xd: Vector: 300 (Data Access) at [c000000015db7060]\n pc: c0000000007bffb8: ext4_mb_mark_bb+0x198/0x5a0\n lr: c0000000007bfeec: ext4_mb_mark_bb+0xcc/0x5a0\n sp: c000000015db7300\n msr: 800000000280b033\n dar: c00000005e980000\n dsisr: 40000000\n current = 0xc000000027af6880\n paca = 0xc00000003ffd5200 irqmask: 0x03 irq_happened: 0x01\n pid = 5167, comm = mount\n<...>\nenter ? for help\n[c000000015db7380] c000000000782708 ext4_ext_clear_bb+0x378/0x410\n[c000000015db7400] c000000000813f14 ext4_fc_replay+0x1794/0x2000\n[c000000015db7580] c000000000833f7c do_one_pass+0xe9c/0x12a0\n[c000000015db7710] c000000000834504 jbd2_journal_recover+0x184/0x2d0\n[c000000015db77c0] c000000000841398 jbd2_journal_load+0x188/0x4a0\n[c000000015db7880] c000000000804de8 ext4_fill_super+0x2638/0x3e10\n[c000000015db7a40] c0000000005f8404 get_tree_bdev+0x2b4/0x350\n[c000000015db7ae0] c0000000007ef058 ext4_get_tree+0x28/0x40\n[c000000015db7b00] c0000000005f6344 vfs_get_tree+0x44/0x100\n[c000000015db7b70] c00000000063c408 path_mount+0xdd8/0xe70\n[c000000015db7c40] c00000000063c8f0 sys_mount+0x450/0x550\n[c000000015db7d50] c000000000035770 system_call_exception+0x4a0/0x4e0\n[c000000015db7e10] c00000000000c74c system_call_common+0xec/0x250", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63c9b17d-3f8f-45b9-bc36-be8c1644f307.json b/objects/vulnerability/vulnerability--63c9b17d-3f8f-45b9-bc36-be8c1644f307.json new file mode 100644 index 00000000000..9c2a66ae095 --- /dev/null +++ b/objects/vulnerability/vulnerability--63c9b17d-3f8f-45b9-bc36-be8c1644f307.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47fbdd66-f060-4766-bec2-837a27ee8439", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63c9b17d-3f8f-45b9-bc36-be8c1644f307", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.70885Z", + "modified": "2025-02-27T00:38:15.70885Z", + "name": "CVE-2022-49330", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix tcp_mtup_probe_success vs wrong snd_cwnd\n\nsyzbot got a new report [1] finally pointing to a very old bug,\nadded in initial support for MTU probing.\n\ntcp_mtu_probe() has checks about starting an MTU probe if\ntcp_snd_cwnd(tp) >= 11.\n\nBut nothing prevents tcp_snd_cwnd(tp) to be reduced later\nand before the MTU probe succeeds.\n\nThis bug would lead to potential zero-divides.\n\nDebugging added in commit 40570375356c (\"tcp: add accessors\nto read/set tp->snd_cwnd\") has paid off :)\n\nWhile we are at it, address potential overflows in this code.\n\n[1]\nWARNING: CPU: 1 PID: 14132 at include/net/tcp.h:1219 tcp_mtup_probe_success+0x366/0x570 net/ipv4/tcp_input.c:2712\nModules linked in:\nCPU: 1 PID: 14132 Comm: syz-executor.2 Not tainted 5.18.0-syzkaller-07857-gbabf0bb978e3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:tcp_snd_cwnd_set include/net/tcp.h:1219 [inline]\nRIP: 0010:tcp_mtup_probe_success+0x366/0x570 net/ipv4/tcp_input.c:2712\nCode: 74 08 48 89 ef e8 da 80 17 f9 48 8b 45 00 65 48 ff 80 80 03 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 aa b0 c5 f8 <0f> 0b e9 16 fe ff ff 48 8b 4c 24 08 80 e1 07 38 c1 0f 8c c7 fc ff\nRSP: 0018:ffffc900079e70f8 EFLAGS: 00010287\nRAX: ffffffff88c0f7f6 RBX: ffff8880756e7a80 RCX: 0000000000040000\nRDX: ffffc9000c6c4000 RSI: 0000000000031f9e RDI: 0000000000031f9f\nRBP: 0000000000000000 R08: ffffffff88c0f606 R09: ffffc900079e7520\nR10: ffffed101011226d R11: 1ffff1101011226c R12: 1ffff1100eadcf50\nR13: ffff8880756e72c0 R14: 1ffff1100eadcf89 R15: dffffc0000000000\nFS: 00007f643236e700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ab3f1e2a0 CR3: 0000000064fe7000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n tcp_clean_rtx_queue+0x223a/0x2da0 net/ipv4/tcp_input.c:3356\n tcp_ack+0x1962/0x3c90 net/ipv4/tcp_input.c:3861\n tcp_rcv_established+0x7c8/0x1ac0 net/ipv4/tcp_input.c:5973\n tcp_v6_do_rcv+0x57b/0x1210 net/ipv6/tcp_ipv6.c:1476\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x1d8/0x4c0 net/core/sock.c:2849\n release_sock+0x5d/0x1c0 net/core/sock.c:3404\n sk_stream_wait_memory+0x700/0xdc0 net/core/stream.c:145\n tcp_sendmsg_locked+0x111d/0x3fc0 net/ipv4/tcp.c:1410\n tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1448\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n __sys_sendto+0x439/0x5c0 net/socket.c:2119\n __do_sys_sendto net/socket.c:2131 [inline]\n __se_sys_sendto net/socket.c:2127 [inline]\n __x64_sys_sendto+0xda/0xf0 net/socket.c:2127\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f6431289109\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f643236e168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f643139c100 RCX: 00007f6431289109\nRDX: 00000000d0d0c2ac RSI: 0000000020000080 RDI: 000000000000000a\nRBP: 00007f64312e308d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fff372533af R14: 00007f643236e300 R15: 0000000000022000", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49330" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63eb44f3-5fb1-419d-9cdb-159ecf4ae277.json b/objects/vulnerability/vulnerability--63eb44f3-5fb1-419d-9cdb-159ecf4ae277.json new file mode 100644 index 00000000000..eae874c9cce --- /dev/null +++ b/objects/vulnerability/vulnerability--63eb44f3-5fb1-419d-9cdb-159ecf4ae277.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34deadc7-9360-455d-9461-57fc6ee86223", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63eb44f3-5fb1-419d-9cdb-159ecf4ae277", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.794174Z", + "modified": "2025-02-27T00:38:15.794174Z", + "name": "CVE-2022-49647", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Use separate src/dst nodes when preloading css_sets for migration\n\nEach cset (css_set) is pinned by its tasks. When we're moving tasks around\nacross csets for a migration, we need to hold the source and destination\ncsets to ensure that they don't go away while we're moving tasks about. This\nis done by linking cset->mg_preload_node on either the\nmgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the\nsame cset->mg_preload_node for both the src and dst lists was deemed okay as\na cset can't be both the source and destination at the same time.\n\nUnfortunately, this overloading becomes problematic when multiple tasks are\ninvolved in a migration and some of them are identity noop migrations while\nothers are actually moving across cgroups. For example, this can happen with\nthe following sequence on cgroup1:\n\n #1> mkdir -p /sys/fs/cgroup/misc/a/b\n #2> echo $$ > /sys/fs/cgroup/misc/a/cgroup.procs\n #3> RUN_A_COMMAND_WHICH_CREATES_MULTIPLE_THREADS &\n #4> PID=$!\n #5> echo $PID > /sys/fs/cgroup/misc/a/b/tasks\n #6> echo $PID > /sys/fs/cgroup/misc/a/cgroup.procs\n\nthe process including the group leader back into a. In this final migration,\nnon-leader threads would be doing identity migration while the group leader\nis doing an actual one.\n\nAfter #3, let's say the whole process was in cset A, and that after #4, the\nleader moves to cset B. Then, during #6, the following happens:\n\n 1. cgroup_migrate_add_src() is called on B for the leader.\n\n 2. cgroup_migrate_add_src() is called on A for the other threads.\n\n 3. cgroup_migrate_prepare_dst() is called. It scans the src list.\n\n 4. It notices that B wants to migrate to A, so it tries to A to the dst\n list but realizes that its ->mg_preload_node is already busy.\n\n 5. and then it notices A wants to migrate to A as it's an identity\n migration, it culls it by list_del_init()'ing its ->mg_preload_node and\n putting references accordingly.\n\n 6. The rest of migration takes place with B on the src list but nothing on\n the dst list.\n\nThis means that A isn't held while migration is in progress. If all tasks\nleave A before the migration finishes and the incoming task pins it, the\ncset will be destroyed leading to use-after-free.\n\nThis is caused by overloading cset->mg_preload_node for both src and dst\npreload lists. We wanted to exclude the cset from the src list but ended up\ninadvertently excluding it from the dst list too.\n\nThis patch fixes the issue by separating out cset->mg_preload_node into\n->mg_src_preload_node and ->mg_dst_preload_node, so that the src and dst\npreloadings don't interfere with each other.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--641acf71-c6f8-478a-998f-decf2a5aac25.json b/objects/vulnerability/vulnerability--641acf71-c6f8-478a-998f-decf2a5aac25.json new file mode 100644 index 00000000000..b95d98b8bf9 --- /dev/null +++ b/objects/vulnerability/vulnerability--641acf71-c6f8-478a-998f-decf2a5aac25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1076021f-d5e4-48b9-b5ca-989cf3c900df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--641acf71-c6f8-478a-998f-decf2a5aac25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.211788Z", + "modified": "2025-02-27T00:38:11.211788Z", + "name": "CVE-2021-47642", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow\n\nCoverity complains of a possible buffer overflow. However,\ngiven the 'static' scope of nvidia_setup_i2c_bus() it looks\nlike that can't happen after examiniing the call sites.\n\nCID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)\n1. fixed_size_dest: You might overrun the 48-character fixed-size string\n chan->adapter.name by copying name without checking the length.\n2. parameter_as_source: Note: This defect has an elevated risk because the\n source argument is a parameter of the current function.\n 89 strcpy(chan->adapter.name, name);\n\nFix this warning by using strscpy() which will silence the warning and\nprevent any future buffer overflows should the names used to identify the\nchannel become much longer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6483acb9-77fc-4bcc-bc3e-8f2cb9a75acb.json b/objects/vulnerability/vulnerability--6483acb9-77fc-4bcc-bc3e-8f2cb9a75acb.json new file mode 100644 index 00000000000..013151f811b --- /dev/null +++ b/objects/vulnerability/vulnerability--6483acb9-77fc-4bcc-bc3e-8f2cb9a75acb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f27e789d-66ab-495e-8a41-e090d1a7aefc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6483acb9-77fc-4bcc-bc3e-8f2cb9a75acb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.483224Z", + "modified": "2025-02-27T00:38:15.483224Z", + "name": "CVE-2022-49072", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: Restrict usage of GPIO chip irq members before initialization\n\nGPIO chip irq members are exposed before they could be completely\ninitialized and this leads to race conditions.\n\nOne such issue was observed for the gc->irq.domain variable which\nwas accessed through the I2C interface in gpiochip_to_irq() before\nit could be initialized by gpiochip_add_irqchip(). This resulted in\nKernel NULL pointer dereference.\n\nFollowing are the logs for reference :-\n\nkernel: Call Trace:\nkernel: gpiod_to_irq+0x53/0x70\nkernel: acpi_dev_gpio_irq_get_by+0x113/0x1f0\nkernel: i2c_acpi_get_irq+0xc0/0xd0\nkernel: i2c_device_probe+0x28a/0x2a0\nkernel: really_probe+0xf2/0x460\nkernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0\n\nTo avoid such scenarios, restrict usage of GPIO chip irq members before\nthey are completely initialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49072" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64b5e2a8-74d8-4fdf-9a8f-9645c18b1eac.json b/objects/vulnerability/vulnerability--64b5e2a8-74d8-4fdf-9a8f-9645c18b1eac.json new file mode 100644 index 00000000000..8357da9cbef --- /dev/null +++ b/objects/vulnerability/vulnerability--64b5e2a8-74d8-4fdf-9a8f-9645c18b1eac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cf3718a-ee57-4fe4-b242-c9ac20552f26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64b5e2a8-74d8-4fdf-9a8f-9645c18b1eac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.706076Z", + "modified": "2025-02-27T00:38:15.706076Z", + "name": "CVE-2022-49407", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix plock invalid read\n\nThis patch fixes an invalid read showed by KASAN. A unlock will allocate a\n\"struct plock_op\" and a followed send_op() will append it to a global\nsend_list data structure. In some cases a followed dev_read() moves it\nto recv_list and dev_write() will cast it to \"struct plock_xop\" and access\nfields which are only available in those structures. At this point an\ninvalid read happens by accessing those fields.\n\nTo fix this issue the \"callback\" field is moved to \"struct plock_op\" to\nindicate that a cast to \"plock_xop\" is allowed and does the additional\n\"plock_xop\" handling if set.\n\nExample of the KASAN output which showed the invalid read:\n\n[ 2064.296453] ==================================================================\n[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]\n[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484\n[ 2064.308168]\n[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9\n[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n[ 2064.311618] Call Trace:\n[ 2064.312218] dump_stack_lvl+0x56/0x7b\n[ 2064.313150] print_address_description.constprop.8+0x21/0x150\n[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.316595] kasan_report.cold.14+0x7f/0x11b\n[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]\n[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]\n[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10\n[ 2064.321926] vfs_write+0x17e/0x930\n[ 2064.322769] ? __fget_light+0x1aa/0x220\n[ 2064.323753] ksys_write+0xf1/0x1c0\n[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0\n[ 2064.325464] do_syscall_64+0x3a/0x80\n[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.327606] RIP: 0033:0x7f807e4ba96f\n[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48\n[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f\n[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010\n[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001\n[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80\n[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001\n[ 2064.342857]\n[ 2064.343226] Allocated by task 12438:\n[ 2064.344057] kasan_save_stack+0x1c/0x40\n[ 2064.345079] __kasan_kmalloc+0x84/0xa0\n[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220\n[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]\n[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0\n[ 2064.351070] fcntl_setlk+0x281/0xbc0\n[ 2064.352879] do_fcntl+0x5e4/0xfe0\n[ 2064.354657] __x64_sys_fcntl+0x11f/0x170\n[ 2064.356550] do_syscall_64+0x3a/0x80\n[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.360745]\n[ 2064.361511] Last potentially related work creation:\n[ 2064.363957] kasan_save_stack+0x1c/0x40\n[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.368100] call_rcu+0x11b/0xf70\n[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]\n[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]\n[ 2064.377290] process_one_work+0x9a8/0x16e0\n[ 2064.379357] worker_thread+0x87/0xbf0\n[ 2064.381188] kthread+0x3ac/0x490\n[ 2064.383460] ret_from_fork+0x22/0x30\n[ 2064.385588]\n[ 2064.386518] Second to last potentially related work creation:\n[ 2064.389219] kasan_save_stack+0x1c/0x40\n[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.393303] call_rcu+0x11b/0xf70\n[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.397694] receive_from_sock+0x290/0x770 \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49407" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64ca8756-cfdf-4867-ae6e-b7d0df440bc2.json b/objects/vulnerability/vulnerability--64ca8756-cfdf-4867-ae6e-b7d0df440bc2.json new file mode 100644 index 00000000000..89d1b5ee969 --- /dev/null +++ b/objects/vulnerability/vulnerability--64ca8756-cfdf-4867-ae6e-b7d0df440bc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9101d396-cbf1-4c25-90e6-8c60d2675bc1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64ca8756-cfdf-4867-ae6e-b7d0df440bc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.762085Z", + "modified": "2025-02-27T00:38:15.762085Z", + "name": "CVE-2022-49098", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix potential crash on module unload\n\nThe vmbus driver relies on the panic notifier infrastructure to perform\nsome operations when a panic event is detected. Since vmbus can be built\nas module, it is required that the driver handles both registering and\nunregistering such panic notifier callback.\n\nAfter commit 74347a99e73a (\"x86/Hyper-V: Unload vmbus channel in hv panic callback\")\nthough, the panic notifier registration is done unconditionally in the module\ninitialization routine whereas the unregistering procedure is conditionally\nguarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability\nis set.\n\nThis patch fixes that by unconditionally unregistering the panic notifier\nin the module's exit routine as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--655467d8-be78-424c-891d-4375eb4a1616.json b/objects/vulnerability/vulnerability--655467d8-be78-424c-891d-4375eb4a1616.json new file mode 100644 index 00000000000..17154e31815 --- /dev/null +++ b/objects/vulnerability/vulnerability--655467d8-be78-424c-891d-4375eb4a1616.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6d60f7f-166a-4c2b-ba5d-2ddf4b27f2c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--655467d8-be78-424c-891d-4375eb4a1616", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.529007Z", + "modified": "2025-02-27T00:38:15.529007Z", + "name": "CVE-2022-49227", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid kernel warning when changing RX ring parameters\n\nCalling ethtool changing the RX ring parameters like this:\n\n $ ethtool -G eth0 rx 1024\n\non igc triggers kernel warnings like this:\n\n[ 225.198467] ------------[ cut here ]------------\n[ 225.198473] Missing unregister, handled but fix driver\n[ 225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168\nxdp_rxq_info_reg+0x79/0xd0\n[...]\n[ 225.198601] Call Trace:\n[ 225.198604] \n[ 225.198609] igc_setup_rx_resources+0x3f/0xe0 [igc]\n[ 225.198617] igc_ethtool_set_ringparam+0x30e/0x450 [igc]\n[ 225.198626] ethnl_set_rings+0x18a/0x250\n[ 225.198631] genl_family_rcv_msg_doit+0xca/0x110\n[ 225.198637] genl_rcv_msg+0xce/0x1c0\n[ 225.198640] ? rings_prepare_data+0x60/0x60\n[ 225.198644] ? genl_get_cmd+0xd0/0xd0\n[ 225.198647] netlink_rcv_skb+0x4e/0xf0\n[ 225.198652] genl_rcv+0x24/0x40\n[ 225.198655] netlink_unicast+0x20e/0x330\n[ 225.198659] netlink_sendmsg+0x23f/0x480\n[ 225.198663] sock_sendmsg+0x5b/0x60\n[ 225.198667] __sys_sendto+0xf0/0x160\n[ 225.198671] ? handle_mm_fault+0xb2/0x280\n[ 225.198676] ? do_user_addr_fault+0x1eb/0x690\n[ 225.198680] __x64_sys_sendto+0x20/0x30\n[ 225.198683] do_syscall_64+0x38/0x90\n[ 225.198687] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 225.198693] RIP: 0033:0x7f7ae38ac3aa\n\nigc_ethtool_set_ringparam() copies the igc_ring structure but neglects to\nreset the xdp_rxq_info member before calling igc_setup_rx_resources().\nThis in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.\n\nMake sure to unregister the xdp_rxq_info structure first in\nigc_setup_rx_resources.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65bb70cb-4056-4a4e-840a-b7f12c2ffe09.json b/objects/vulnerability/vulnerability--65bb70cb-4056-4a4e-840a-b7f12c2ffe09.json new file mode 100644 index 00000000000..a3b33b399d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--65bb70cb-4056-4a4e-840a-b7f12c2ffe09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1644235-db33-4e69-a584-013eb7d45a3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65bb70cb-4056-4a4e-840a-b7f12c2ffe09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.555555Z", + "modified": "2025-02-27T00:38:15.555555Z", + "name": "CVE-2022-49415", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49415" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65e1d2bd-b4e3-414f-b23b-d8ad272ac4de.json b/objects/vulnerability/vulnerability--65e1d2bd-b4e3-414f-b23b-d8ad272ac4de.json new file mode 100644 index 00000000000..39940a54e8d --- /dev/null +++ b/objects/vulnerability/vulnerability--65e1d2bd-b4e3-414f-b23b-d8ad272ac4de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7f05a50-f194-4686-9096-d16539ae7e27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65e1d2bd-b4e3-414f-b23b-d8ad272ac4de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.308806Z", + "modified": "2025-02-27T00:38:15.308806Z", + "name": "CVE-2022-49318", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: remove WARN_ON in f2fs_is_valid_blkaddr\n\nSyzbot triggers two WARNs in f2fs_is_valid_blkaddr and\n__is_bitmap_valid. For example, in f2fs_is_valid_blkaddr,\nif type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ,\nit invokes WARN_ON if blkaddr is not in the right range.\nThe call trace is as follows:\n\n f2fs_get_node_info+0x45f/0x1070\n read_node_page+0x577/0x1190\n __get_node_page.part.0+0x9e/0x10e0\n __get_node_page\n f2fs_get_node_page+0x109/0x180\n do_read_inode\n f2fs_iget+0x2a5/0x58b0\n f2fs_fill_super+0x3b39/0x7ca0\n\nFix these two WARNs by replacing WARN_ON with dump_stack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49318" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65ee7754-1443-4249-a93f-260fd6b74d2f.json b/objects/vulnerability/vulnerability--65ee7754-1443-4249-a93f-260fd6b74d2f.json new file mode 100644 index 00000000000..482af8a5965 --- /dev/null +++ b/objects/vulnerability/vulnerability--65ee7754-1443-4249-a93f-260fd6b74d2f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d6814ed-9084-437b-971d-66dfcc9c9707", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65ee7754-1443-4249-a93f-260fd6b74d2f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.669993Z", + "modified": "2025-02-27T00:38:15.669993Z", + "name": "CVE-2022-49066", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Ensure eth header is in skb's linear part\n\nAfter feeding a decapsulated packet to a veth device with act_mirred,\nskb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),\nwhich expects at least ETH_HLEN byte of linear data (as\n__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes\nunconditionally).\n\nUse pskb_may_pull() to ensure veth_xmit() respects this constraint.\n\nkernel BUG at include/linux/skbuff.h:2328!\nRIP: 0010:eth_type_trans+0xcf/0x140\nCall Trace:\n \n __dev_forward_skb2+0xe3/0x160\n veth_xmit+0x6e/0x250 [veth]\n dev_hard_start_xmit+0xc7/0x200\n __dev_queue_xmit+0x47f/0x520\n ? skb_ensure_writable+0x85/0xa0\n ? skb_mpls_pop+0x98/0x1c0\n tcf_mirred_act+0x442/0x47e [act_mirred]\n tcf_action_exec+0x86/0x140\n fl_classify+0x1d8/0x1e0 [cls_flower]\n ? dma_pte_clear_level+0x129/0x1a0\n ? dma_pte_clear_level+0x129/0x1a0\n ? prb_fill_curr_block+0x2f/0xc0\n ? skb_copy_bits+0x11a/0x220\n __tcf_classify+0x58/0x110\n tcf_classify_ingress+0x6b/0x140\n __netif_receive_skb_core.constprop.0+0x47d/0xfd0\n ? __iommu_dma_unmap_swiotlb+0x44/0x90\n __netif_receive_skb_one_core+0x3d/0xa0\n netif_receive_skb+0x116/0x170\n be_process_rx+0x22f/0x330 [be2net]\n be_poll+0x13c/0x370 [be2net]\n __napi_poll+0x2a/0x170\n net_rx_action+0x22f/0x2f0\n __do_softirq+0xca/0x2a8\n __irq_exit_rcu+0xc1/0xe0\n common_interrupt+0x83/0xa0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6622d66d-e75e-4f5d-9d0a-25e12163c5a6.json b/objects/vulnerability/vulnerability--6622d66d-e75e-4f5d-9d0a-25e12163c5a6.json new file mode 100644 index 00000000000..140a38f78ce --- /dev/null +++ b/objects/vulnerability/vulnerability--6622d66d-e75e-4f5d-9d0a-25e12163c5a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b37faf2a-e148-400b-ae1a-c4b756e369b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6622d66d-e75e-4f5d-9d0a-25e12163c5a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.545917Z", + "modified": "2025-02-27T00:38:15.545917Z", + "name": "CVE-2022-49076", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix use-after-free bug for mm struct\n\nUnder certain conditions, such as MPI_Abort, the hfi1 cleanup code may\nrepresent the last reference held on the task mm.\nhfi1_mmu_rb_unregister() then drops the last reference and the mm is freed\nbefore the final use in hfi1_release_user_pages(). A new task may\nallocate the mm structure while it is still being used, resulting in\nproblems. One manifestation is corruption of the mmap_sem counter leading\nto a hang in down_write(). Another is corruption of an mm struct that is\nin use by another task.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49076" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66629a1e-6d3e-4e50-a856-e8a029a20d38.json b/objects/vulnerability/vulnerability--66629a1e-6d3e-4e50-a856-e8a029a20d38.json new file mode 100644 index 00000000000..21d874e4281 --- /dev/null +++ b/objects/vulnerability/vulnerability--66629a1e-6d3e-4e50-a856-e8a029a20d38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aaac88c2-1bd9-4881-8667-1e1f4d753ce5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66629a1e-6d3e-4e50-a856-e8a029a20d38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.617036Z", + "modified": "2025-02-27T00:38:15.617036Z", + "name": "CVE-2022-49439", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fsl_rio: Fix refcount leak in fsl_rio_setup\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49439" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--666a577d-76f3-4e37-91dd-031424f3c68f.json b/objects/vulnerability/vulnerability--666a577d-76f3-4e37-91dd-031424f3c68f.json new file mode 100644 index 00000000000..fe667f3009b --- /dev/null +++ b/objects/vulnerability/vulnerability--666a577d-76f3-4e37-91dd-031424f3c68f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64f6e38c-c2a9-4ef6-9737-4aa69f7e39c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--666a577d-76f3-4e37-91dd-031424f3c68f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.378709Z", + "modified": "2025-02-27T00:38:15.378709Z", + "name": "CVE-2022-49400", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't set mddev private to NULL in raid0 pers->free\n\nIn normal stop process, it does like this:\n do_md_stop\n |\n __md_stop (pers->free(); mddev->private=NULL)\n |\n md_free (free mddev)\n__md_stop sets mddev->private to NULL after pers->free. The raid device\nwill be stopped and mddev memory is free. But in reshape, it doesn't\nfree the mddev and mddev will still be used in new raid.\n\nIn reshape, it first sets mddev->private to new_pers and then runs\nold_pers->free(). Now raid0 sets mddev->private to NULL in raid0_free.\nThe new raid can't work anymore. It will panic when dereference\nmddev->private because of NULL pointer dereference.\n\nIt can panic like this:\n[63010.814972] kernel BUG at drivers/md/raid10.c:928!\n[63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1\n[63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020\n[63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10]\n[63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246\n[63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000\n[63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800\n[63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000\n[63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200\n[63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003\n[63010.906399] FS: 0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000\n[63010.914485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0\n[63010.927363] Call Trace:\n[63010.929822] ? bio_reset+0xe/0x40\n[63010.933144] ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10]\n[63010.938629] raid10_sync_request+0x756/0x1610 [raid10]\n[63010.943770] md_do_sync.cold+0x3e4/0x94c\n[63010.947698] md_thread+0xab/0x160\n[63010.951024] ? md_write_inc+0x50/0x50\n[63010.954688] kthread+0x149/0x170\n[63010.957923] ? set_kthread_struct+0x40/0x40\n[63010.962107] ret_from_fork+0x22/0x30\n\nRemoving the code that sets mddev->private to NULL in raid0 can fix\nproblem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49400" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66a6f851-0096-4a0a-9c06-c5acbeb4dc69.json b/objects/vulnerability/vulnerability--66a6f851-0096-4a0a-9c06-c5acbeb4dc69.json new file mode 100644 index 00000000000..1668acdf01e --- /dev/null +++ b/objects/vulnerability/vulnerability--66a6f851-0096-4a0a-9c06-c5acbeb4dc69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5020bb96-8a91-4230-8c89-563afe20b97c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66a6f851-0096-4a0a-9c06-c5acbeb4dc69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.532816Z", + "modified": "2025-02-27T00:38:15.532816Z", + "name": "CVE-2022-49604", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nip: Fix data-races around sysctl_ip_fwd_use_pmtu.\n\nWhile reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its readers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66d160c4-c5fd-4483-8c4f-776b49d4c871.json b/objects/vulnerability/vulnerability--66d160c4-c5fd-4483-8c4f-776b49d4c871.json new file mode 100644 index 00000000000..f9629027264 --- /dev/null +++ b/objects/vulnerability/vulnerability--66d160c4-c5fd-4483-8c4f-776b49d4c871.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a36ee419-8aeb-4acc-be38-84d246fed081", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66d160c4-c5fd-4483-8c4f-776b49d4c871", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.174792Z", + "modified": "2025-02-27T00:38:11.174792Z", + "name": "CVE-2021-47631", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: davinci: da850-evm: Avoid NULL pointer dereference\n\nWith newer versions of GCC, there is a panic in da850_evm_config_emac()\nwhen booting multi_v5_defconfig in QEMU under the palmetto-bmc machine:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000020\npgd = (ptrval)\n[00000020] *pgd=00000000\nInternal error: Oops: 5 [#1] PREEMPT ARM\nModules linked in:\nCPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1\nHardware name: Generic DT based system\nPC is at da850_evm_config_emac+0x1c/0x120\nLR is at do_one_initcall+0x50/0x1e0\n\nThe emac_pdata pointer in soc_info is NULL because davinci_soc_info only\ngets populated on davinci machines but da850_evm_config_emac() is called\non all machines via device_initcall().\n\nMove the rmii_en assignment below the machine check so that it is only\ndereferenced when running on a supported SoC.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66db92dc-d8c3-4c1c-bd7f-0a4233bdd1b4.json b/objects/vulnerability/vulnerability--66db92dc-d8c3-4c1c-bd7f-0a4233bdd1b4.json new file mode 100644 index 00000000000..c94149274e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--66db92dc-d8c3-4c1c-bd7f-0a4233bdd1b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b21b1e86-c1ac-417d-9876-cd3d5b35bcbd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66db92dc-d8c3-4c1c-bd7f-0a4233bdd1b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.713481Z", + "modified": "2025-02-27T00:38:15.713481Z", + "name": "CVE-2022-49681", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxtensa: xtfpga: Fix refcount leak bug in setup\n\nIn machine_setup(), of_find_compatible_node() will return a node\npointer with refcount incremented. We should use of_node_put() when\nit is not used anymore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6740f4a6-3141-4599-9ed9-f721679cc6b1.json b/objects/vulnerability/vulnerability--6740f4a6-3141-4599-9ed9-f721679cc6b1.json new file mode 100644 index 00000000000..0b2e52fc56b --- /dev/null +++ b/objects/vulnerability/vulnerability--6740f4a6-3141-4599-9ed9-f721679cc6b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af9bd252-ab8d-4277-afd3-c5036cf7ef98", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6740f4a6-3141-4599-9ed9-f721679cc6b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.314879Z", + "modified": "2025-02-27T00:38:03.314879Z", + "name": "CVE-2024-46226", + "description": "A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6782333a-ee85-4796-9226-00916d0ef1c9.json b/objects/vulnerability/vulnerability--6782333a-ee85-4796-9226-00916d0ef1c9.json new file mode 100644 index 00000000000..e5249095438 --- /dev/null +++ b/objects/vulnerability/vulnerability--6782333a-ee85-4796-9226-00916d0ef1c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f3557d3-0dd8-40e7-8668-d39d43c45bd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6782333a-ee85-4796-9226-00916d0ef1c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.354038Z", + "modified": "2025-02-27T00:38:15.354038Z", + "name": "CVE-2022-49656", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: meson: Fix refcount leak in meson_smp_prepare_cpus\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67c2553a-e46e-47e6-ada8-0a0b9800ab1e.json b/objects/vulnerability/vulnerability--67c2553a-e46e-47e6-ada8-0a0b9800ab1e.json new file mode 100644 index 00000000000..473a0c8502f --- /dev/null +++ b/objects/vulnerability/vulnerability--67c2553a-e46e-47e6-ada8-0a0b9800ab1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--876df281-fa14-4877-a2f3-39eff25f6608", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67c2553a-e46e-47e6-ada8-0a0b9800ab1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.200858Z", + "modified": "2025-02-27T00:38:11.200858Z", + "name": "CVE-2021-47641", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: cirrusfb: check pixclock to avoid divide by zero\n\nDo a sanity check on pixclock value to avoid divide by zero.\n\nIf the pixclock value is zero, the cirrusfb driver will round up\npixclock to get the derived frequency as close to maxclock as\npossible.\n\nSyzkaller reported a divide error in cirrusfb_check_pixclock.\n\ndivide error: 0000 [#1] SMP KASAN PTI\nCPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2\nRIP: 0010:cirrusfb_check_var+0x6f1/0x1260\n\nCall Trace:\n fb_set_var+0x398/0xf90\n do_fb_ioctl+0x4b8/0x6f0\n fb_ioctl+0xeb/0x130\n __x64_sys_ioctl+0x19d/0x220\n do_syscall_64+0x3a/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68040b84-c5ef-4c2c-bb37-175c2550d76b.json b/objects/vulnerability/vulnerability--68040b84-c5ef-4c2c-bb37-175c2550d76b.json new file mode 100644 index 00000000000..93d4407e426 --- /dev/null +++ b/objects/vulnerability/vulnerability--68040b84-c5ef-4c2c-bb37-175c2550d76b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c367bea3-88e5-48e2-89f7-291d4b7c83a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68040b84-c5ef-4c2c-bb37-175c2550d76b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.630303Z", + "modified": "2025-02-27T00:38:01.630303Z", + "name": "CVE-2024-13629", + "description": "The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--687fb99a-6fba-4329-be73-cdfafca221cb.json b/objects/vulnerability/vulnerability--687fb99a-6fba-4329-be73-cdfafca221cb.json new file mode 100644 index 00000000000..d8b6d9d6ef8 --- /dev/null +++ b/objects/vulnerability/vulnerability--687fb99a-6fba-4329-be73-cdfafca221cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55d04919-b229-40dd-808c-a978e834de9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--687fb99a-6fba-4329-be73-cdfafca221cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.494727Z", + "modified": "2025-02-27T00:38:15.494727Z", + "name": "CVE-2022-49232", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()\n\nIn amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()\nis assigned to mode and is passed to drm_mode_probed_add() directly after\nthat. drm_mode_probed_add() passes &mode->head to list_add_tail(), and\nthere is a dereference of it in list_add_tail() without recoveries, which\ncould lead to NULL pointer dereference on failure of\namdgpu_dm_create_common_mode().\n\nFix this by adding a NULL check of mode.\n\nThis bug was found by a static analyzer.\n\nBuilds with 'make allyesconfig' show no new warnings,\nand our static analyzer no longer warns about this code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49232" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--689334ec-8f67-4346-b3b9-e6024130ddef.json b/objects/vulnerability/vulnerability--689334ec-8f67-4346-b3b9-e6024130ddef.json new file mode 100644 index 00000000000..6f2cae2b02e --- /dev/null +++ b/objects/vulnerability/vulnerability--689334ec-8f67-4346-b3b9-e6024130ddef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f6f1596-a816-40c4-af7e-03216ae08a16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--689334ec-8f67-4346-b3b9-e6024130ddef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.330037Z", + "modified": "2025-02-27T00:38:15.330037Z", + "name": "CVE-2022-49558", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: double hook unregistration in netns path\n\n__nft_release_hooks() is called from pre_netns exit path which\nunregisters the hooks, then the NETDEV_UNREGISTER event is triggered\nwhich unregisters the hooks again.\n\n[ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270\n[...]\n[ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0-rc7+ #27\n[ 565.253682] Workqueue: netns cleanup_net\n[ 565.257059] RIP: 0010:__nf_unregister_net_hook+0x247/0x270\n[...]\n[ 565.297120] Call Trace:\n[ 565.300900] \n[ 565.304683] nf_tables_flowtable_event+0x16a/0x220 [nf_tables]\n[ 565.308518] raw_notifier_call_chain+0x63/0x80\n[ 565.312386] unregister_netdevice_many+0x54f/0xb50\n\nUnregister and destroy netdev hook from netns pre_exit via kfree_rcu\nso the NETDEV_UNREGISTER path see unregistered hooks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68f5b56e-efac-4992-a987-bb49ae89dbf3.json b/objects/vulnerability/vulnerability--68f5b56e-efac-4992-a987-bb49ae89dbf3.json new file mode 100644 index 00000000000..84e6e39742d --- /dev/null +++ b/objects/vulnerability/vulnerability--68f5b56e-efac-4992-a987-bb49ae89dbf3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3320799f-9a40-4a3e-92fe-9614bc362aea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68f5b56e-efac-4992-a987-bb49ae89dbf3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.4994Z", + "modified": "2025-02-27T00:38:15.4994Z", + "name": "CVE-2022-49148", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Free the page array when watch_queue is dismantled\n\nCommit 7ea1a0124b6d (\"watch_queue: Free the alloc bitmap when the\nwatch_queue is torn down\") took care of the bitmap, but not the page\narray.\n\n BUG: memory leak\n unreferenced object 0xffff88810d9bc140 (size 32):\n comm \"syz-executor335\", pid 3603, jiffies 4294946994 (age 12.840s)\n hex dump (first 32 bytes):\n 40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n kmalloc_array include/linux/slab.h:621 [inline]\n kcalloc include/linux/slab.h:652 [inline]\n watch_queue_set_size+0x12f/0x2e0 kernel/watch_queue.c:251\n pipe_ioctl+0x82/0x140 fs/pipe.c:632\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49148" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a169b55-ed45-476e-bc78-18392036d6ee.json b/objects/vulnerability/vulnerability--6a169b55-ed45-476e-bc78-18392036d6ee.json new file mode 100644 index 00000000000..3f31f89d79a --- /dev/null +++ b/objects/vulnerability/vulnerability--6a169b55-ed45-476e-bc78-18392036d6ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b08e16a-0980-457c-85e0-be7dbcbecb0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a169b55-ed45-476e-bc78-18392036d6ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.401731Z", + "modified": "2025-02-27T00:38:15.401731Z", + "name": "CVE-2022-49484", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector\n\nFix possible NULL pointer dereference in mt7915_mac_fill_rx_vector\nroutine if the chip does not support dbdc and the hw reports band_idx\nset to 1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a634a51-8c33-4457-9cb4-2142a9d3408a.json b/objects/vulnerability/vulnerability--6a634a51-8c33-4457-9cb4-2142a9d3408a.json new file mode 100644 index 00000000000..6e37e27d1dc --- /dev/null +++ b/objects/vulnerability/vulnerability--6a634a51-8c33-4457-9cb4-2142a9d3408a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--804cfa1c-f298-4b98-b22d-b97e93fa4121", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a634a51-8c33-4457-9cb4-2142a9d3408a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.432791Z", + "modified": "2025-02-27T00:38:15.432791Z", + "name": "CVE-2022-49097", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Avoid writeback threads getting stuck in mempool_alloc()\n\nIn a low memory situation, allow the NFS writeback code to fail without\ngetting stuck in infinite loops in mempool_alloc().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49097" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ad7f8f0-5c11-4a39-8afd-e21cac09db58.json b/objects/vulnerability/vulnerability--6ad7f8f0-5c11-4a39-8afd-e21cac09db58.json new file mode 100644 index 00000000000..d92eb7251c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ad7f8f0-5c11-4a39-8afd-e21cac09db58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9537ddd-76d7-46eb-b7fa-ba6c5eee3da0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ad7f8f0-5c11-4a39-8afd-e21cac09db58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.73978Z", + "modified": "2025-02-27T00:38:15.73978Z", + "name": "CVE-2022-49287", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: fix reference counting for struct tpm_chip\n\nThe following sequence of operations results in a refcount warning:\n\n1. Open device /dev/tpmrm.\n2. Remove module tpm_tis_spi.\n3. Write a TPM command to the file descriptor opened at step 1.\n\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 1161 at lib/refcount.c:25 kobject_get+0xa0/0xa4\nrefcount_t: addition on 0; use-after-free.\nModules linked in: tpm_tis_spi tpm_tis_core tpm mdio_bcm_unimac brcmfmac\nsha256_generic libsha256 sha256_arm hci_uart btbcm bluetooth cfg80211 vc4\nbrcmutil ecdh_generic ecc snd_soc_core crc32_arm_ce libaes\nraspberrypi_hwmon ac97_bus snd_pcm_dmaengine bcm2711_thermal snd_pcm\nsnd_timer genet snd phy_generic soundcore [last unloaded: spi_bcm2835]\nCPU: 3 PID: 1161 Comm: hold_open Not tainted 5.10.0ls-main-dirty #2\nHardware name: BCM2711\n[] (unwind_backtrace) from [] (show_stack+0x10/0x14)\n[] (show_stack) from [] (dump_stack+0xc4/0xd8)\n[] (dump_stack) from [] (__warn+0x104/0x108)\n[] (__warn) from [] (warn_slowpath_fmt+0x74/0xb8)\n[] (warn_slowpath_fmt) from [] (kobject_get+0xa0/0xa4)\n[] (kobject_get) from [] (tpm_try_get_ops+0x14/0x54 [tpm])\n[] (tpm_try_get_ops [tpm]) from [] (tpm_common_write+0x38/0x60 [tpm])\n[] (tpm_common_write [tpm]) from [] (vfs_write+0xc4/0x3c0)\n[] (vfs_write) from [] (ksys_write+0x58/0xcc)\n[] (ksys_write) from [] (ret_fast_syscall+0x0/0x4c)\nException stack(0xc226bfa8 to 0xc226bff0)\nbfa0: 00000000 000105b4 00000003 beafe664 00000014 00000000\nbfc0: 00000000 000105b4 000103f8 00000004 00000000 00000000 b6f9c000 beafe684\nbfe0: 0000006c beafe648 0001056c b6eb6944\n---[ end trace d4b8409def9b8b1f ]---\n\nThe reason for this warning is the attempt to get the chip->dev reference\nin tpm_common_write() although the reference counter is already zero.\n\nSince commit 8979b02aaf1d (\"tpm: Fix reference count to main device\") the\nextra reference used to prevent a premature zero counter is never taken,\nbecause the required TPM_CHIP_FLAG_TPM2 flag is never set.\n\nFix this by moving the TPM 2 character device handling from\ntpm_chip_alloc() to tpm_add_char_device() which is called at a later point\nin time when the flag has been set in case of TPM2.\n\nCommit fdc915f7f719 (\"tpm: expose spaces via a device link /dev/tpmrm\")\nalready introduced function tpm_devs_release() to release the extra\nreference but did not implement the required put on chip->devs that results\nin the call of this function.\n\nFix this by putting chip->devs in tpm_chip_unregister().\n\nFinally move the new implementation for the TPM 2 handling into a new\nfunction to avoid multiple checks for the TPM_CHIP_FLAG_TPM2 flag in the\ngood case and error cases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49287" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b1ed8f5-b8b1-4c5c-9270-0939bc379328.json b/objects/vulnerability/vulnerability--6b1ed8f5-b8b1-4c5c-9270-0939bc379328.json new file mode 100644 index 00000000000..05c5abf1e50 --- /dev/null +++ b/objects/vulnerability/vulnerability--6b1ed8f5-b8b1-4c5c-9270-0939bc379328.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fce1088a-65fe-4859-bdee-f3f1b0be5478", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b1ed8f5-b8b1-4c5c-9270-0939bc379328", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.528037Z", + "modified": "2025-02-27T00:38:15.528037Z", + "name": "CVE-2022-49193", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix 'scheduling while atomic' on aux critical err interrupt\n\nThere's a kernel BUG splat on processing aux critical error\ninterrupts in ice_misc_intr():\n\n[ 2100.917085] BUG: scheduling while atomic: swapper/15/0/0x00010000\n...\n[ 2101.060770] Call Trace:\n[ 2101.063229] \n[ 2101.065252] dump_stack+0x41/0x60\n[ 2101.068587] __schedule_bug.cold.100+0x4c/0x58\n[ 2101.073060] __schedule+0x6a4/0x830\n[ 2101.076570] schedule+0x35/0xa0\n[ 2101.079727] schedule_preempt_disabled+0xa/0x10\n[ 2101.084284] __mutex_lock.isra.7+0x310/0x420\n[ 2101.088580] ? ice_misc_intr+0x201/0x2e0 [ice]\n[ 2101.093078] ice_send_event_to_aux+0x25/0x70 [ice]\n[ 2101.097921] ice_misc_intr+0x220/0x2e0 [ice]\n[ 2101.102232] __handle_irq_event_percpu+0x40/0x180\n[ 2101.106965] handle_irq_event_percpu+0x30/0x80\n[ 2101.111434] handle_irq_event+0x36/0x53\n[ 2101.115292] handle_edge_irq+0x82/0x190\n[ 2101.119148] handle_irq+0x1c/0x30\n[ 2101.122480] do_IRQ+0x49/0xd0\n[ 2101.125465] common_interrupt+0xf/0xf\n[ 2101.129146] \n...\n\nAs Andrew correctly mentioned previously[0], the following call\nladder happens:\n\nice_misc_intr() <- hardirq\n ice_send_event_to_aux()\n device_lock()\n mutex_lock()\n might_sleep()\n might_resched() <- oops\n\nAdd a new PF state bit which indicates that an aux critical error\noccurred and serve it in ice_service_task() in process context.\nThe new ice_pf::oicr_err_reg is read-write in both hardirq and\nprocess contexts, but only 3 bits of non-critical data probably\naren't worth explicit synchronizing (and they're even in the same\nbyte [31:24]).\n\n[0] https://lore.kernel.org/all/YeSRUVmrdmlUXHDn@lunn.ch", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49193" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b23b38d-e26e-47c4-8f12-8b3b0085e3c2.json b/objects/vulnerability/vulnerability--6b23b38d-e26e-47c4-8f12-8b3b0085e3c2.json new file mode 100644 index 00000000000..5c404f9f752 --- /dev/null +++ b/objects/vulnerability/vulnerability--6b23b38d-e26e-47c4-8f12-8b3b0085e3c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f71890ef-e6b8-450c-98f4-3f272e467606", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b23b38d-e26e-47c4-8f12-8b3b0085e3c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.33789Z", + "modified": "2025-02-27T00:38:15.33789Z", + "name": "CVE-2022-49666", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/memhotplug: Add add_pages override for PPC\n\nWith commit ffa0b64e3be5 (\"powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit\")\nthe kernel now validate the addr against high_memory value. This results\nin the below BUG_ON with dax pfns.\n\n[ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521!\n1:mon> e\ncpu 0x1: Vector: 700 (Program Check) at [c000000007287630]\n pc: c00000000055ed48: free_pages.part.0+0x48/0x110\n lr: c00000000053ca70: tlb_finish_mmu+0x80/0xd0\n sp: c0000000072878d0\n msr: 800000000282b033\n current = 0xc00000000afabe00\n paca = 0xc00000037ffff300 irqmask: 0x03 irq_happened: 0x05\n pid = 26531, comm = 50-landscape-sy\nkernel BUG at :5521!\nLinux version 5.19.0-rc3-14659-g4ec05be7c2e1 (kvaneesh@ltc-boston8) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #625 SMP Thu Jun 23 00:35:43 CDT 2022\n1:mon> t\n[link register ] c00000000053ca70 tlb_finish_mmu+0x80/0xd0\n[c0000000072878d0] c00000000053ca54 tlb_finish_mmu+0x64/0xd0 (unreliable)\n[c000000007287900] c000000000539424 exit_mmap+0xe4/0x2a0\n[c0000000072879e0] c00000000019fc1c mmput+0xcc/0x210\n[c000000007287a20] c000000000629230 begin_new_exec+0x5e0/0xf40\n[c000000007287ae0] c00000000070b3cc load_elf_binary+0x3ac/0x1e00\n[c000000007287c10] c000000000627af0 bprm_execve+0x3b0/0xaf0\n[c000000007287cd0] c000000000628414 do_execveat_common.isra.0+0x1e4/0x310\n[c000000007287d80] c00000000062858c sys_execve+0x4c/0x60\n[c000000007287db0] c00000000002c1b0 system_call_exception+0x160/0x2c0\n[c000000007287e10] c00000000000c53c system_call_common+0xec/0x250\n\nThe fix is to make sure we update high_memory on memory hotplug.\nThis is similar to what x86 does in commit 3072e413e305 (\"mm/memory_hotplug: introduce add_pages\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49666" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bbc75f0-f421-42b7-a2b4-c251397bae10.json b/objects/vulnerability/vulnerability--6bbc75f0-f421-42b7-a2b4-c251397bae10.json new file mode 100644 index 00000000000..908c3057e87 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bbc75f0-f421-42b7-a2b4-c251397bae10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1eb8340a-256a-4d62-b600-8b1f6c145cac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bbc75f0-f421-42b7-a2b4-c251397bae10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.687285Z", + "modified": "2025-02-27T00:38:03.687285Z", + "name": "CVE-2024-10483", + "description": "The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bf48ff5-5213-4b8f-b185-dd8679829611.json b/objects/vulnerability/vulnerability--6bf48ff5-5213-4b8f-b185-dd8679829611.json new file mode 100644 index 00000000000..33b41cbff52 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bf48ff5-5213-4b8f-b185-dd8679829611.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--933d82fd-41bd-40e0-86aa-b1a239ca53e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bf48ff5-5213-4b8f-b185-dd8679829611", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.293206Z", + "modified": "2025-02-27T00:38:15.293206Z", + "name": "CVE-2022-49203", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix double free during GPU reset on DC streams\n\n[Why]\nThe issue only occurs during the GPU reset code path.\n\nWe first backup the current state prior to commiting 0 streams\ninternally from DM to DC. This state backup contains valid link\nencoder assignments.\n\nDC will clear the link encoder assignments as part of current state\n(but not the backup, since it was a copied before the commit) and\nfree the extra stream reference it held.\n\nDC requires that the link encoder assignments remain cleared/invalid\nprior to commiting. Since the backup still has valid assignments we\ncall the interface post reset to clear them. This routine also\nreleases the extra reference that the link encoder interface held -\nresulting in a double free (and eventually a NULL pointer dereference).\n\n[How]\nWe'll have to do a full DC commit anyway after GPU reset because\nthe stream count previously went to 0.\n\nWe don't need to retain the assignment that we had backed up, so\njust copy off of the now clean current state assignment after the\nreset has occcurred with the new link_enc_cfg_copy() interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c0d3719-2b13-4c20-8c73-31db8c54add1.json b/objects/vulnerability/vulnerability--6c0d3719-2b13-4c20-8c73-31db8c54add1.json new file mode 100644 index 00000000000..67715e082e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c0d3719-2b13-4c20-8c73-31db8c54add1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27bcebdc-5db4-4867-a289-91d128bd5d84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c0d3719-2b13-4c20-8c73-31db8c54add1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.603847Z", + "modified": "2025-02-27T00:38:15.603847Z", + "name": "CVE-2022-49218", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp: Fix OOB read when handling Post Cursor2 register\n\nThe link_status array was not large enough to read the Adjust Request\nPost Cursor2 register, so remove the common helper function to avoid\nan OOB read, found with a -Warray-bounds build:\n\ndrivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor':\ndrivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds]\n 59 | return link_status[r - DP_LANE0_1_STATUS];\n | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~\ndrivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status'\n 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE],\n | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReplace the only user of the helper with an open-coded fetch and decode,\nsimilar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49218" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c74efc4-c31e-4cc0-be5e-11408af4c5aa.json b/objects/vulnerability/vulnerability--6c74efc4-c31e-4cc0-be5e-11408af4c5aa.json new file mode 100644 index 00000000000..c08aa6b9362 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c74efc4-c31e-4cc0-be5e-11408af4c5aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa2ff738-36ce-405d-acc7-672dc9dac468", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c74efc4-c31e-4cc0-be5e-11408af4c5aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.565086Z", + "modified": "2025-02-27T00:38:15.565086Z", + "name": "CVE-2022-49637", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix a data-race around sysctl_fib_sync_mem.\n\nWhile reading sysctl_fib_sync_mem, it can be changed concurrently.\nSo, we need to add READ_ONCE() to avoid a data-race.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c7ee74b-d64c-4f98-95a3-e28c028d5a03.json b/objects/vulnerability/vulnerability--6c7ee74b-d64c-4f98-95a3-e28c028d5a03.json new file mode 100644 index 00000000000..231a1599543 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c7ee74b-d64c-4f98-95a3-e28c028d5a03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc52027f-569a-4790-85ce-77c9920fb98a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c7ee74b-d64c-4f98-95a3-e28c028d5a03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.572491Z", + "modified": "2025-02-27T00:38:15.572491Z", + "name": "CVE-2022-49677", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: cns3xxx: Fix refcount leak in cns3xxx_init\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6cc2e293-67e6-4b0e-8e70-1887ea0486ad.json b/objects/vulnerability/vulnerability--6cc2e293-67e6-4b0e-8e70-1887ea0486ad.json new file mode 100644 index 00000000000..748c67ad79a --- /dev/null +++ b/objects/vulnerability/vulnerability--6cc2e293-67e6-4b0e-8e70-1887ea0486ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d99435a1-c365-42a1-87e2-b1045843d2df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6cc2e293-67e6-4b0e-8e70-1887ea0486ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.778403Z", + "modified": "2025-02-27T00:38:15.778403Z", + "name": "CVE-2022-49054", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests\n\nhv_panic_page might contain guest-sensitive information, do not dump it\nover to Hyper-V by default in isolated guests.\n\nWhile at it, update some comments in hyperv_{panic,die}_event().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49054" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6cd9bfda-da7b-4e00-949d-8c85ca78f552.json b/objects/vulnerability/vulnerability--6cd9bfda-da7b-4e00-949d-8c85ca78f552.json new file mode 100644 index 00000000000..d9cd870ad3c --- /dev/null +++ b/objects/vulnerability/vulnerability--6cd9bfda-da7b-4e00-949d-8c85ca78f552.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f3a32ac-adae-4c87-837d-915960c1e24f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6cd9bfda-da7b-4e00-949d-8c85ca78f552", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.333804Z", + "modified": "2025-02-27T00:38:15.333804Z", + "name": "CVE-2022-49388", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: ubi_create_volume: Fix use-after-free when volume creation failed\n\nThere is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s\nerror handling path:\n\n ubi_eba_replace_table(vol, eba_tbl)\n vol->eba_tbl = tbl\nout_mapping:\n ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl'\nout_unlock:\n put_device(&vol->dev)\n vol_release\n kfree(tbl->entries)\t // UAF\n\nFix it by removing redundant 'eba_tbl' releasing.\nFetch a reproducer in [Link].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49388" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6cfca07b-4c0a-4a9e-8600-5987680d61c0.json b/objects/vulnerability/vulnerability--6cfca07b-4c0a-4a9e-8600-5987680d61c0.json new file mode 100644 index 00000000000..080ed4e73b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--6cfca07b-4c0a-4a9e-8600-5987680d61c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f7e2ac9-3545-492d-876c-7ebd60528fe2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6cfca07b-4c0a-4a9e-8600-5987680d61c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.710335Z", + "modified": "2025-02-27T00:38:07.710335Z", + "name": "CVE-2025-25813", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25813" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d27994d-207d-4b06-9c96-1ee9896717a0.json b/objects/vulnerability/vulnerability--6d27994d-207d-4b06-9c96-1ee9896717a0.json new file mode 100644 index 00000000000..8db41423d99 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d27994d-207d-4b06-9c96-1ee9896717a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5bb9d88-bd96-4539-b879-fda0deee0068", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d27994d-207d-4b06-9c96-1ee9896717a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.395987Z", + "modified": "2025-02-27T00:38:15.395987Z", + "name": "CVE-2022-49467", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: msm: fix possible memory leak in mdp5_crtc_cursor_set()\n\ndrm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo\nneeds to be put when msm_gem_get_and_pin_iova fails.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49467" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d4a706d-f508-4452-8feb-2a36b76d9e0d.json b/objects/vulnerability/vulnerability--6d4a706d-f508-4452-8feb-2a36b76d9e0d.json new file mode 100644 index 00000000000..f35269baa0a --- /dev/null +++ b/objects/vulnerability/vulnerability--6d4a706d-f508-4452-8feb-2a36b76d9e0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa5dab2b-2c93-4054-acb5-f453a3ea4989", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d4a706d-f508-4452-8feb-2a36b76d9e0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.52611Z", + "modified": "2025-02-27T00:38:15.52611Z", + "name": "CVE-2022-49264", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Force single empty string when argv is empty\n\nQuoting[1] Ariadne Conill:\n\n\"In several other operating systems, it is a hard requirement that the\nsecond argument to execve(2) be the name of a program, thus prohibiting\na scenario where argc < 1. POSIX 2017 also recommends this behaviour,\nbut it is not an explicit requirement[2]:\n\n The argument arg0 should point to a filename string that is\n associated with the process being started by one of the exec\n functions.\n...\nInterestingly, Michael Kerrisk opened an issue about this in 2008[3],\nbut there was no consensus to support fixing this issue then.\nHopefully now that CVE-2021-4034 shows practical exploitative use[4]\nof this bug in a shellcode, we can reconsider.\n\nThis issue is being tracked in the KSPP issue tracker[5].\"\n\nWhile the initial code searches[6][7] turned up what appeared to be\nmostly corner case tests, trying to that just reject argv == NULL\n(or an immediately terminated pointer list) quickly started tripping[8]\nexisting userspace programs.\n\nThe next best approach is forcing a single empty string into argv and\nadjusting argc to match. The number of programs depending on argc == 0\nseems a smaller set than those calling execve with a NULL argv.\n\nAccount for the additional stack space in bprm_stack_limits(). Inject an\nempty string when argc == 0 (and set argc = 1). Warn about the case so\nuserspace has some notice about the change:\n\n process './argc0' launched './argc0' with NULL argv: empty string added\n\nAdditionally WARN() and reject NULL argv usage for kernel threads.\n\n[1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.org/\n[2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html\n[3] https://bugzilla.kernel.org/show_bug.cgi?id=8408\n[4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\n[5] https://github.com/KSPP/linux/issues/176\n[6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+*NULL&literal=0\n[7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%2C%5Cs*NULL&literal=0\n[8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49264" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d572e42-45d8-4770-8723-125e6bcda815.json b/objects/vulnerability/vulnerability--6d572e42-45d8-4770-8723-125e6bcda815.json new file mode 100644 index 00000000000..c115f53feb2 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d572e42-45d8-4770-8723-125e6bcda815.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7eb3cd5c-6246-4313-aba9-959558171c86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d572e42-45d8-4770-8723-125e6bcda815", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.959088Z", + "modified": "2025-02-27T00:38:07.959088Z", + "name": "CVE-2025-20111", + "description": "A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d6d5e57-0212-444c-b6ec-2642e68450cd.json b/objects/vulnerability/vulnerability--6d6d5e57-0212-444c-b6ec-2642e68450cd.json new file mode 100644 index 00000000000..71550ddab36 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d6d5e57-0212-444c-b6ec-2642e68450cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79559562-692a-4617-b9f2-a2b02a64d637", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d6d5e57-0212-444c-b6ec-2642e68450cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.461342Z", + "modified": "2025-02-27T00:38:15.461342Z", + "name": "CVE-2022-49403", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/string_helpers: fix not adding strarray to device's resource list\n\nAdd allocated strarray to device's resource list. This is a must to\nautomatically release strarray when the device disappears.\n\nWithout this fix we have a memory leak in the few drivers which use\ndevm_kasprintf_strarray().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49403" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e0f69a0-b9db-44b0-a819-103e885ab1ad.json b/objects/vulnerability/vulnerability--6e0f69a0-b9db-44b0-a819-103e885ab1ad.json new file mode 100644 index 00000000000..200fb438c45 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e0f69a0-b9db-44b0-a819-103e885ab1ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14483a99-29e5-4b60-ad5c-6d12c72ee95a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e0f69a0-b9db-44b0-a819-103e885ab1ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.500327Z", + "modified": "2025-02-27T00:38:15.500327Z", + "name": "CVE-2022-49314", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: Fix a possible resource leak in icom_probe\n\nWhen pci_read_config_dword failed, call pci_release_regions() and\npci_disable_device() to recycle the resource previously allocated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49314" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e5617dd-c4db-41f4-80b1-30edcf03a21a.json b/objects/vulnerability/vulnerability--6e5617dd-c4db-41f4-80b1-30edcf03a21a.json new file mode 100644 index 00000000000..a3f66cde569 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e5617dd-c4db-41f4-80b1-30edcf03a21a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f90e1c7e-ae3b-498e-ba13-f15e22eebaaf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e5617dd-c4db-41f4-80b1-30edcf03a21a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.383587Z", + "modified": "2025-02-27T00:38:15.383587Z", + "name": "CVE-2022-49206", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix memory leak in error flow for subscribe event routine\n\nIn case the second xa_insert() fails, the obj_event is not released. Fix\nthe error unwind flow to free that memory to avoid a memory leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e727534-7bd6-47d0-83f0-aef4816b2cbf.json b/objects/vulnerability/vulnerability--6e727534-7bd6-47d0-83f0-aef4816b2cbf.json new file mode 100644 index 00000000000..4401e0e2f6c --- /dev/null +++ b/objects/vulnerability/vulnerability--6e727534-7bd6-47d0-83f0-aef4816b2cbf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dc59a4d-3e33-4008-b459-8ea5c59f7327", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e727534-7bd6-47d0-83f0-aef4816b2cbf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.551875Z", + "modified": "2025-02-27T00:38:15.551875Z", + "name": "CVE-2022-49438", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: sparcspkr - fix refcount leak in bbc_beep_probe\n\nof_find_node_by_path() calls of_find_node_opts_by_path(),\nwhich returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49438" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e7dbb0a-52fb-4148-9289-1c0f1e28e824.json b/objects/vulnerability/vulnerability--6e7dbb0a-52fb-4148-9289-1c0f1e28e824.json new file mode 100644 index 00000000000..fca67f60443 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e7dbb0a-52fb-4148-9289-1c0f1e28e824.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68188d1d-ca24-4445-9b70-826730cec90c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e7dbb0a-52fb-4148-9289-1c0f1e28e824", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.105121Z", + "modified": "2025-02-27T00:38:04.105121Z", + "name": "CVE-2024-50696", + "description": "SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e9b82ba-b481-4f66-818f-a881fd610bb6.json b/objects/vulnerability/vulnerability--6e9b82ba-b481-4f66-818f-a881fd610bb6.json new file mode 100644 index 00000000000..eb32c84da29 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e9b82ba-b481-4f66-818f-a881fd610bb6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60052b5b-b170-470d-b89f-56347c65c81a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e9b82ba-b481-4f66-818f-a881fd610bb6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.700199Z", + "modified": "2025-02-27T00:38:15.700199Z", + "name": "CVE-2022-49398", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback\n\nThe list_for_each_entry_safe() macro saves the current item (n) and\nthe item after (n+1), so that n can be safely removed without\ncorrupting the list. However, when traversing the list and removing\nitems using gadget giveback, the DWC3 lock is briefly released,\nallowing other routines to execute. There is a situation where, while\nitems are being removed from the cancelled_list using\ndwc3_gadget_ep_cleanup_cancelled_requests(), the pullup disable\nroutine is running in parallel (due to UDC unbind). As the cleanup\nroutine removes n, and the pullup disable removes n+1, once the\ncleanup retakes the DWC3 lock, it references a request who was already\nremoved/handled. With list debug enabled, this leads to a panic.\nEnsure all instances of the macro are replaced where gadget giveback\nis used.\n\nExample call stack:\n\nThread#1:\n__dwc3_gadget_ep_set_halt() - CLEAR HALT\n -> dwc3_gadget_ep_cleanup_cancelled_requests()\n ->list_for_each_entry_safe()\n ->dwc3_gadget_giveback(n)\n ->dwc3_gadget_del_and_unmap_request()- n deleted[cancelled_list]\n ->spin_unlock\n ->Thread#2 executes\n ...\n ->dwc3_gadget_giveback(n+1)\n ->Already removed!\n\nThread#2:\ndwc3_gadget_pullup()\n ->waiting for dwc3 spin_lock\n ...\n ->Thread#1 released lock\n ->dwc3_stop_active_transfers()\n ->dwc3_remove_requests()\n ->fetches n+1 item from cancelled_list (n removed by Thread#1)\n ->dwc3_gadget_giveback()\n ->dwc3_gadget_del_and_unmap_request()- n+1 deleted[cancelled_list]\n ->spin_unlock", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49398" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6eb31d0e-e653-40d0-bc4b-c9f1e89e74b3.json b/objects/vulnerability/vulnerability--6eb31d0e-e653-40d0-bc4b-c9f1e89e74b3.json new file mode 100644 index 00000000000..7152429dead --- /dev/null +++ b/objects/vulnerability/vulnerability--6eb31d0e-e653-40d0-bc4b-c9f1e89e74b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b85b2a54-c552-4cfa-be40-301a74b2a1cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6eb31d0e-e653-40d0-bc4b-c9f1e89e74b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.487142Z", + "modified": "2025-02-27T00:38:15.487142Z", + "name": "CVE-2022-49055", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check for potential null return of kmalloc_array()\n\nAs the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference.\nTherefore, it is better to check the return value of kmalloc_array() to avoid this confusion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49055" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ed6af68-0144-4192-ad68-911b0f82ef58.json b/objects/vulnerability/vulnerability--6ed6af68-0144-4192-ad68-911b0f82ef58.json new file mode 100644 index 00000000000..14445db7491 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ed6af68-0144-4192-ad68-911b0f82ef58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3993da35-7104-4f44-86cf-da27da5054ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ed6af68-0144-4192-ad68-911b0f82ef58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.567832Z", + "modified": "2025-02-27T00:38:15.567832Z", + "name": "CVE-2022-49630", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix a data-race around sysctl_tcp_ecn_fallback.\n\nWhile reading sysctl_tcp_ecn_fallback, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its reader.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f056187-0691-4e41-9ef5-f9727612f2c0.json b/objects/vulnerability/vulnerability--6f056187-0691-4e41-9ef5-f9727612f2c0.json new file mode 100644 index 00000000000..e5ebc6a8ae8 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f056187-0691-4e41-9ef5-f9727612f2c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a1f3fa5-bb93-4ee9-be4a-5b17c995c74e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f056187-0691-4e41-9ef5-f9727612f2c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.335822Z", + "modified": "2025-02-27T00:38:15.335822Z", + "name": "CVE-2022-49221", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: populate connector of struct dp_panel\n\nDP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose\nand expect DP source return correct checksum. During drm edid read,\ncorrect edid checksum is calculated and stored at\nconnector::real_edid_checksum.\n\nThe problem is struct dp_panel::connector never be assigned, instead the\nconnector is stored in struct msm_dp::connector. When we run compliance\ntesting test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid\nedid set in struct dp_panel::edid so we'll try to use the connectors\nreal_edid_checksum and hit a NULL pointer dereference error because the\nconnector pointer is never assigned.\n\nChanges in V2:\n-- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()\n\nChanges in V3:\n-- remove unhelpful kernel crash trace commit text\n-- remove renaming dp_display parameter to dp\n\nChanges in V4:\n-- add more details to commit text\n\nChanges in v10:\n-- group into one series\n\nChanges in v11:\n-- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read\n\nSignee-off-by: Kuogee Hsieh ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49221" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f2395e8-ad78-453c-8e33-9331c1c59767.json b/objects/vulnerability/vulnerability--6f2395e8-ad78-453c-8e33-9331c1c59767.json new file mode 100644 index 00000000000..f54aa8e41e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f2395e8-ad78-453c-8e33-9331c1c59767.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--432db399-08ae-467d-a299-771ec781c1b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f2395e8-ad78-453c-8e33-9331c1c59767", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.461711Z", + "modified": "2025-02-27T00:38:07.461711Z", + "name": "CVE-2025-22881", + "description": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22881" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f3498ad-7c35-495d-8550-a3522847e9ec.json b/objects/vulnerability/vulnerability--6f3498ad-7c35-495d-8550-a3522847e9ec.json new file mode 100644 index 00000000000..3b28bf3fff6 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f3498ad-7c35-495d-8550-a3522847e9ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd4afd10-e389-40f8-8da6-a690e6c4948a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f3498ad-7c35-495d-8550-a3522847e9ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.460421Z", + "modified": "2025-02-27T00:38:15.460421Z", + "name": "CVE-2022-49638", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: Fix data-races around sysctl.\n\nWhile reading icmp sysctl variables, they can be changed concurrently.\nSo, we need to add READ_ONCE() to avoid data-races.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49638" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f436c1e-9514-4a09-abf7-f6b2b9d872c2.json b/objects/vulnerability/vulnerability--6f436c1e-9514-4a09-abf7-f6b2b9d872c2.json new file mode 100644 index 00000000000..3f444e1dbb5 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f436c1e-9514-4a09-abf7-f6b2b9d872c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9010fda6-4a9f-45b1-969c-1d373d61c5b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f436c1e-9514-4a09-abf7-f6b2b9d872c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.393235Z", + "modified": "2025-02-27T00:38:15.393235Z", + "name": "CVE-2022-49367", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\n\nmv88e6xxx_mdio_register() pass the device node to of_mdiobus_register().\nWe don't need the device node after it.\n\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fc92b9f-6efe-4257-b569-0446dcba0ff6.json b/objects/vulnerability/vulnerability--6fc92b9f-6efe-4257-b569-0446dcba0ff6.json new file mode 100644 index 00000000000..4db8333f399 --- /dev/null +++ b/objects/vulnerability/vulnerability--6fc92b9f-6efe-4257-b569-0446dcba0ff6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a13d3504-bc0a-4ed2-a989-8b476ae5cff3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fc92b9f-6efe-4257-b569-0446dcba0ff6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.266617Z", + "modified": "2025-02-27T00:38:15.266617Z", + "name": "CVE-2022-49152", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nXArray: Fix xas_create_range() when multi-order entry present\n\nIf there is already an entry present that is of order >= XA_CHUNK_SHIFT\nwhen we call xas_create_range(), xas_create_range() will misinterpret\nthat entry as a node and dereference xa_node->parent, generally leading\nto a crash that looks something like this:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001:\n0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0\nRIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline]\nRIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725\n\nIt's deterministically reproducable once you know what the problem is,\nbut producing it in a live kernel requires khugepaged to hit a race.\nWhile the problem has been present since xas_create_range() was\nintroduced, I'm not aware of a way to hit it before the page cache was\nconverted to use multi-index entries.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49152" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--719da266-8dcf-48d9-9a65-6e9cfee48bb7.json b/objects/vulnerability/vulnerability--719da266-8dcf-48d9-9a65-6e9cfee48bb7.json new file mode 100644 index 00000000000..af058416ddb --- /dev/null +++ b/objects/vulnerability/vulnerability--719da266-8dcf-48d9-9a65-6e9cfee48bb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8926cec7-bffa-4aab-bf58-27893901418c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--719da266-8dcf-48d9-9a65-6e9cfee48bb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.758384Z", + "modified": "2025-02-27T00:38:07.758384Z", + "name": "CVE-2025-25818", + "description": "A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7201bc1c-67c1-4240-9868-cb36988154cc.json b/objects/vulnerability/vulnerability--7201bc1c-67c1-4240-9868-cb36988154cc.json new file mode 100644 index 00000000000..fff31367f80 --- /dev/null +++ b/objects/vulnerability/vulnerability--7201bc1c-67c1-4240-9868-cb36988154cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf9cd652-4ae7-48df-973a-03f591dfdb05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7201bc1c-67c1-4240-9868-cb36988154cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.514602Z", + "modified": "2025-02-27T00:38:15.514602Z", + "name": "CVE-2022-49418", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix free of uninitialized nfs4_label on referral lookup.\n\nSend along the already-allocated fattr along with nfs4_fs_locations, and\ndrop the memcpy of fattr. We end up growing two more allocations, but this\nfixes up a crash as:\n\nPID: 790 TASK: ffff88811b43c000 CPU: 0 COMMAND: \"ls\"\n #0 [ffffc90000857920] panic at ffffffff81b9bfde\n #1 [ffffc900008579c0] do_trap at ffffffff81023a9b\n #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78\n #3 [ffffc90000857a58] exc_stack_segment at ffffffff81be1f45\n #4 [ffffc90000857a80] asm_exc_stack_segment at ffffffff81c009de\n #5 [ffffc90000857b08] nfs_lookup at ffffffffa0302322 [nfs]\n #6 [ffffc90000857b70] __lookup_slow at ffffffff813a4a5f\n #7 [ffffc90000857c60] walk_component at ffffffff813a86c4\n #8 [ffffc90000857cb8] path_lookupat at ffffffff813a9553\n #9 [ffffc90000857cf0] filename_lookup at ffffffff813ab86b", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49418" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--721e9b3b-a822-4079-a1b9-451dc6752ff4.json b/objects/vulnerability/vulnerability--721e9b3b-a822-4079-a1b9-451dc6752ff4.json new file mode 100644 index 00000000000..4fa60622312 --- /dev/null +++ b/objects/vulnerability/vulnerability--721e9b3b-a822-4079-a1b9-451dc6752ff4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--890fec5b-87c9-4d36-8bc2-167b5edc643c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--721e9b3b-a822-4079-a1b9-451dc6752ff4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.156654Z", + "modified": "2025-02-27T00:38:04.156654Z", + "name": "CVE-2024-50689", + "description": "SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7236b92f-1a3d-4254-86a7-a7cafc5e7391.json b/objects/vulnerability/vulnerability--7236b92f-1a3d-4254-86a7-a7cafc5e7391.json new file mode 100644 index 00000000000..44fcb5cb113 --- /dev/null +++ b/objects/vulnerability/vulnerability--7236b92f-1a3d-4254-86a7-a7cafc5e7391.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--475e0eac-c0a7-4628-af1d-2bb9da8afc05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7236b92f-1a3d-4254-86a7-a7cafc5e7391", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.406568Z", + "modified": "2025-02-27T00:38:15.406568Z", + "name": "CVE-2022-49546", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: fix memory leak of elf header buffer\n\nThis is reported by kmemleak detector:\n\nunreferenced object 0xffffc900002a9000 (size 4096):\n comm \"kexec\", pid 14950, jiffies 4295110793 (age 373.951s)\n hex dump (first 32 bytes):\n 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............\n 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>.............\n backtrace:\n [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170\n [<000000002b66b6c0>] __vmalloc_node+0xb4/0x160\n [<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0\n [<0000000019afff23>] crash_load_segments+0x260/0x470\n [<0000000019ebe95c>] bzImage64_load+0x814/0xad0\n [<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0\n [<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0\n [<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530\n [<0000000087c19992>] do_syscall_64+0x3b/0x90\n [<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to\nstore elf headers. While it's not freed back to system correctly when\nkdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it\nby introducing x86 specific function arch_kimage_file_post_load_cleanup(),\nand freeing the buffer there.\n\nAnd also remove the incorrect elf header buffer freeing code. Before\ncalling arch specific kexec_file loading function, the image instance has\nbeen initialized. So 'image->elf_headers' must be NULL. It doesn't make\nsense to free the elf header buffer in the place.\n\nThree different people have reported three bugs about the memory leak on\nx86_64 inside Redhat.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49546" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72a128ca-4beb-4cc3-924e-5794c145a4d0.json b/objects/vulnerability/vulnerability--72a128ca-4beb-4cc3-924e-5794c145a4d0.json new file mode 100644 index 00000000000..9a55b4ba7b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--72a128ca-4beb-4cc3-924e-5794c145a4d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ccb6793-5eb8-4566-96e1-3cc750659992", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72a128ca-4beb-4cc3-924e-5794c145a4d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.725726Z", + "modified": "2025-02-27T00:38:15.725726Z", + "name": "CVE-2022-49651", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsrcu: Tighten cleanup_srcu_struct() GP checks\n\nCurrently, cleanup_srcu_struct() checks for a grace period in progress,\nbut it does not check for a grace period that has not yet started but\nwhich might start at any time. Such a situation could result in a\nuse-after-free bug, so this commit adds a check for a grace period that\nis needed but not yet started to cleanup_srcu_struct().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72b072ed-7167-4fbb-a806-fdf9bd0dab79.json b/objects/vulnerability/vulnerability--72b072ed-7167-4fbb-a806-fdf9bd0dab79.json new file mode 100644 index 00000000000..9095e06229d --- /dev/null +++ b/objects/vulnerability/vulnerability--72b072ed-7167-4fbb-a806-fdf9bd0dab79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ba59b2c-156e-43f6-b52b-d263b9a6b48d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72b072ed-7167-4fbb-a806-fdf9bd0dab79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.707035Z", + "modified": "2025-02-27T00:38:15.707035Z", + "name": "CVE-2022-49382", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: rockchip: Fix refcount leak in rockchip_grf_init\n\nof_find_matching_node_and_match returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49382" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7338f0df-1de8-4c22-a42d-d6f95e009f06.json b/objects/vulnerability/vulnerability--7338f0df-1de8-4c22-a42d-d6f95e009f06.json new file mode 100644 index 00000000000..216b532e913 --- /dev/null +++ b/objects/vulnerability/vulnerability--7338f0df-1de8-4c22-a42d-d6f95e009f06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--17c5a6a2-159e-448b-b8b7-f221ee7d02ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7338f0df-1de8-4c22-a42d-d6f95e009f06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.307857Z", + "modified": "2025-02-27T00:38:15.307857Z", + "name": "CVE-2022-49474", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout\n\nConnecting the same socket twice consecutively in sco_sock_connect()\ncould lead to a race condition where two sco_conn objects are created\nbut only one is associated with the socket. If the socket is closed\nbefore the SCO connection is established, the timer associated with the\ndangling sco_conn object won't be canceled. As the sock object is being\nfreed, the use-after-free problem happens when the timer callback\nfunction sco_sock_timeout() accesses the socket. Here's the call trace:\n\ndump_stack+0x107/0x163\n? refcount_inc+0x1c/\nprint_address_description.constprop.0+0x1c/0x47e\n? refcount_inc+0x1c/0x7b\nkasan_report+0x13a/0x173\n? refcount_inc+0x1c/0x7b\ncheck_memory_region+0x132/0x139\nrefcount_inc+0x1c/0x7b\nsco_sock_timeout+0xb2/0x1ba\nprocess_one_work+0x739/0xbd1\n? cancel_delayed_work+0x13f/0x13f\n? __raw_spin_lock_init+0xf0/0xf0\n? to_kthread+0x59/0x85\nworker_thread+0x593/0x70e\nkthread+0x346/0x35a\n? drain_workqueue+0x31a/0x31a\n? kthread_bind+0x4b/0x4b\nret_from_fork+0x1f/0x30", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73509fda-d6a6-4a18-aef4-60b6bf19d4cf.json b/objects/vulnerability/vulnerability--73509fda-d6a6-4a18-aef4-60b6bf19d4cf.json new file mode 100644 index 00000000000..7d6fc8cc28e --- /dev/null +++ b/objects/vulnerability/vulnerability--73509fda-d6a6-4a18-aef4-60b6bf19d4cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--398eed26-c934-4de8-ab8e-710ec5c644f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73509fda-d6a6-4a18-aef4-60b6bf19d4cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.103325Z", + "modified": "2025-02-27T00:38:04.103325Z", + "name": "CVE-2024-50688", + "description": "SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--739fd9a2-eae9-461d-b077-e7c8e4f00bd8.json b/objects/vulnerability/vulnerability--739fd9a2-eae9-461d-b077-e7c8e4f00bd8.json new file mode 100644 index 00000000000..fdcf9021bf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--739fd9a2-eae9-461d-b077-e7c8e4f00bd8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8135c603-5e32-409d-9673-85ef4115546b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--739fd9a2-eae9-461d-b077-e7c8e4f00bd8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.482486Z", + "modified": "2025-02-27T00:38:07.482486Z", + "name": "CVE-2025-0235", + "description": "Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73a58c87-6df5-4c27-b2c9-637fd759f25e.json b/objects/vulnerability/vulnerability--73a58c87-6df5-4c27-b2c9-637fd759f25e.json new file mode 100644 index 00000000000..3a8a346f97a --- /dev/null +++ b/objects/vulnerability/vulnerability--73a58c87-6df5-4c27-b2c9-637fd759f25e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4be51b77-ee59-48f6-9102-6d636c6326b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73a58c87-6df5-4c27-b2c9-637fd759f25e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.392304Z", + "modified": "2025-02-27T00:38:15.392304Z", + "name": "CVE-2022-49165", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers\n\nIf the application queues an NV12M jpeg as output buffer, but then\nqueues a single planar capture buffer, the kernel will crash with\n\"Unable to handle kernel NULL pointer dereference\" in mxc_jpeg_addrs,\nprevent this by finishing the job with error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49165" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73ed12a4-3962-4937-82fb-782b33209f7d.json b/objects/vulnerability/vulnerability--73ed12a4-3962-4937-82fb-782b33209f7d.json new file mode 100644 index 00000000000..5ad17975543 --- /dev/null +++ b/objects/vulnerability/vulnerability--73ed12a4-3962-4937-82fb-782b33209f7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--572bb08b-ddf3-4757-8feb-cbbf242d6580", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73ed12a4-3962-4937-82fb-782b33209f7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.326102Z", + "modified": "2025-02-27T00:38:15.326102Z", + "name": "CVE-2022-49260", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - fix the aead software fallback for engine\n\nDue to the subreq pointer misuse the private context memory. The aead\nsoft crypto occasionally casues the OS panic as setting the 64K page.\nHere is fix it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73ee219b-c2f4-4408-b907-3468a330f0e5.json b/objects/vulnerability/vulnerability--73ee219b-c2f4-4408-b907-3468a330f0e5.json new file mode 100644 index 00000000000..b87f4e2780f --- /dev/null +++ b/objects/vulnerability/vulnerability--73ee219b-c2f4-4408-b907-3468a330f0e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06f8b8e7-8627-4dbf-aef9-2c46fb9272e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73ee219b-c2f4-4408-b907-3468a330f0e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.3699Z", + "modified": "2025-02-27T00:38:15.3699Z", + "name": "CVE-2022-49649", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue\n\nxenvif_rx_next_skb() is expecting the rx queue not being empty, but\nin case the loop in xenvif_rx_action() is doing multiple iterations,\nthe availability of another skb in the rx queue is not being checked.\n\nThis can lead to crashes:\n\n[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080\n[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]\n[40072.537534] PGD 0 P4D 0\n[40072.537644] Oops: 0000 [#1] SMP NOPTI\n[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5\n[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021\n[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000\n[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]\n[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246\n[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7\n[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8\n[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008\n[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708\n[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0\n[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000\n[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033\n[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660\n[40072.539211] Call Trace:\n[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]\n[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]\n\nFix that by stopping the loop in case the rx queue becomes empty.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49649" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--748c7487-005b-40c0-b3a8-6b9fab4ddf00.json b/objects/vulnerability/vulnerability--748c7487-005b-40c0-b3a8-6b9fab4ddf00.json new file mode 100644 index 00000000000..aa7f081d34d --- /dev/null +++ b/objects/vulnerability/vulnerability--748c7487-005b-40c0-b3a8-6b9fab4ddf00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--592b6ae8-bf20-4f26-9735-0a547ba88b9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--748c7487-005b-40c0-b3a8-6b9fab4ddf00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.493768Z", + "modified": "2025-02-27T00:38:15.493768Z", + "name": "CVE-2022-49275", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: m_can_tx_handler(): fix use after free of skb\n\ncan_put_echo_skb() will clone skb then free the skb. Move the\ncan_put_echo_skb() for the m_can version 3.0.x directly before the\nstart of the xmit in hardware, similar to the 3.1.x branch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49275" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--753e1828-fb84-4404-b455-c217cc1eed5b.json b/objects/vulnerability/vulnerability--753e1828-fb84-4404-b455-c217cc1eed5b.json new file mode 100644 index 00000000000..c3109ba9c02 --- /dev/null +++ b/objects/vulnerability/vulnerability--753e1828-fb84-4404-b455-c217cc1eed5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--100e6057-4139-4f1f-bf3e-b5b3c9334cad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--753e1828-fb84-4404-b455-c217cc1eed5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.360254Z", + "modified": "2025-02-27T00:38:15.360254Z", + "name": "CVE-2022-49279", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: prevent integer overflow on 32 bit systems\n\nOn a 32 bit system, the \"len * sizeof(*p)\" operation can have an\ninteger overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49279" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--757f643b-d2e2-4309-8743-47279fc74282.json b/objects/vulnerability/vulnerability--757f643b-d2e2-4309-8743-47279fc74282.json new file mode 100644 index 00000000000..125cd15f69e --- /dev/null +++ b/objects/vulnerability/vulnerability--757f643b-d2e2-4309-8743-47279fc74282.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6f67f0d-83bc-494d-b239-34f31a1f1e2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--757f643b-d2e2-4309-8743-47279fc74282", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.536563Z", + "modified": "2025-02-27T00:38:15.536563Z", + "name": "CVE-2022-49083", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/omap: Fix regression in probe for NULL pointer dereference\n\nCommit 3f6634d997db (\"iommu: Use right way to retrieve iommu_ops\") started\ntriggering a NULL pointer dereference for some omap variants:\n\n__iommu_probe_device from probe_iommu_group+0x2c/0x38\nprobe_iommu_group from bus_for_each_dev+0x74/0xbc\nbus_for_each_dev from bus_iommu_probe+0x34/0x2e8\nbus_iommu_probe from bus_set_iommu+0x80/0xc8\nbus_set_iommu from omap_iommu_init+0x88/0xcc\nomap_iommu_init from do_one_initcall+0x44/0x24\n\nThis is caused by omap iommu probe returning 0 instead of ERR_PTR(-ENODEV)\nas noted by Jason Gunthorpe .\n\nLooks like the regression already happened with an earlier commit\n6785eb9105e3 (\"iommu/omap: Convert to probe/release_device() call-backs\")\nthat changed the function return type and missed converting one place.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49083" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75847e3b-a061-465a-81b1-06245bd6e4ee.json b/objects/vulnerability/vulnerability--75847e3b-a061-465a-81b1-06245bd6e4ee.json new file mode 100644 index 00000000000..f803e6ca377 --- /dev/null +++ b/objects/vulnerability/vulnerability--75847e3b-a061-465a-81b1-06245bd6e4ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29a9e4fb-2fc7-4183-97fc-52b38132f2b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75847e3b-a061-465a-81b1-06245bd6e4ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.315496Z", + "modified": "2025-02-27T00:38:15.315496Z", + "name": "CVE-2022-49228", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a btf decl_tag bug when tagging a function\n\nsyzbot reported a btf decl_tag bug with stack trace below:\n\n general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n CPU: 0 PID: 3592 Comm: syz-executor914 Not tainted 5.16.0-syzkaller-11424-gb7892f7d5cb2 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:btf_type_vlen include/linux/btf.h:231 [inline]\n RIP: 0010:btf_decl_tag_resolve+0x83e/0xaa0 kernel/bpf/btf.c:3910\n ...\n Call Trace:\n \n btf_resolve+0x251/0x1020 kernel/bpf/btf.c:4198\n btf_check_all_types kernel/bpf/btf.c:4239 [inline]\n btf_parse_type_sec kernel/bpf/btf.c:4280 [inline]\n btf_parse kernel/bpf/btf.c:4513 [inline]\n btf_new_fd+0x19fe/0x2370 kernel/bpf/btf.c:6047\n bpf_btf_load kernel/bpf/syscall.c:4039 [inline]\n __sys_bpf+0x1cbb/0x5970 kernel/bpf/syscall.c:4679\n __do_sys_bpf kernel/bpf/syscall.c:4738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:4736 [inline]\n __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4736\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe kasan error is triggered with an illegal BTF like below:\n type 0: void\n type 1: int\n type 2: decl_tag to func type 3\n type 3: func to func_proto type 8\nThe total number of types is 4 and the type 3 is illegal\nsince its func_proto type is out of range.\n\nCurrently, the target type of decl_tag can be struct/union, var or func.\nBoth struct/union and var implemented their own 'resolve' callback functions\nand hence handled properly in kernel.\nBut func type doesn't have 'resolve' callback function. When\nbtf_decl_tag_resolve() tries to check func type, it tries to get\nvlen of its func_proto type, which triggered the above kasan error.\n\nTo fix the issue, btf_decl_tag_resolve() needs to do btf_func_check()\nbefore trying to accessing func_proto type.\nIn the current implementation, func type is checked with\nbtf_func_check() in the main checking function btf_check_all_types().\nTo fix the above kasan issue, let us implement 'resolve' callback\nfunc type properly. The 'resolve' callback will be also called\nin btf_check_all_types() for func types.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7584f65b-359a-4c4e-8412-b38dddbeb599.json b/objects/vulnerability/vulnerability--7584f65b-359a-4c4e-8412-b38dddbeb599.json new file mode 100644 index 00000000000..42ff9bbcacf --- /dev/null +++ b/objects/vulnerability/vulnerability--7584f65b-359a-4c4e-8412-b38dddbeb599.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7f76c30-e076-495f-a578-db5543f76e90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7584f65b-359a-4c4e-8412-b38dddbeb599", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.645663Z", + "modified": "2025-02-27T00:38:15.645663Z", + "name": "CVE-2022-49539", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw89: ser: fix CAM leaks occurring in L2 reset\n\nThe CAM, meaning address CAM and bssid CAM here, will get leaks during\nSER (system error recover) L2 reset process and ieee80211_restart_hw()\nwhich is called by L2 reset process eventually.\n\nThe normal flow would be like\n-> add interface (acquire 1)\n-> enter ips (release 1)\n-> leave ips (acquire 1)\n-> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection>\n\nThe ieee80211_restart_hw() flow (under connection)\n-> ieee80211 reconfig\n-> add interface (acquire 1)\n-> leave ips (acquire 1)\n-> connection (occupy (A) + 2) <(B) 1 more leak>\n\nOriginally, CAM is released before HW restart only if connection is under\nsecurity. Now, release CAM whatever connection it is to fix leak in (A).\nOTOH, check if CAM is already valid to avoid acquiring multiple times to\nfix (B).\n\nBesides, if AP mode, release address CAM of all stations before HW restart.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75be5f50-38e0-401e-b7bb-e9b0ff4fd413.json b/objects/vulnerability/vulnerability--75be5f50-38e0-401e-b7bb-e9b0ff4fd413.json new file mode 100644 index 00000000000..70af2830428 --- /dev/null +++ b/objects/vulnerability/vulnerability--75be5f50-38e0-401e-b7bb-e9b0ff4fd413.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a96099f-1663-44fa-9381-c97416ef4bb6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75be5f50-38e0-401e-b7bb-e9b0ff4fd413", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.755593Z", + "modified": "2025-02-27T00:38:15.755593Z", + "name": "CVE-2022-49282", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: quota: fix loop condition at f2fs_quota_sync()\n\ncnt should be passed to sb_has_quota_active() instead of type to check\nactive quota properly.\n\nMoreover, when the type is -1, the compiler with enough inline knowledge\ncan discard sb_has_quota_active() check altogether, causing a NULL pointer\ndereference at the following inode_lock(dqopt->files[cnt]):\n\n[ 2.796010] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[ 2.796024] Mem abort info:\n[ 2.796025] ESR = 0x96000005\n[ 2.796028] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2.796029] SET = 0, FnV = 0\n[ 2.796031] EA = 0, S1PTW = 0\n[ 2.796032] Data abort info:\n[ 2.796034] ISV = 0, ISS = 0x00000005\n[ 2.796035] CM = 0, WnR = 0\n[ 2.796046] user pgtable: 4k pages, 39-bit VAs, pgdp=00000003370d1000\n[ 2.796048] [00000000000000a0] pgd=0000000000000000, pud=0000000000000000\n[ 2.796051] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[ 2.796056] CPU: 7 PID: 640 Comm: f2fs_ckpt-259:7 Tainted: G S 5.4.179-arter97-r8-64666-g2f16e087f9d8 #1\n[ 2.796057] Hardware name: Qualcomm Technologies, Inc. Lahaina MTP lemonadep (DT)\n[ 2.796059] pstate: 80c00005 (Nzcv daif +PAN +UAO)\n[ 2.796065] pc : down_write+0x28/0x70\n[ 2.796070] lr : f2fs_quota_sync+0x100/0x294\n[ 2.796071] sp : ffffffa3f48ffc30\n[ 2.796073] x29: ffffffa3f48ffc30 x28: 0000000000000000\n[ 2.796075] x27: ffffffa3f6d718b8 x26: ffffffa415fe9d80\n[ 2.796077] x25: ffffffa3f7290048 x24: 0000000000000001\n[ 2.796078] x23: 0000000000000000 x22: ffffffa3f7290000\n[ 2.796080] x21: ffffffa3f72904a0 x20: ffffffa3f7290110\n[ 2.796081] x19: ffffffa3f77a9800 x18: ffffffc020aae038\n[ 2.796083] x17: ffffffa40e38e040 x16: ffffffa40e38e6d0\n[ 2.796085] x15: ffffffa40e38e6cc x14: ffffffa40e38e6d0\n[ 2.796086] x13: 00000000000004f6 x12: 00162c44ff493000\n[ 2.796088] x11: 0000000000000400 x10: ffffffa40e38c948\n[ 2.796090] x9 : 0000000000000000 x8 : 00000000000000a0\n[ 2.796091] x7 : 0000000000000000 x6 : 0000d1060f00002a\n[ 2.796093] x5 : ffffffa3f48ff718 x4 : 000000000000000d\n[ 2.796094] x3 : 00000000060c0000 x2 : 0000000000000001\n[ 2.796096] x1 : 0000000000000000 x0 : 00000000000000a0\n[ 2.796098] Call trace:\n[ 2.796100] down_write+0x28/0x70\n[ 2.796102] f2fs_quota_sync+0x100/0x294\n[ 2.796104] block_operations+0x120/0x204\n[ 2.796106] f2fs_write_checkpoint+0x11c/0x520\n[ 2.796107] __checkpoint_and_complete_reqs+0x7c/0xd34\n[ 2.796109] issue_checkpoint_thread+0x6c/0xb8\n[ 2.796112] kthread+0x138/0x414\n[ 2.796114] ret_from_fork+0x10/0x18\n[ 2.796117] Code: aa0803e0 aa1f03e1 52800022 aa0103e9 (c8e97d02)\n[ 2.796120] ---[ end trace 96e942e8eb6a0b53 ]---\n[ 2.800116] Kernel panic - not syncing: Fatal exception\n[ 2.800120] SMP: stopping secondary CPUs", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49282" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7700016a-0b4f-48e6-a241-b1ae7e40f79b.json b/objects/vulnerability/vulnerability--7700016a-0b4f-48e6-a241-b1ae7e40f79b.json new file mode 100644 index 00000000000..8141d8e8485 --- /dev/null +++ b/objects/vulnerability/vulnerability--7700016a-0b4f-48e6-a241-b1ae7e40f79b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76190f90-3323-467a-b1ca-f2913f7d8093", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7700016a-0b4f-48e6-a241-b1ae7e40f79b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.372885Z", + "modified": "2025-02-27T00:38:15.372885Z", + "name": "CVE-2022-49088", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49088" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7760c5c3-b2ff-4803-aa32-c667bfa37a4c.json b/objects/vulnerability/vulnerability--7760c5c3-b2ff-4803-aa32-c667bfa37a4c.json new file mode 100644 index 00000000000..5252c26acbe --- /dev/null +++ b/objects/vulnerability/vulnerability--7760c5c3-b2ff-4803-aa32-c667bfa37a4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9ff67b9-7c46-4684-8e1a-1c79cede7810", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7760c5c3-b2ff-4803-aa32-c667bfa37a4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.286583Z", + "modified": "2025-02-27T00:38:15.286583Z", + "name": "CVE-2022-49297", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix io hung while disconnecting device\n\nIn our tests, \"qemu-nbd\" triggers a io hung:\n\nINFO: task qemu-nbd:11445 blocked for more than 368 seconds.\n Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000\nCall Trace:\n \n __schedule+0x480/0x1050\n ? _raw_spin_lock_irqsave+0x3e/0xb0\n schedule+0x9c/0x1b0\n blk_mq_freeze_queue_wait+0x9d/0xf0\n ? ipi_rseq+0x70/0x70\n blk_mq_freeze_queue+0x2b/0x40\n nbd_add_socket+0x6b/0x270 [nbd]\n nbd_ioctl+0x383/0x510 [nbd]\n blkdev_ioctl+0x18e/0x3e0\n __x64_sys_ioctl+0xac/0x120\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fd8ff706577\nRSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577\nRDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f\nRBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0\nR10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d\nR13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0\n\n\"qemu-ndb -d\" will call ioctl 'NBD_DISCONNECT' first, however, following\nmessage was found:\n\nblock nbd0: Send disconnect failed -32\n\nWhich indicate that something is wrong with the server. Then,\n\"qemu-nbd -d\" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear\nrequests after commit 2516ab1543fd(\"nbd: only clear the queue on device\nteardown\"). And in the meantime, request can't complete through timeout\nbecause nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which\nmeans such request will never be completed in this situation.\n\nNow that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't\ncomplete multiple times, switch back to call nbd_clear_sock() in\nnbd_clear_sock_ioctl(), so that inflight requests can be cleared.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--77b52b72-08ff-4825-814d-08d4f48e032c.json b/objects/vulnerability/vulnerability--77b52b72-08ff-4825-814d-08d4f48e032c.json new file mode 100644 index 00000000000..2e2b56c0053 --- /dev/null +++ b/objects/vulnerability/vulnerability--77b52b72-08ff-4825-814d-08d4f48e032c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--230c3146-bd2b-448c-a996-054cf7b0d6b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--77b52b72-08ff-4825-814d-08d4f48e032c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.739263Z", + "modified": "2025-02-27T00:38:07.739263Z", + "name": "CVE-2025-25827", + "description": "A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25827" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7949533f-0f5c-4054-a26e-cab1d909eaf9.json b/objects/vulnerability/vulnerability--7949533f-0f5c-4054-a26e-cab1d909eaf9.json new file mode 100644 index 00000000000..3b99dfa702b --- /dev/null +++ b/objects/vulnerability/vulnerability--7949533f-0f5c-4054-a26e-cab1d909eaf9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c822e859-906b-4ef8-82de-2249b2b5ae2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7949533f-0f5c-4054-a26e-cab1d909eaf9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.386683Z", + "modified": "2025-02-27T00:38:15.386683Z", + "name": "CVE-2022-49243", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe\n\nThis node pointer is returned by of_parse_phandle() with refcount\nincremented in this function.\nCalling of_node_put() to avoid the refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49243" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--797dcca3-50fd-45ff-8ce8-f3e91aa6e077.json b/objects/vulnerability/vulnerability--797dcca3-50fd-45ff-8ce8-f3e91aa6e077.json new file mode 100644 index 00000000000..73b33fd7194 --- /dev/null +++ b/objects/vulnerability/vulnerability--797dcca3-50fd-45ff-8ce8-f3e91aa6e077.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d53bb46-bd24-48a9-9a8a-ad1fb08cd1bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--797dcca3-50fd-45ff-8ce8-f3e91aa6e077", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.607661Z", + "modified": "2025-02-27T00:38:15.607661Z", + "name": "CVE-2022-49485", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix null pointer dereference of pointer perfmon\n\nIn the unlikely event that pointer perfmon is null the WARN_ON return path\noccurs after the pointer has already been deferenced. Fix this by only\ndereferencing perfmon after it has been null checked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--798cb493-5d30-4832-b52a-5df7854d00d6.json b/objects/vulnerability/vulnerability--798cb493-5d30-4832-b52a-5df7854d00d6.json new file mode 100644 index 00000000000..86a99bf469e --- /dev/null +++ b/objects/vulnerability/vulnerability--798cb493-5d30-4832-b52a-5df7854d00d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--839c0123-ced1-4658-9121-a79eb0017805", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--798cb493-5d30-4832-b52a-5df7854d00d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.709789Z", + "modified": "2025-02-27T00:38:15.709789Z", + "name": "CVE-2022-49624", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: remove aq_nic_deinit() when resume\n\naq_nic_deinit() has been called while suspending, so we don't have to call\nit again on resume.\nActually, call it again leads to another hang issue when resuming from\nS3.\n\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992345] Call Trace:\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992346] \nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992348] aq_nic_deinit+0xb4/0xd0 [atlantic]\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992356] aq_pm_thaw+0x7f/0x100 [atlantic]\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992362] pci_pm_resume+0x5c/0x90\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992366] ? pci_pm_thaw+0x80/0x80\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992368] dpm_run_callback+0x4e/0x120\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992371] device_resume+0xad/0x200\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992373] async_resume+0x1e/0x40\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992374] async_run_entry_fn+0x33/0x120\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992377] process_one_work+0x220/0x3c0\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992380] worker_thread+0x4d/0x3f0\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992382] ? process_one_work+0x3c0/0x3c0\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992384] kthread+0x12a/0x150\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992386] ? set_kthread_struct+0x40/0x40\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992387] ret_from_fork+0x22/0x30\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992391] \nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992392] ---[ end trace 1ec8c79604ed5e0d ]---\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992394] PM: dpm_run_callback(): pci_pm_resume+0x0/0x90 returns -110\nJul 8 03:09:44 u-Precision-7865-Tower kernel: [ 5910.992397] atlantic 0000:02:00.0: PM: failed to resume async: error -110", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a455306-8bcf-4c12-875d-9a35f1fa1104.json b/objects/vulnerability/vulnerability--7a455306-8bcf-4c12-875d-9a35f1fa1104.json new file mode 100644 index 00000000000..fe7cde04edd --- /dev/null +++ b/objects/vulnerability/vulnerability--7a455306-8bcf-4c12-875d-9a35f1fa1104.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9afe679-8c48-491a-9cb6-8e8932c2ff8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a455306-8bcf-4c12-875d-9a35f1fa1104", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.792292Z", + "modified": "2025-02-27T00:38:15.792292Z", + "name": "CVE-2022-49078", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlz4: fix LZ4_decompress_safe_partial read out of bound\n\nWhen partialDecoding, it is EOF if we've either filled the output buffer\nor can't proceed with reading an offset for following match.\n\nIn some extreme corner cases when compressed data is suitably corrupted,\nUAF will occur. As reported by KASAN [1], LZ4_decompress_safe_partial\nmay lead to read out of bound problem during decoding. lz4 upstream has\nfixed it [2] and this issue has been disscussed here [3] before.\n\ncurrent decompression routine was ported from lz4 v1.8.3, bumping\nlib/lz4 to v1.9.+ is certainly a huge work to be done later, so, we'd\nbetter fix it first.\n\n[1] https://lore.kernel.org/all/000000000000830d1205cf7f0477@google.com/\n[2] https://github.com/lz4/lz4/commit/c5d6f8a8be3927c0bec91bcc58667a6cfad244ad#\n[3] https://lore.kernel.org/all/CC666AE8-4CA4-4951-B6FB-A2EFDE3AC03B@fb.com/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49078" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7aaad8a4-de8b-4987-8940-ca568bf15775.json b/objects/vulnerability/vulnerability--7aaad8a4-de8b-4987-8940-ca568bf15775.json new file mode 100644 index 00000000000..d23d823a6b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--7aaad8a4-de8b-4987-8940-ca568bf15775.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22644c83-43c7-48ef-9ebf-42243a0854a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7aaad8a4-de8b-4987-8940-ca568bf15775", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.400736Z", + "modified": "2025-02-27T00:38:15.400736Z", + "name": "CVE-2022-49383", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context'\n\nThis patch fixes the issue 'BUG: Invalid wait context' during restart()\ncallback by using clk_prepare_enable() instead of pm_runtime_get_sync()\nfor turning on the clocks during restart.\n\nThis issue is noticed when testing with renesas_defconfig.\n\n[ 42.213802] reboot: Restarting system\n[ 42.217860]\n[ 42.219364] =============================\n[ 42.223368] [ BUG: Invalid wait context ]\n[ 42.227372] 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522 Not tainted\n[ 42.234153] -----------------------------\n[ 42.238155] systemd-shutdow/1 is trying to lock:\n[ 42.242766] ffff00000a650828 (&genpd->mlock){+.+.}-{3:3}, at: genpd_lock_mtx+0x14/0x20\n[ 42.250709] other info that might help us debug this:\n[ 42.255753] context-{4:4}\n[ 42.258368] 2 locks held by systemd-shutdow/1:\n[ 42.262806] #0: ffff80000944e1c8 (system_transition_mutex#2){+.+.}-{3:3}, at: __do_sys_reboot+0xd0/0x250\n[ 42.272388] #1: ffff8000094c4e40 (rcu_read_lock){....}-{1:2}, at: atomic_notifier_call_chain+0x0/0x150\n[ 42.281795] stack backtrace:\n[ 42.284672] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522\n[ 42.294577] Hardware name: Renesas SMARC EVK based on r9a07g044c2 (DT)\n[ 42.301096] Call trace:\n[ 42.303538] dump_backtrace+0xcc/0xd8\n[ 42.307203] show_stack+0x14/0x30\n[ 42.310517] dump_stack_lvl+0x88/0xb0\n[ 42.314180] dump_stack+0x14/0x2c\n[ 42.317492] __lock_acquire+0x1b24/0x1b50\n[ 42.321502] lock_acquire+0x120/0x3a8\n[ 42.325162] __mutex_lock+0x84/0x8f8\n[ 42.328737] mutex_lock_nested+0x30/0x58\n[ 42.332658] genpd_lock_mtx+0x14/0x20\n[ 42.336319] genpd_runtime_resume+0xc4/0x228\n[ 42.340587] __rpm_callback+0x44/0x170\n[ 42.344337] rpm_callback+0x64/0x70\n[ 42.347824] rpm_resume+0x4e0/0x6b8\n[ 42.351310] __pm_runtime_resume+0x50/0x78\n[ 42.355404] rzg2l_wdt_restart+0x28/0x68\n[ 42.359329] watchdog_restart_notifier+0x1c/0x30\n[ 42.363943] atomic_notifier_call_chain+0x94/0x150\n[ 42.368732] do_kernel_restart+0x24/0x30\n[ 42.372652] machine_restart+0x44/0x70\n[ 42.376399] kernel_restart+0x3c/0x60\n[ 42.380058] __do_sys_reboot+0x228/0x250\n[ 42.383977] __arm64_sys_reboot+0x20/0x28\n[ 42.387983] invoke_syscall+0x40/0xf8", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ab62836-0000-4c31-be3f-dc429cbdfddf.json b/objects/vulnerability/vulnerability--7ab62836-0000-4c31-be3f-dc429cbdfddf.json new file mode 100644 index 00000000000..f672122fac0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ab62836-0000-4c31-be3f-dc429cbdfddf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e724ffdb-4f37-4e08-9e18-241e0ba0c47a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ab62836-0000-4c31-be3f-dc429cbdfddf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.539335Z", + "modified": "2025-02-27T00:38:15.539335Z", + "name": "CVE-2022-49052", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix unexpected zeroed page mapping with zram swap\n\nTwo processes under CLONE_VM cloning, user process can be corrupted by\nseeing zeroed page unexpectedly.\n\n CPU A CPU B\n\n do_swap_page do_swap_page\n SWP_SYNCHRONOUS_IO path SWP_SYNCHRONOUS_IO path\n swap_readpage valid data\n swap_slot_free_notify\n delete zram entry\n swap_readpage zeroed(invalid) data\n pte_lock\n map the *zero data* to userspace\n pte_unlock\n pte_lock\n if (!pte_same)\n goto out_nomap;\n pte_unlock\n return and next refault will\n read zeroed data\n\nThe swap_slot_free_notify is bogus for CLONE_VM case since it doesn't\nincrease the refcount of swap slot at copy_mm so it couldn't catch up\nwhether it's safe or not to discard data from backing device. In the\ncase, only the lock it could rely on to synchronize swap slot freeing is\npage table lock. Thus, this patch gets rid of the swap_slot_free_notify\nfunction. With this patch, CPU A will see correct data.\n\n CPU A CPU B\n\n do_swap_page do_swap_page\n SWP_SYNCHRONOUS_IO path SWP_SYNCHRONOUS_IO path\n swap_readpage original data\n pte_lock\n map the original data\n swap_free\n swap_range_free\n bd_disk->fops->swap_slot_free_notify\n swap_readpage read zeroed data\n pte_unlock\n pte_lock\n if (!pte_same)\n goto out_nomap;\n pte_unlock\n return\n on next refault will see mapped data by CPU B\n\nThe concern of the patch would increase memory consumption since it\ncould keep wasted memory with compressed form in zram as well as\nuncompressed form in address space. However, most of cases of zram uses\nno readahead and do_swap_page is followed by swap_free so it will free\nthe compressed form from in zram quickly.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49052" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b01ff4e-b011-4368-9be3-ed7d32d98f99.json b/objects/vulnerability/vulnerability--7b01ff4e-b011-4368-9be3-ed7d32d98f99.json new file mode 100644 index 00000000000..d8a6e0abe20 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b01ff4e-b011-4368-9be3-ed7d32d98f99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--489b29f6-bc7c-4505-8ae9-44ef73e89dae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b01ff4e-b011-4368-9be3-ed7d32d98f99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.210446Z", + "modified": "2025-02-27T00:38:11.210446Z", + "name": "CVE-2021-47655", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: vdec: fixed possible memory leak issue\n\nThe venus_helper_alloc_dpb_bufs() implementation allows an early return\non an error path when checking the id from ida_alloc_min() which would\nnot release the earlier buffer allocation.\n\nMove the direct kfree() from the error checking of dma_alloc_attrs() to\nthe common fail path to ensure that allocations are released on all\nerror paths in this function.\n\nAddresses-Coverity: 1494120 (\"Resource leak\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b6fec83-03af-4cf3-8301-33a55b888533.json b/objects/vulnerability/vulnerability--7b6fec83-03af-4cf3-8301-33a55b888533.json new file mode 100644 index 00000000000..ee05f6f8b3e --- /dev/null +++ b/objects/vulnerability/vulnerability--7b6fec83-03af-4cf3-8301-33a55b888533.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--045541bc-2f5e-40cf-b1a1-3d7aef3e8d91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b6fec83-03af-4cf3-8301-33a55b888533", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.458604Z", + "modified": "2025-02-27T00:38:15.458604Z", + "name": "CVE-2022-49732", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock: redo the psock vs ULP protection check\n\nCommit 8a59f9d1e3d4 (\"sock: Introduce sk->sk_prot->psock_update_sk_prot()\")\nhas moved the inet_csk_has_ulp(sk) check from sk_psock_init() to\nthe new tcp_bpf_update_proto() function. I'm guessing that this\nwas done to allow creating psocks for non-inet sockets.\n\nUnfortunately the destruction path for psock includes the ULP\nunwind, so we need to fail the sk_psock_init() itself.\nOtherwise if ULP is already present we'll notice that later,\nand call tcp_update_ulp() with the sk_proto of the ULP\nitself, which will most likely result in the ULP looping\nits callbacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49732" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b8bbb27-34e4-4622-abac-1f4439ecf715.json b/objects/vulnerability/vulnerability--7b8bbb27-34e4-4622-abac-1f4439ecf715.json new file mode 100644 index 00000000000..4c8c1e36cdd --- /dev/null +++ b/objects/vulnerability/vulnerability--7b8bbb27-34e4-4622-abac-1f4439ecf715.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05725cde-5bf4-41c7-9445-05bf9d62c232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b8bbb27-34e4-4622-abac-1f4439ecf715", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.346585Z", + "modified": "2025-02-27T00:38:15.346585Z", + "name": "CVE-2022-49495", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/hdmi: check return value after calling platform_get_resource_byname()\n\nIt will cause null-ptr-deref if platform_get_resource_byname() returns NULL,\nwe need check the return value.\n\nPatchwork: https://patchwork.freedesktop.org/patch/482992/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7beca23f-79e3-4c20-938d-5744cf51f133.json b/objects/vulnerability/vulnerability--7beca23f-79e3-4c20-938d-5744cf51f133.json new file mode 100644 index 00000000000..6635164c6c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--7beca23f-79e3-4c20-938d-5744cf51f133.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bebc521b-8580-4e2f-9c0e-69d530626434", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7beca23f-79e3-4c20-938d-5744cf51f133", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.570616Z", + "modified": "2025-02-27T00:38:15.570616Z", + "name": "CVE-2022-49557", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave)\n\nSet the starting uABI size of KVM's guest FPU to 'struct kvm_xsave',\ni.e. to KVM's historical uABI size. When saving FPU state for usersapce,\nKVM (well, now the FPU) sets the FP+SSE bits in the XSAVE header even if\nthe host doesn't support XSAVE. Setting the XSAVE header allows the VM\nto be migrated to a host that does support XSAVE without the new host\nhaving to handle FPU state that may or may not be compatible with XSAVE.\n\nSetting the uABI size to the host's default size results in out-of-bounds\nwrites (setting the FP+SSE bits) and data corruption (that is thankfully\ncaught by KASAN) when running on hosts without XSAVE, e.g. on Core2 CPUs.\n\nWARN if the default size is larger than KVM's historical uABI size; all\nfeatures that can push the FPU size beyond the historical size must be\nopt-in.\n\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in fpu_copy_uabi_to_guest_fpstate+0x86/0x130\n Read of size 8 at addr ffff888011e33a00 by task qemu-build/681\n CPU: 1 PID: 681 Comm: qemu-build Not tainted 5.18.0-rc5-KASAN-amd64 #1\n Hardware name: /DG35EC, BIOS ECG3510M.86A.0118.2010.0113.1426 01/13/2010\n Call Trace:\n \n dump_stack_lvl+0x34/0x45\n print_report.cold+0x45/0x575\n kasan_report+0x9b/0xd0\n fpu_copy_uabi_to_guest_fpstate+0x86/0x130\n kvm_arch_vcpu_ioctl+0x72a/0x1c50 [kvm]\n kvm_vcpu_ioctl+0x47f/0x7b0 [kvm]\n __x64_sys_ioctl+0x5de/0xc90\n do_syscall_64+0x31/0x50\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \n Allocated by task 0:\n (stack is not available)\n The buggy address belongs to the object at ffff888011e33800\n which belongs to the cache kmalloc-512 of size 512\n The buggy address is located 0 bytes to the right of\n 512-byte region [ffff888011e33800, ffff888011e33a00)\n The buggy address belongs to the physical page:\n page:0000000089cd4adb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e30\n head:0000000089cd4adb order:2 compound_mapcount:0 compound_pincount:0\n flags: 0x4000000000010200(slab|head|zone=1)\n raw: 4000000000010200 dead000000000100 dead000000000122 ffff888001041c80\n raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n Memory state around the buggy address:\n ffff888011e33900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888011e33980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffff888011e33a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff888011e33a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888011e33b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ==================================================================\n Disabling lock debugging due to kernel taint", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49557" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c68848a-a274-448c-8008-7a793b86f92f.json b/objects/vulnerability/vulnerability--7c68848a-a274-448c-8008-7a793b86f92f.json new file mode 100644 index 00000000000..979a43a04bc --- /dev/null +++ b/objects/vulnerability/vulnerability--7c68848a-a274-448c-8008-7a793b86f92f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2bf43e14-8118-4b5e-9da3-8b7e389bcb74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c68848a-a274-448c-8008-7a793b86f92f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.349368Z", + "modified": "2025-02-27T00:38:15.349368Z", + "name": "CVE-2022-49413", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Update cgroup information before merging bio\n\nWhen the process is migrated to a different cgroup (or in case of\nwriteback just starts submitting bios associated with a different\ncgroup) bfq_merge_bio() can operate with stale cgroup information in\nbic. Thus the bio can be merged to a request from a different cgroup or\nit can result in merging of bfqqs for different cgroups or bfqqs of\nalready dead cgroups and causing possible use-after-free issues. Fix the\nproblem by updating cgroup information in bfq_merge_bio().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7cb74530-9860-4b2e-a5c7-04a2ea762362.json b/objects/vulnerability/vulnerability--7cb74530-9860-4b2e-a5c7-04a2ea762362.json new file mode 100644 index 00000000000..478f44aaad8 --- /dev/null +++ b/objects/vulnerability/vulnerability--7cb74530-9860-4b2e-a5c7-04a2ea762362.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69f78ecb-7086-42f4-a385-f4d4adf999ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7cb74530-9860-4b2e-a5c7-04a2ea762362", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.213478Z", + "modified": "2025-02-27T00:38:11.213478Z", + "name": "CVE-2021-47640", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Fix early region not updated correctly\n\nThe shadow's page table is not updated when PTE_RPN_SHIFT is 24\nand PAGE_SHIFT is 12. It not only causes false positives but\nalso false negative as shown the following text.\n\nFix it by bringing the logic of kasan_early_shadow_page_entry here.\n\n1. False Positive:\n==================================================================\nBUG: KASAN: vmalloc-out-of-bounds in pcpu_alloc+0x508/0xa50\nWrite of size 16 at addr f57f3be0 by task swapper/0/1\n\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-12267-gdebe436e77c7 #1\nCall Trace:\n[c80d1c20] [c07fe7b8] dump_stack_lvl+0x4c/0x6c (unreliable)\n[c80d1c40] [c02ff668] print_address_description.constprop.0+0x88/0x300\n[c80d1c70] [c02ff45c] kasan_report+0x1ec/0x200\n[c80d1cb0] [c0300b20] kasan_check_range+0x160/0x2f0\n[c80d1cc0] [c03018a4] memset+0x34/0x90\n[c80d1ce0] [c0280108] pcpu_alloc+0x508/0xa50\n[c80d1d40] [c02fd7bc] __kmem_cache_create+0xfc/0x570\n[c80d1d70] [c0283d64] kmem_cache_create_usercopy+0x274/0x3e0\n[c80d1db0] [c2036580] init_sd+0xc4/0x1d0\n[c80d1de0] [c00044a0] do_one_initcall+0xc0/0x33c\n[c80d1eb0] [c2001624] kernel_init_freeable+0x2c8/0x384\n[c80d1ef0] [c0004b14] kernel_init+0x24/0x170\n[c80d1f10] [c001b26c] ret_from_kernel_thread+0x5c/0x64\n\nMemory state around the buggy address:\n f57f3a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f57f3b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n>f57f3b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f57f3c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f57f3c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n==================================================================\n\n2. False Negative (with KASAN tests):\n==================================================================\nBefore fix:\n ok 45 - kmalloc_double_kzfree\n # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1039\n KASAN failure expected in \"((volatile char *)area)[3100]\", but none occurred\n not ok 46 - vmalloc_oob\n not ok 1 - kasan\n\n==================================================================\nAfter fix:\n ok 1 - kasan", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d19433e-c19e-4242-a198-b5992fa56fd3.json b/objects/vulnerability/vulnerability--7d19433e-c19e-4242-a198-b5992fa56fd3.json new file mode 100644 index 00000000000..168693889a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d19433e-c19e-4242-a198-b5992fa56fd3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--432e7237-28ee-4123-887a-47f02ae29338", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d19433e-c19e-4242-a198-b5992fa56fd3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.377775Z", + "modified": "2025-02-27T00:38:15.377775Z", + "name": "CVE-2022-49090", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narch/arm64: Fix topology initialization for core scheduling\n\nArm64 systems rely on store_cpu_topology() to call update_siblings_masks()\nto transfer the toplogy to the various cpu masks. This needs to be done\nbefore the call to notify_cpu_starting() which tells the scheduler about\neach cpu found, otherwise the core scheduling data structures are setup\nin a way that does not match the actual topology.\n\nWith smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1`\nfor !leaders in:\n\n notify_cpu_starting()\n cpuhp_invoke_callback_range()\n sched_cpu_starting()\n sched_core_cpu_starting()\n\nwhich leads to rq->core not being correctly set for !leader-rq's.\n\nWithout this change stress-ng (which enables core scheduling in its prctl\ntests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning\nand then a crash (trimmed for legibility):\n\n[ 1853.805168] ------------[ cut here ]------------\n[ 1853.809784] task_rq(b)->core != rq->core\n[ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4\n...\n[ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n...\n[ 1854.231256] Call trace:\n[ 1854.233689] pick_next_task+0x3dc/0x81c\n[ 1854.237512] __schedule+0x10c/0x4cc\n[ 1854.240988] schedule_idle+0x34/0x54", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49090" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7db8fd78-28e3-43b8-b047-79ec2112f0ae.json b/objects/vulnerability/vulnerability--7db8fd78-28e3-43b8-b047-79ec2112f0ae.json new file mode 100644 index 00000000000..f1fb78a3925 --- /dev/null +++ b/objects/vulnerability/vulnerability--7db8fd78-28e3-43b8-b047-79ec2112f0ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9153fdc4-2401-4f81-9c0f-fc2ab5af3f6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7db8fd78-28e3-43b8-b047-79ec2112f0ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.632456Z", + "modified": "2025-02-27T00:38:15.632456Z", + "name": "CVE-2022-49425", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix dereference of stale list iterator after loop body\n\nThe list iterator variable will be a bogus pointer if no break was hit.\nDereferencing it (cur->page in this case) could load an out-of-bounds/undefined\nvalue making it unsafe to use that in the comparision to determine if the\nspecific element was found.\n\nSince 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that\nby chance (or intention of an attacker) it matches the value of 'page'\neven though the correct element was not found.\n\nThis is fixed by using a separate list iterator variable for the loop\nand only setting the original variable if a suitable element was found.\nThen determing if the element was found is simply checking if the\nvariable is set.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49425" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7dcf548e-8111-480f-ad91-4c3fe6315511.json b/objects/vulnerability/vulnerability--7dcf548e-8111-480f-ad91-4c3fe6315511.json new file mode 100644 index 00000000000..697482ef6ce --- /dev/null +++ b/objects/vulnerability/vulnerability--7dcf548e-8111-480f-ad91-4c3fe6315511.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37c24e7c-6f0b-4224-8c21-b80dc527a653", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7dcf548e-8111-480f-ad91-4c3fe6315511", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.424879Z", + "modified": "2025-02-27T00:38:15.424879Z", + "name": "CVE-2022-49405", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan()\n\nThis code has a check to prevent read overflow but it needs another\ncheck to prevent writing beyond the end of the ->Ssid[] array.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49405" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e4f6ef8-47d0-48f4-b3f9-b0181bff54f6.json b/objects/vulnerability/vulnerability--7e4f6ef8-47d0-48f4-b3f9-b0181bff54f6.json new file mode 100644 index 00000000000..c806906def6 --- /dev/null +++ b/objects/vulnerability/vulnerability--7e4f6ef8-47d0-48f4-b3f9-b0181bff54f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d8578a9-eda3-4a4d-baa8-0110c3a4e2ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e4f6ef8-47d0-48f4-b3f9-b0181bff54f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.554656Z", + "modified": "2025-02-27T00:38:15.554656Z", + "name": "CVE-2022-49392", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe\n\nplatform_get_resource() may fail and return NULL, so we should\nbetter check it's return value to avoid a NULL pointer dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49392" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e66f0fc-f0be-47fc-b135-cd8c124ab9ad.json b/objects/vulnerability/vulnerability--7e66f0fc-f0be-47fc-b135-cd8c124ab9ad.json new file mode 100644 index 00000000000..9d32c45268e --- /dev/null +++ b/objects/vulnerability/vulnerability--7e66f0fc-f0be-47fc-b135-cd8c124ab9ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c988d3de-f5d2-41e7-bd6c-04cc2c10a5ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e66f0fc-f0be-47fc-b135-cd8c124ab9ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.472872Z", + "modified": "2025-02-27T00:38:15.472872Z", + "name": "CVE-2022-49366", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix reference count leak in smb_check_perm_dacl()\n\nThe issue happens in a specific path in smb_check_perm_dacl(). When\n\"id\" and \"uid\" have the same value, the function simply jumps out of\nthe loop without decrementing the reference count of the object\n\"posix_acls\", which is increased by get_acl() earlier. This may\nresult in memory leaks.\n\nFix it by decreasing the reference count of \"posix_acls\" before\njumping to label \"check_access_bits\".", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ea680c7-c9ea-4c4a-b2ce-69e1c8f4a8c3.json b/objects/vulnerability/vulnerability--7ea680c7-c9ea-4c4a-b2ce-69e1c8f4a8c3.json new file mode 100644 index 00000000000..575e14efa32 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ea680c7-c9ea-4c4a-b2ce-69e1c8f4a8c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f189cac-95ef-48da-b3c1-5aac5c06c51e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ea680c7-c9ea-4c4a-b2ce-69e1c8f4a8c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.279924Z", + "modified": "2025-02-27T00:38:15.279924Z", + "name": "CVE-2022-49250", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: rx-macro: fix accessing compander for aux\n\nAUX interpolator does not have compander, so check before accessing\ncompander data for this.\n\nWithout this checkan array of out bounds access will be made in\ncomp_enabled[] array.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--805af0aa-5205-443f-b8e3-4bf222c70afa.json b/objects/vulnerability/vulnerability--805af0aa-5205-443f-b8e3-4bf222c70afa.json new file mode 100644 index 00000000000..bac1084ba2a --- /dev/null +++ b/objects/vulnerability/vulnerability--805af0aa-5205-443f-b8e3-4bf222c70afa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb424b8f-cebf-4c61-a7f1-98f06ac17824", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--805af0aa-5205-443f-b8e3-4bf222c70afa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.638326Z", + "modified": "2025-02-27T00:38:15.638326Z", + "name": "CVE-2022-49324", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: cpc: Fix refcount leak in mips_cpc_default_phys_base\n\nAdd the missing of_node_put() to release the refcount incremented\nby of_find_compatible_node().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49324" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80d1cbe2-581c-45ed-a2f4-46be3e22171a.json b/objects/vulnerability/vulnerability--80d1cbe2-581c-45ed-a2f4-46be3e22171a.json new file mode 100644 index 00000000000..31f5ac8ef52 --- /dev/null +++ b/objects/vulnerability/vulnerability--80d1cbe2-581c-45ed-a2f4-46be3e22171a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ec03539-5b55-48d3-88a3-16f1621d5b4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80d1cbe2-581c-45ed-a2f4-46be3e22171a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.537481Z", + "modified": "2025-02-27T00:38:15.537481Z", + "name": "CVE-2022-49429", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Prevent panic when SDMA is disabled\n\nIf the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to\nhfi1_write_iter() will dereference a NULL pointer and panic. A typical\nstack frame is:\n\n sdma_select_user_engine [hfi1]\n hfi1_user_sdma_process_request [hfi1]\n hfi1_write_iter [hfi1]\n do_iter_readv_writev\n do_iter_write\n vfs_writev\n do_writev\n do_syscall_64\n\nThe fix is to test for SDMA in hfi1_write_iter() and fail the I/O with\nEINVAL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49429" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--817cc471-c00d-4a74-b6f2-3705e4a3d0a6.json b/objects/vulnerability/vulnerability--817cc471-c00d-4a74-b6f2-3705e4a3d0a6.json new file mode 100644 index 00000000000..35d573c77e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--817cc471-c00d-4a74-b6f2-3705e4a3d0a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f8e98854-8391-4a6b-84bb-508be2c2c8e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--817cc471-c00d-4a74-b6f2-3705e4a3d0a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.557461Z", + "modified": "2025-02-27T00:38:15.557461Z", + "name": "CVE-2022-49161", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFix this by calling of_node_put() in error handling too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49161" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8195d33a-37e0-46a5-86c6-3c61d686d234.json b/objects/vulnerability/vulnerability--8195d33a-37e0-46a5-86c6-3c61d686d234.json new file mode 100644 index 00000000000..5844ae9f9c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--8195d33a-37e0-46a5-86c6-3c61d686d234.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f162b8e-6257-4ae8-b861-c1aeef9b2f72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8195d33a-37e0-46a5-86c6-3c61d686d234", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.601048Z", + "modified": "2025-02-27T00:38:15.601048Z", + "name": "CVE-2022-49498", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Check for null pointer of pointer substream before dereferencing it\n\nPointer substream is being dereferenced on the assignment of pointer card\nbefore substream is being null checked with the macro PCM_RUNTIME_CHECK.\nAlthough PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the\nthe pointer check before card is assigned.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82213cea-fcb3-4dd4-9beb-551e2fcdbe19.json b/objects/vulnerability/vulnerability--82213cea-fcb3-4dd4-9beb-551e2fcdbe19.json new file mode 100644 index 00000000000..0b220943125 --- /dev/null +++ b/objects/vulnerability/vulnerability--82213cea-fcb3-4dd4-9beb-551e2fcdbe19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2102c073-624f-429c-aded-9584f72f85ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82213cea-fcb3-4dd4-9beb-551e2fcdbe19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.605819Z", + "modified": "2025-02-27T00:38:15.605819Z", + "name": "CVE-2022-49664", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: move bc link creation back to tipc_node_create\n\nShuang Li reported a NULL pointer dereference crash:\n\n [] BUG: kernel NULL pointer dereference, address: 0000000000000068\n [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc]\n [] Call Trace:\n [] \n [] tipc_bcast_rcv+0xa2/0x190 [tipc]\n [] tipc_node_bc_rcv+0x8b/0x200 [tipc]\n [] tipc_rcv+0x3af/0x5b0 [tipc]\n [] tipc_udp_recv+0xc7/0x1e0 [tipc]\n\nIt was caused by the 'l' passed into tipc_bcast_rcv() is NULL. When it\ncreates a node in tipc_node_check_dest(), after inserting the new node\ninto hashtable in tipc_node_create(), it creates the bc link. However,\nthere is a gap between this insert and bc link creation, a bc packet\nmay come in and get the node from the hashtable then try to dereference\nits bc link, which is NULL.\n\nThis patch is to fix it by moving the bc link creation before inserting\ninto the hashtable.\n\nNote that for a preliminary node becoming \"real\", the bc link creation\nshould also be called before it's rehashed, as we don't create it for\npreliminary nodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49664" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8271e9df-29fa-413b-a107-dd7b96ebd889.json b/objects/vulnerability/vulnerability--8271e9df-29fa-413b-a107-dd7b96ebd889.json new file mode 100644 index 00000000000..998cdc9fee8 --- /dev/null +++ b/objects/vulnerability/vulnerability--8271e9df-29fa-413b-a107-dd7b96ebd889.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5627c23c-c432-46d8-b397-4d24916fe520", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8271e9df-29fa-413b-a107-dd7b96ebd889", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.232764Z", + "modified": "2025-02-27T00:38:11.232764Z", + "name": "CVE-2021-47638", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: rename_whiteout: Fix double free for whiteout_ui->data\n\n'whiteout_ui->data' will be freed twice if space budget fail for\nrename whiteout operation as following process:\n\nrename_whiteout\n dev = kmalloc\n whiteout_ui->data = dev\n kfree(whiteout_ui->data) // Free first time\n iput(whiteout)\n ubifs_free_inode\n kfree(ui->data)\t // Double free!\n\nKASAN reports:\n==================================================================\nBUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70\nCall Trace:\n kfree+0x117/0x490\n ubifs_free_inode+0x4f/0x70 [ubifs]\n i_callback+0x30/0x60\n rcu_do_batch+0x366/0xac0\n __do_softirq+0x133/0x57f\n\nAllocated by task 1506:\n kmem_cache_alloc_trace+0x3c2/0x7a0\n do_rename+0x9b7/0x1150 [ubifs]\n ubifs_rename+0x106/0x1f0 [ubifs]\n do_syscall_64+0x35/0x80\n\nFreed by task 1506:\n kfree+0x117/0x490\n do_rename.cold+0x53/0x8a [ubifs]\n ubifs_rename+0x106/0x1f0 [ubifs]\n do_syscall_64+0x35/0x80\n\nThe buggy address belongs to the object at ffff88810238bed8 which\nbelongs to the cache kmalloc-8 of size 8\n==================================================================\n\nLet ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused\nassignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode()\n-> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it\n(because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release',\n and the nlink of whiteout inode is 0).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47638" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8281c360-fc58-4626-a372-96759bf28840.json b/objects/vulnerability/vulnerability--8281c360-fc58-4626-a372-96759bf28840.json new file mode 100644 index 00000000000..babea0e184a --- /dev/null +++ b/objects/vulnerability/vulnerability--8281c360-fc58-4626-a372-96759bf28840.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6ad989b-2b6d-461d-9f19-ab07384f9482", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8281c360-fc58-4626-a372-96759bf28840", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.624893Z", + "modified": "2025-02-27T00:38:01.624893Z", + "name": "CVE-2024-13113", + "description": "The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82d74571-f906-4d73-92d5-fceb7b898642.json b/objects/vulnerability/vulnerability--82d74571-f906-4d73-92d5-fceb7b898642.json new file mode 100644 index 00000000000..4ab61729e7c --- /dev/null +++ b/objects/vulnerability/vulnerability--82d74571-f906-4d73-92d5-fceb7b898642.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0489f281-76ec-4043-9dea-9573ba981764", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82d74571-f906-4d73-92d5-fceb7b898642", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.59067Z", + "modified": "2025-02-27T00:38:15.59067Z", + "name": "CVE-2022-49657", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: fix memory leak in error case\n\nusbnet_write_cmd_async() mixed up which buffers\nneed to be freed in which error case.\n\nv2: add Fixes tag\nv3: fix uninitialized buf pointer", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83479560-60cf-4cc1-92b3-81a0aa5bcbaf.json b/objects/vulnerability/vulnerability--83479560-60cf-4cc1-92b3-81a0aa5bcbaf.json new file mode 100644 index 00000000000..ece1c042eb8 --- /dev/null +++ b/objects/vulnerability/vulnerability--83479560-60cf-4cc1-92b3-81a0aa5bcbaf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24005916-cc46-450a-8b2e-7a3f674d339f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83479560-60cf-4cc1-92b3-81a0aa5bcbaf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.301949Z", + "modified": "2025-02-27T00:38:15.301949Z", + "name": "CVE-2022-49331", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling\n\nError paths do not free previously allocated memory. Add devm_kfree() to\nthose failure paths.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8384fd02-d3d9-4e31-afaf-1325a3716a36.json b/objects/vulnerability/vulnerability--8384fd02-d3d9-4e31-afaf-1325a3716a36.json new file mode 100644 index 00000000000..9c3d431600a --- /dev/null +++ b/objects/vulnerability/vulnerability--8384fd02-d3d9-4e31-afaf-1325a3716a36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea94c5d8-4a46-4714-b484-7a1d6f3a8793", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8384fd02-d3d9-4e31-afaf-1325a3716a36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.485296Z", + "modified": "2025-02-27T00:38:15.485296Z", + "name": "CVE-2022-49409", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in __es_tree_search\n\nHulk Robot reported a BUG_ON:\n==================================================================\nkernel BUG at fs/ext4/extents_status.c:199!\n[...]\nRIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline]\nRIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217\n[...]\nCall Trace:\n ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766\n ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561\n ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964\n ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384\n ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567\n ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980\n ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031\n ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257\n v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63\n v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82\n vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368\n dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490\n ext4_quota_enable fs/ext4/super.c:6137 [inline]\n ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163\n ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754\n mount_bdev+0x2e9/0x3b0 fs/super.c:1158\n mount_fs+0x4b/0x1e4 fs/super.c:1261\n[...]\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\next4_fill_super\n ext4_enable_quotas\n ext4_quota_enable\n ext4_iget\n __ext4_iget\n ext4_ext_check_inode\n ext4_ext_check\n __ext4_ext_check\n ext4_valid_extent_entries\n Check for overlapping extents does't take effect\n dquot_enable\n vfs_load_quota_inode\n v2_check_quota_file\n v2_read_header\n ext4_quota_read\n ext4_bread\n ext4_getblk\n ext4_map_blocks\n ext4_ext_map_blocks\n ext4_find_extent\n ext4_cache_extents\n ext4_es_cache_extent\n ext4_es_cache_extent\n __es_tree_search\n ext4_es_end\n BUG_ON(es->es_lblk + es->es_len < es->es_lblk)\n\nThe error ext4 extents is as follows:\n0af3 0300 0400 0000 00000000 extent_header\n00000000 0100 0000 12000000 extent1\n00000000 0100 0000 18000000 extent2\n02000000 0400 0000 14000000 extent3\n\nIn the ext4_valid_extent_entries function,\nif prev is 0, no error is returned even if lblock<=prev.\nThis was intended to skip the check on the first extent, but\nin the error image above, prev=0+1-1=0 when checking the second extent,\nso even though lblock<=prev, the function does not return an error.\nAs a result, bug_ON occurs in __es_tree_search and the system panics.\n\nTo solve this problem, we only need to check that:\n1. The lblock of the first extent is not less than 0.\n2. The lblock of the next extent is not less than\n the next block of the previous extent.\nThe same applies to extent_idx.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49409" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8438e316-82d1-4675-9e48-6994df1efd36.json b/objects/vulnerability/vulnerability--8438e316-82d1-4675-9e48-6994df1efd36.json new file mode 100644 index 00000000000..53847abd82e --- /dev/null +++ b/objects/vulnerability/vulnerability--8438e316-82d1-4675-9e48-6994df1efd36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d84f1495-715d-43cf-8b29-d181394f2b7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8438e316-82d1-4675-9e48-6994df1efd36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.391371Z", + "modified": "2025-02-27T00:38:15.391371Z", + "name": "CVE-2022-49321", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: treat all calls not a bcall when bc_serv is NULL\n\nWhen a rdma server returns a fault format reply, nfs v3 client may\ntreats it as a bcall when bc service is not exist.\n\nThe debug message at rpcrdma_bc_receive_call are,\n\n[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID\n00000001, length=20\n[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00\n00 00 00 00 00 00 00 00 00 00 00 00 04\n\nAfter that, rpcrdma_bc_receive_call will meets NULL pointer as,\n\n[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at\n00000000000000c8\n...\n[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20\n...\n[ 226.059732] Call Trace:\n[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]\n[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]\n[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]\n[ 226.060257] process_one_work+0x1a7/0x360\n[ 226.060367] ? create_worker+0x1a0/0x1a0\n[ 226.060440] worker_thread+0x30/0x390\n[ 226.060500] ? create_worker+0x1a0/0x1a0\n[ 226.060574] kthread+0x116/0x130\n[ 226.060661] ? kthread_flush_work_fn+0x10/0x10\n[ 226.060724] ret_from_fork+0x35/0x40\n...", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84528ef5-dc51-4bba-ae92-43d54aa4d12d.json b/objects/vulnerability/vulnerability--84528ef5-dc51-4bba-ae92-43d54aa4d12d.json new file mode 100644 index 00000000000..a97cd531253 --- /dev/null +++ b/objects/vulnerability/vulnerability--84528ef5-dc51-4bba-ae92-43d54aa4d12d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40f5d419-a33d-4b52-99ad-d2190816170f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84528ef5-dc51-4bba-ae92-43d54aa4d12d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.714381Z", + "modified": "2025-02-27T00:38:15.714381Z", + "name": "CVE-2022-49316", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Don't hold the layoutget locks across multiple RPC calls\n\nWhen doing layoutget as part of the open() compound, we have to be\ncareful to release the layout locks before we can call any further RPC\ncalls, such as setattr(). The reason is that those calls could trigger\na recall, which could deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49316" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--855aa1c1-8c55-4c33-bdaa-fb70559c6133.json b/objects/vulnerability/vulnerability--855aa1c1-8c55-4c33-bdaa-fb70559c6133.json new file mode 100644 index 00000000000..5bed9f56bf9 --- /dev/null +++ b/objects/vulnerability/vulnerability--855aa1c1-8c55-4c33-bdaa-fb70559c6133.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92b60548-9574-4bb1-b2d2-91aad0ef0169", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--855aa1c1-8c55-4c33-bdaa-fb70559c6133", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.292262Z", + "modified": "2025-02-27T00:38:15.292262Z", + "name": "CVE-2022-49537", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix call trace observed during I/O with CMF enabled\n\nThe following was seen with CMF enabled:\n\nBUG: using smp_processor_id() in preemptible\ncode: systemd-udevd/31711\nkernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc]\nkernel: CPU: 12 PID: 31711 Comm: systemd-udevd\nkernel: Call Trace:\nkernel: \nkernel: dump_stack_lvl+0x44/0x57\nkernel: check_preemption_disabled+0xbf/0xe0\nkernel: lpfc_update_cmf_cmd+0x214/0x420 [lpfc]\nkernel: lpfc_nvme_fcp_io_submit+0x23b4/0x4df0 [lpfc]\n\nthis_cpu_ptr() calls smp_processor_id() in a preemptible context.\n\nFix by using per_cpu_ptr() with raw_smp_processor_id() instead.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--857dcf84-846d-4118-948c-b936f65b5c17.json b/objects/vulnerability/vulnerability--857dcf84-846d-4118-948c-b936f65b5c17.json new file mode 100644 index 00000000000..ba7ad9023d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--857dcf84-846d-4118-948c-b936f65b5c17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c8ff234-9d97-4422-8cc0-58c16eb06f9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--857dcf84-846d-4118-948c-b936f65b5c17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.447095Z", + "modified": "2025-02-27T00:38:15.447095Z", + "name": "CVE-2022-49182", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add vlan list lock to protect vlan list\n\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85af907f-85d4-4367-a84c-b6fe978c0062.json b/objects/vulnerability/vulnerability--85af907f-85d4-4367-a84c-b6fe978c0062.json new file mode 100644 index 00000000000..922db9de2b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--85af907f-85d4-4367-a84c-b6fe978c0062.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c063595-dd57-42d5-a4f0-0e70cb672cbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85af907f-85d4-4367-a84c-b6fe978c0062", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.541157Z", + "modified": "2025-02-27T00:38:15.541157Z", + "name": "CVE-2022-49670", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlinux/dim: Fix divide by 0 in RDMA DIM\n\nFix a divide 0 error in rdma_dim_stats_compare() when prev->cpe_ratio ==\n0.\n\nCallTrace:\n Hardware name: H3C R4900 G3/RS33M2C9S, BIOS 2.00.37P21 03/12/2020\n task: ffff880194b78000 task.stack: ffffc90006714000\n RIP: 0010:backport_rdma_dim+0x10e/0x240 [mlx_compat]\n RSP: 0018:ffff880c10e83ec0 EFLAGS: 00010202\n RAX: 0000000000002710 RBX: ffff88096cd7f780 RCX: 0000000000000064\n RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 000000001d7c6c09\n R13: ffff88096cd7f780 R14: ffff880b174fe800 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff880c10e80000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000a0965b00 CR3: 000000000200a003 CR4: 00000000007606e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \n ib_poll_handler+0x43/0x80 [ib_core]\n irq_poll_softirq+0xae/0x110\n __do_softirq+0xd1/0x28c\n irq_exit+0xde/0xf0\n do_IRQ+0x54/0xe0\n common_interrupt+0x8f/0x8f\n \n ? cpuidle_enter_state+0xd9/0x2a0\n ? cpuidle_enter_state+0xc7/0x2a0\n ? do_idle+0x170/0x1d0\n ? cpu_startup_entry+0x6f/0x80\n ? start_secondary+0x1b9/0x210\n ? secondary_startup_64+0xa5/0xb0\n Code: 0f 87 e1 00 00 00 8b 4c 24 14 44 8b 43 14 89 c8 4d 63 c8 44 29 c0 99 31 d0 29 d0 31 d2 48 98 48 8d 04 80 48 8d 04 80 48 c1 e0 02 <49> f7 f1 48 83 f8 0a 0f 86 c1 00 00 00 44 39 c1 7f 10 48 89 df\n RIP: backport_rdma_dim+0x10e/0x240 [mlx_compat] RSP: ffff880c10e83ec0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85e8df32-598b-4c5a-8d33-ffe2de0d62d1.json b/objects/vulnerability/vulnerability--85e8df32-598b-4c5a-8d33-ffe2de0d62d1.json new file mode 100644 index 00000000000..4ae4c4dd2dc --- /dev/null +++ b/objects/vulnerability/vulnerability--85e8df32-598b-4c5a-8d33-ffe2de0d62d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b276faba-d550-42ab-a01d-0b3df44583b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85e8df32-598b-4c5a-8d33-ffe2de0d62d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.523236Z", + "modified": "2025-02-27T00:38:15.523236Z", + "name": "CVE-2022-49634", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix data-races in proc_dou8vec_minmax().\n\nA sysctl variable is accessed concurrently, and there is always a chance\nof data-race. So, all readers and writers need some basic protection to\navoid load/store-tearing.\n\nThis patch changes proc_dou8vec_minmax() to use READ_ONCE() and\nWRITE_ONCE() internally to fix data-races on the sysctl side. For now,\nproc_dou8vec_minmax() itself is tolerant to a data-race, but we still\nneed to add annotations on the other subsystem's side.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--868f7f16-e562-45ae-a07a-f420647d1aa9.json b/objects/vulnerability/vulnerability--868f7f16-e562-45ae-a07a-f420647d1aa9.json new file mode 100644 index 00000000000..43b6cd7e09b --- /dev/null +++ b/objects/vulnerability/vulnerability--868f7f16-e562-45ae-a07a-f420647d1aa9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--382e22c6-7c74-4718-aa33-de78fad002a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--868f7f16-e562-45ae-a07a-f420647d1aa9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.548118Z", + "modified": "2025-02-27T00:38:15.548118Z", + "name": "CVE-2022-49399", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: goldfish: Use tty_port_destroy() to destroy port\n\nIn goldfish_tty_probe(), the port initialized through tty_port_init()\nshould be destroyed in error paths.In goldfish_tty_remove(), qtty->port\nalso should be destroyed or else might leak resources.\n\nFix the above by calling tty_port_destroy().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49399" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--869967a6-ed68-4ba0-ac17-75001a329f61.json b/objects/vulnerability/vulnerability--869967a6-ed68-4ba0-ac17-75001a329f61.json new file mode 100644 index 00000000000..2148f17b694 --- /dev/null +++ b/objects/vulnerability/vulnerability--869967a6-ed68-4ba0-ac17-75001a329f61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aeb62bcb-ceb5-44c3-976b-7fcf9120f8cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--869967a6-ed68-4ba0-ac17-75001a329f61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.520451Z", + "modified": "2025-02-27T00:38:15.520451Z", + "name": "CVE-2022-49676", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nThis function doesn't call of_node_put() in some error paths.\nTo unify the structure, Add put_node label and goto it on errors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86cd4f65-e88f-47c2-9365-5f41ddc8a473.json b/objects/vulnerability/vulnerability--86cd4f65-e88f-47c2-9365-5f41ddc8a473.json new file mode 100644 index 00000000000..d4572a3bb83 --- /dev/null +++ b/objects/vulnerability/vulnerability--86cd4f65-e88f-47c2-9365-5f41ddc8a473.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--895b8eab-4978-4f1f-b233-3e631f374318", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86cd4f65-e88f-47c2-9365-5f41ddc8a473", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.480444Z", + "modified": "2025-02-27T00:38:15.480444Z", + "name": "CVE-2022-49169", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: use spin_lock to avoid hang\n\n[14696.634553] task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x00000004\n[14696.638285] Call Trace:\n[14696.639038] \n[14696.640032] __schedule+0x302/0x930\n[14696.640969] schedule+0x58/0xd0\n[14696.641799] schedule_preempt_disabled+0x18/0x30\n[14696.642890] __mutex_lock.constprop.0+0x2fb/0x4f0\n[14696.644035] ? mod_objcg_state+0x10c/0x310\n[14696.645040] ? obj_cgroup_charge+0xe1/0x170\n[14696.646067] __mutex_lock_slowpath+0x13/0x20\n[14696.647126] mutex_lock+0x34/0x40\n[14696.648070] stat_show+0x25/0x17c0 [f2fs]\n[14696.649218] seq_read_iter+0x120/0x4b0\n[14696.650289] ? aa_file_perm+0x12a/0x500\n[14696.651357] ? lru_cache_add+0x1c/0x20\n[14696.652470] seq_read+0xfd/0x140\n[14696.653445] full_proxy_read+0x5c/0x80\n[14696.654535] vfs_read+0xa0/0x1a0\n[14696.655497] ksys_read+0x67/0xe0\n[14696.656502] __x64_sys_read+0x1a/0x20\n[14696.657580] do_syscall_64+0x3b/0xc0\n[14696.658671] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[14696.660068] RIP: 0033:0x7efe39df1cb2\n[14696.661133] RSP: 002b:00007ffc8badd948 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[14696.662958] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007efe39df1cb2\n[14696.664757] RDX: 0000000000020000 RSI: 00007efe399df000 RDI: 0000000000000003\n[14696.666542] RBP: 00007efe399df000 R08: 00007efe399de010 R09: 00007efe399de010\n[14696.668363] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000\n[14696.670155] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000\n[14696.671965] \n[14696.672826] task:umount state:D stack: 0 pid:1614985 ppid:1614984 flags:0x00004000\n[14696.674930] Call Trace:\n[14696.675903] \n[14696.676780] __schedule+0x302/0x930\n[14696.677927] schedule+0x58/0xd0\n[14696.679019] schedule_preempt_disabled+0x18/0x30\n[14696.680412] __mutex_lock.constprop.0+0x2fb/0x4f0\n[14696.681783] ? destroy_inode+0x65/0x80\n[14696.683006] __mutex_lock_slowpath+0x13/0x20\n[14696.684305] mutex_lock+0x34/0x40\n[14696.685442] f2fs_destroy_stats+0x1e/0x60 [f2fs]\n[14696.686803] f2fs_put_super+0x158/0x390 [f2fs]\n[14696.688238] generic_shutdown_super+0x7a/0x120\n[14696.689621] kill_block_super+0x27/0x50\n[14696.690894] kill_f2fs_super+0x7f/0x100 [f2fs]\n[14696.692311] deactivate_locked_super+0x35/0xa0\n[14696.693698] deactivate_super+0x40/0x50\n[14696.694985] cleanup_mnt+0x139/0x190\n[14696.696209] __cleanup_mnt+0x12/0x20\n[14696.697390] task_work_run+0x64/0xa0\n[14696.698587] exit_to_user_mode_prepare+0x1b7/0x1c0\n[14696.700053] syscall_exit_to_user_mode+0x27/0x50\n[14696.701418] do_syscall_64+0x48/0xc0\n[14696.702630] entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88154ec4-4c31-4a00-b3d8-4a642b20ae11.json b/objects/vulnerability/vulnerability--88154ec4-4c31-4a00-b3d8-4a642b20ae11.json new file mode 100644 index 00000000000..f4f7e7bcfbf --- /dev/null +++ b/objects/vulnerability/vulnerability--88154ec4-4c31-4a00-b3d8-4a642b20ae11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ce4d487-a42e-414e-89bf-52a93a42701c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88154ec4-4c31-4a00-b3d8-4a642b20ae11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.885636Z", + "modified": "2025-02-27T00:38:01.885636Z", + "name": "CVE-2024-57423", + "description": "A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57423" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8882d40e-423d-4471-9f9a-b26686e928d8.json b/objects/vulnerability/vulnerability--8882d40e-423d-4471-9f9a-b26686e928d8.json new file mode 100644 index 00000000000..cf1a2059c77 --- /dev/null +++ b/objects/vulnerability/vulnerability--8882d40e-423d-4471-9f9a-b26686e928d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--714b4cb0-a511-48c7-96f3-b1a41b750316", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8882d40e-423d-4471-9f9a-b26686e928d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.43865Z", + "modified": "2025-02-27T00:38:15.43865Z", + "name": "CVE-2022-49482", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mxs-saif: Fix refcount leak in mxs_saif_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49482" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88dece6a-48cb-4299-abe9-8f694c0331ac.json b/objects/vulnerability/vulnerability--88dece6a-48cb-4299-abe9-8f694c0331ac.json new file mode 100644 index 00000000000..ffb5b5aa6e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--88dece6a-48cb-4299-abe9-8f694c0331ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b78b88e-4e6d-4df6-b6cc-b28fe1114ea2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88dece6a-48cb-4299-abe9-8f694c0331ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.379648Z", + "modified": "2025-02-27T00:38:15.379648Z", + "name": "CVE-2022-49343", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid cycles in directory h-tree\n\nA maliciously corrupted filesystem can contain cycles in the h-tree\nstored inside a directory. That can easily lead to the kernel corrupting\ntree nodes that were already verified under its hands while doing a node\nsplit and consequently accessing unallocated memory. Fix the problem by\nverifying traversed block numbers are unique.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49343" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88f4cf57-8458-4cd2-af28-2bf6ef519ccb.json b/objects/vulnerability/vulnerability--88f4cf57-8458-4cd2-af28-2bf6ef519ccb.json new file mode 100644 index 00000000000..6b092ba8877 --- /dev/null +++ b/objects/vulnerability/vulnerability--88f4cf57-8458-4cd2-af28-2bf6ef519ccb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d281489-50ef-4f4d-bb15-b8a2a89513c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88f4cf57-8458-4cd2-af28-2bf6ef519ccb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.566026Z", + "modified": "2025-02-27T00:38:15.566026Z", + "name": "CVE-2022-49679", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: Fix refcount leak in axxia_boot_secondary\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49679" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a7e09bf-9aa3-4bd3-8f7d-00ddcceb0f61.json b/objects/vulnerability/vulnerability--8a7e09bf-9aa3-4bd3-8f7d-00ddcceb0f61.json new file mode 100644 index 00000000000..8f5ee64f100 --- /dev/null +++ b/objects/vulnerability/vulnerability--8a7e09bf-9aa3-4bd3-8f7d-00ddcceb0f61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--344b4c7a-204e-41df-9c90-7c80073b00d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a7e09bf-9aa3-4bd3-8f7d-00ddcceb0f61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.522336Z", + "modified": "2025-02-27T00:38:15.522336Z", + "name": "CVE-2022-49538", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: jack: Access input_dev under mutex\n\nIt is possible when using ASoC that input_dev is unregistered while\ncalling snd_jack_report, which causes NULL pointer dereference.\nIn order to prevent this serialize access to input_dev using mutex lock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c2fbeae-e92f-4c04-a3f3-b8220851679e.json b/objects/vulnerability/vulnerability--8c2fbeae-e92f-4c04-a3f3-b8220851679e.json new file mode 100644 index 00000000000..e4270c3db7b --- /dev/null +++ b/objects/vulnerability/vulnerability--8c2fbeae-e92f-4c04-a3f3-b8220851679e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ae77601-6e7b-4398-966e-b513715a39f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c2fbeae-e92f-4c04-a3f3-b8220851679e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.396892Z", + "modified": "2025-02-27T00:38:15.396892Z", + "name": "CVE-2022-49140", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"nbd: fix possible overflow on 'first_minor' in nbd_dev_add()\"\n\nThis reverts commit 6d35d04a9e18990040e87d2bbf72689252669d54.\n\nBoth Gabriel and Borislav report that this commit casues a regression\nwith nbd:\n\nsysfs: cannot create duplicate filename '/dev/block/43:0'\n\nRevert it before 5.18-rc1 and we'll investigage this separately in\ndue time.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49140" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c77ada4-d461-49e4-b3e8-18dbedb3a2bc.json b/objects/vulnerability/vulnerability--8c77ada4-d461-49e4-b3e8-18dbedb3a2bc.json new file mode 100644 index 00000000000..6e3347fc800 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c77ada4-d461-49e4-b3e8-18dbedb3a2bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d574b431-09f3-4e9d-94ae-78a224666e76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c77ada4-d461-49e4-b3e8-18dbedb3a2bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.448934Z", + "modified": "2025-02-27T00:38:15.448934Z", + "name": "CVE-2022-49536", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix SCSI I/O completion and abort handler deadlock\n\nDuring stress I/O tests with 500+ vports, hard LOCKUP call traces are\nobserved.\n\nCPU A:\n native_queued_spin_lock_slowpath+0x192\n _raw_spin_lock_irqsave+0x32\n lpfc_handle_fcp_err+0x4c6\n lpfc_fcp_io_cmd_wqe_cmpl+0x964\n lpfc_sli4_fp_handle_cqe+0x266\n __lpfc_sli4_process_cq+0x105\n __lpfc_sli4_hba_process_cq+0x3c\n lpfc_cq_poll_hdler+0x16\n irq_poll_softirq+0x76\n __softirqentry_text_start+0xe4\n irq_exit+0xf7\n do_IRQ+0x7f\n\nCPU B:\n native_queued_spin_lock_slowpath+0x5b\n _raw_spin_lock+0x1c\n lpfc_abort_handler+0x13e\n scmd_eh_abort_handler+0x85\n process_one_work+0x1a7\n worker_thread+0x30\n kthread+0x112\n ret_from_fork+0x1f\n\nDiagram of lockup:\n\nCPUA CPUB\n---- ----\nlpfc_cmd->buf_lock\n phba->hbalock\n lpfc_cmd->buf_lock\nphba->hbalock\n\nFix by reordering the taking of the lpfc_cmd->buf_lock and phba->hbalock in\nlpfc_abort_handler routine so that it tries to take the lpfc_cmd->buf_lock\nfirst before phba->hbalock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c8e63e9-5e75-4c53-b549-b3c84fd13dde.json b/objects/vulnerability/vulnerability--8c8e63e9-5e75-4c53-b549-b3c84fd13dde.json new file mode 100644 index 00000000000..13fed5ef98d --- /dev/null +++ b/objects/vulnerability/vulnerability--8c8e63e9-5e75-4c53-b549-b3c84fd13dde.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a78a673-2a0c-47d7-8a0a-1ab9bfc376f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c8e63e9-5e75-4c53-b549-b3c84fd13dde", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.261802Z", + "modified": "2025-02-27T00:38:15.261802Z", + "name": "CVE-2022-49059", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: add flush_workqueue to prevent uaf\n\nOur detector found a concurrent use-after-free bug when detaching an\nNCI device. The main reason for this bug is the unexpected scheduling\nbetween the used delayed mechanism (timer and workqueue).\n\nThe race can be demonstrated below:\n\nThread-1 Thread-2\n | nci_dev_up()\n | nci_open_device()\n | __nci_request(nci_reset_req)\n | nci_send_cmd\n | queue_work(cmd_work)\nnci_unregister_device() |\n nci_close_device() | ...\n del_timer_sync(cmd_timer)[1] |\n... | Worker\nnci_free_device() | nci_cmd_work()\n kfree(ndev)[3] | mod_timer(cmd_timer)[2]\n\nIn short, the cleanup routine thought that the cmd_timer has already\nbeen detached by [1] but the mod_timer can re-attach the timer [2], even\nit is already released [3], resulting in UAF.\n\nThis UAF is easy to trigger, crash trace by POC is like below\n\n[ 66.703713] ==================================================================\n[ 66.703974] BUG: KASAN: use-after-free in enqueue_timer+0x448/0x490\n[ 66.703974] Write of size 8 at addr ffff888009fb7058 by task kworker/u4:1/33\n[ 66.703974]\n[ 66.703974] CPU: 1 PID: 33 Comm: kworker/u4:1 Not tainted 5.18.0-rc2 #5\n[ 66.703974] Workqueue: nfc2_nci_cmd_wq nci_cmd_work\n[ 66.703974] Call Trace:\n[ 66.703974] \n[ 66.703974] dump_stack_lvl+0x57/0x7d\n[ 66.703974] print_report.cold+0x5e/0x5db\n[ 66.703974] ? enqueue_timer+0x448/0x490\n[ 66.703974] kasan_report+0xbe/0x1c0\n[ 66.703974] ? enqueue_timer+0x448/0x490\n[ 66.703974] enqueue_timer+0x448/0x490\n[ 66.703974] __mod_timer+0x5e6/0xb80\n[ 66.703974] ? mark_held_locks+0x9e/0xe0\n[ 66.703974] ? try_to_del_timer_sync+0xf0/0xf0\n[ 66.703974] ? lockdep_hardirqs_on_prepare+0x17b/0x410\n[ 66.703974] ? queue_work_on+0x61/0x80\n[ 66.703974] ? lockdep_hardirqs_on+0xbf/0x130\n[ 66.703974] process_one_work+0x8bb/0x1510\n[ 66.703974] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 66.703974] ? pwq_dec_nr_in_flight+0x230/0x230\n[ 66.703974] ? rwlock_bug.part.0+0x90/0x90\n[ 66.703974] ? _raw_spin_lock_irq+0x41/0x50\n[ 66.703974] worker_thread+0x575/0x1190\n[ 66.703974] ? process_one_work+0x1510/0x1510\n[ 66.703974] kthread+0x2a0/0x340\n[ 66.703974] ? kthread_complete_and_exit+0x20/0x20\n[ 66.703974] ret_from_fork+0x22/0x30\n[ 66.703974] \n[ 66.703974]\n[ 66.703974] Allocated by task 267:\n[ 66.703974] kasan_save_stack+0x1e/0x40\n[ 66.703974] __kasan_kmalloc+0x81/0xa0\n[ 66.703974] nci_allocate_device+0xd3/0x390\n[ 66.703974] nfcmrvl_nci_register_dev+0x183/0x2c0\n[ 66.703974] nfcmrvl_nci_uart_open+0xf2/0x1dd\n[ 66.703974] nci_uart_tty_ioctl+0x2c3/0x4a0\n[ 66.703974] tty_ioctl+0x764/0x1310\n[ 66.703974] __x64_sys_ioctl+0x122/0x190\n[ 66.703974] do_syscall_64+0x3b/0x90\n[ 66.703974] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 66.703974]\n[ 66.703974] Freed by task 406:\n[ 66.703974] kasan_save_stack+0x1e/0x40\n[ 66.703974] kasan_set_track+0x21/0x30\n[ 66.703974] kasan_set_free_info+0x20/0x30\n[ 66.703974] __kasan_slab_free+0x108/0x170\n[ 66.703974] kfree+0xb0/0x330\n[ 66.703974] nfcmrvl_nci_unregister_dev+0x90/0xd0\n[ 66.703974] nci_uart_tty_close+0xdf/0x180\n[ 66.703974] tty_ldisc_kill+0x73/0x110\n[ 66.703974] tty_ldisc_hangup+0x281/0x5b0\n[ 66.703974] __tty_hangup.part.0+0x431/0x890\n[ 66.703974] tty_release+0x3a8/0xc80\n[ 66.703974] __fput+0x1f0/0x8c0\n[ 66.703974] task_work_run+0xc9/0x170\n[ 66.703974] exit_to_user_mode_prepare+0x194/0x1a0\n[ 66.703974] syscall_exit_to_user_mode+0x19/0x50\n[ 66.703974] do_syscall_64+0x48/0x90\n[ 66.703974] entry_SYSCALL_64_after_hwframe+0x44/0x\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49059" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8cc2ef4b-6ba2-49d0-89db-26e5a3a29c8e.json b/objects/vulnerability/vulnerability--8cc2ef4b-6ba2-49d0-89db-26e5a3a29c8e.json new file mode 100644 index 00000000000..9eef027d467 --- /dev/null +++ b/objects/vulnerability/vulnerability--8cc2ef4b-6ba2-49d0-89db-26e5a3a29c8e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03bef647-001d-4999-bcd3-668433cf2dd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8cc2ef4b-6ba2-49d0-89db-26e5a3a29c8e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.290377Z", + "modified": "2025-02-27T00:38:15.290377Z", + "name": "CVE-2022-49674", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix accesses beyond end of raid member array\n\nOn dm-raid table load (using raid_ctr), dm-raid allocates an array\nrs->devs[rs->raid_disks] for the raid device members. rs->raid_disks\nis defined by the number of raid metadata and image tupples passed\ninto the target's constructor.\n\nIn the case of RAID layout changes being requested, that number can be\ndifferent from the current number of members for existing raid sets as\ndefined in their superblocks. Example RAID layout changes include:\n- raid1 legs being added/removed\n- raid4/5/6/10 number of stripes changed (stripe reshaping)\n- takeover to higher raid level (e.g. raid5 -> raid6)\n\nWhen accessing array members, rs->raid_disks must be used in control\nloops instead of the potentially larger value in rs->md.raid_disks.\nOtherwise it will cause memory access beyond the end of the rs->devs\narray.\n\nFix this by changing code that is prone to out-of-bounds access.\nAlso fix validate_raid_redundancy() to validate all devices that are\nadded. Also, use braces to help clean up raid_iterate_devices().\n\nThe out-of-bounds memory accesses was discovered using KASAN.\n\nThis commit was verified to pass all LVM2 RAID tests (with KASAN\nenabled).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d308921-a5b4-43a3-a4f3-e38bf145897c.json b/objects/vulnerability/vulnerability--8d308921-a5b4-43a3-a4f3-e38bf145897c.json new file mode 100644 index 00000000000..f1984af1b91 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d308921-a5b4-43a3-a4f3-e38bf145897c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6191e9eb-8cd6-407b-82d0-648f9f168ef5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d308921-a5b4-43a3-a4f3-e38bf145897c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.291317Z", + "modified": "2025-02-27T00:38:15.291317Z", + "name": "CVE-2022-49046", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: dev: check return value when calling dev_set_name()\n\nIf dev_set_name() fails, the dev_name() is null, check the return\nvalue of dev_set_name() to avoid the null-ptr-deref.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49046" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d43686b-7e0c-4307-90db-b6d002d7d121.json b/objects/vulnerability/vulnerability--8d43686b-7e0c-4307-90db-b6d002d7d121.json new file mode 100644 index 00000000000..a23f266407a --- /dev/null +++ b/objects/vulnerability/vulnerability--8d43686b-7e0c-4307-90db-b6d002d7d121.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9dc6a6a-ff60-48b2-ba8d-5b3cabaa8f04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d43686b-7e0c-4307-90db-b6d002d7d121", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.718949Z", + "modified": "2025-02-27T00:38:15.718949Z", + "name": "CVE-2022-49650", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: fix runtime PM underflow\n\nCommit dbad41e7bb5f (\"dmaengine: qcom: bam_dma: check if the runtime pm enabled\")\ncaused unbalanced pm_runtime_get/put() calls when the bam is\ncontrolled remotely. This commit reverts it and just enables pm_runtime\nin all cases, the clk_* functions already just nop when the clock is NULL.\n\nAlso clean up a bit by removing unnecessary bamclk null checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d728a53-cb80-42d5-873f-94074bcb2f03.json b/objects/vulnerability/vulnerability--8d728a53-cb80-42d5-873f-94074bcb2f03.json new file mode 100644 index 00000000000..be5e8a296e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d728a53-cb80-42d5-873f-94074bcb2f03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c87d7beb-c397-41d0-ad0e-14571d524bb1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d728a53-cb80-42d5-873f-94074bcb2f03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.574379Z", + "modified": "2025-02-27T00:38:15.574379Z", + "name": "CVE-2022-49257", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Fix NULL dereference in error cleanup\n\nIn watch_queue_set_size(), the error cleanup code doesn't take account of\nthe fact that __free_page() can't handle a NULL pointer when trying to free\nup buffer pages that did get allocated.\n\nFix this by only calling __free_page() on the pages actually allocated.\n\nWithout the fix, this can lead to something like the following:\n\nBUG: KASAN: null-ptr-deref in __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473\nRead of size 4 at addr 0000000000000034 by task syz-executor168/3599\n...\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n __kasan_report mm/kasan/report.c:446 [inline]\n kasan_report.cold+0x66/0xdf mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:71 [inline]\n atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline]\n page_ref_count include/linux/page_ref.h:67 [inline]\n put_page_testzero include/linux/mm.h:717 [inline]\n __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473\n watch_queue_set_size+0x499/0x630 kernel/watch_queue.c:275\n pipe_ioctl+0xac/0x2b0 fs/pipe.c:632\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49257" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d8b3095-1848-4424-8b48-d9db5fcfaf32.json b/objects/vulnerability/vulnerability--8d8b3095-1848-4424-8b48-d9db5fcfaf32.json new file mode 100644 index 00000000000..6c4ca9792f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d8b3095-1848-4424-8b48-d9db5fcfaf32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5fe4f08-ceb9-4b2a-9ecd-6a3853460a25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d8b3095-1848-4424-8b48-d9db5fcfaf32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.730507Z", + "modified": "2025-02-27T00:38:15.730507Z", + "name": "CVE-2022-49213", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath10k: Fix error handling in ath10k_setup_msa_resources\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8da79669-e3c4-4669-9a61-a762d6f57196.json b/objects/vulnerability/vulnerability--8da79669-e3c4-4669-9a61-a762d6f57196.json new file mode 100644 index 00000000000..82bf8b7d1b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--8da79669-e3c4-4669-9a61-a762d6f57196.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d15efcc-5bdd-4812-81bd-754a8d679fa4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8da79669-e3c4-4669-9a61-a762d6f57196", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.644667Z", + "modified": "2025-02-27T00:38:15.644667Z", + "name": "CVE-2022-49503", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix\n\nThe \"rxstatus->rs_keyix\" eventually gets passed to test_bit() so we need to\nensure that it is within the bitmap.\n\ndrivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept()\nerror: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()'", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ec793fe-b0a8-4d80-9b04-8ca27509d431.json b/objects/vulnerability/vulnerability--8ec793fe-b0a8-4d80-9b04-8ca27509d431.json new file mode 100644 index 00000000000..f069950a0c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ec793fe-b0a8-4d80-9b04-8ca27509d431.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cdcd37b-034b-48b6-9af0-5289136df2a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ec793fe-b0a8-4d80-9b04-8ca27509d431", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.553723Z", + "modified": "2025-02-27T00:38:15.553723Z", + "name": "CVE-2022-49278", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: Fix count check in rproc_coredump_write()\n\nCheck count for 0, to avoid a potential underflow. Make the check the\nsame as the one in rproc_recovery_write().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f9d06fa-18d8-478b-a72d-b0724f3a8c6e.json b/objects/vulnerability/vulnerability--8f9d06fa-18d8-478b-a72d-b0724f3a8c6e.json new file mode 100644 index 00000000000..860eb58e2cd --- /dev/null +++ b/objects/vulnerability/vulnerability--8f9d06fa-18d8-478b-a72d-b0724f3a8c6e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfc4654a-924c-4a34-9a7a-dd1279f1845c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f9d06fa-18d8-478b-a72d-b0724f3a8c6e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.374793Z", + "modified": "2025-02-27T00:38:15.374793Z", + "name": "CVE-2022-49195", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix panic on shutdown if multi-chip tree failed to probe\n\nDSA probing is atypical because a tree of devices must probe all at\nonce, so out of N switches which call dsa_tree_setup_routing_table()\nduring probe, for (N - 1) of them, \"complete\" will return false and they\nwill exit probing early. The Nth switch will set up the whole tree on\ntheir behalf.\n\nThe implication is that for (N - 1) switches, the driver binds to the\ndevice successfully, without doing anything. When the driver is bound,\nthe ->shutdown() method may run. But if the Nth switch has failed to\ninitialize the tree, there is nothing to do for the (N - 1) driver\ninstances, since the slave devices have not been created, etc. Moreover,\ndsa_switch_shutdown() expects that the calling @ds has been in fact\ninitialized, so it jumps at dereferencing the various data structures,\nwhich is incorrect.\n\nAvoid the ensuing NULL pointer dereferences by simply checking whether\nthe Nth switch has previously set \"ds->setup = true\" for the switch\nwhich is currently shutting down. The entire setup is serialized under\ndsa2_mutex which we already hold.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49195" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8fa3241d-bcab-44a9-a610-7cd4de4c33ce.json b/objects/vulnerability/vulnerability--8fa3241d-bcab-44a9-a610-7cd4de4c33ce.json new file mode 100644 index 00000000000..af2a2defffd --- /dev/null +++ b/objects/vulnerability/vulnerability--8fa3241d-bcab-44a9-a610-7cd4de4c33ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a02bc6f0-85c8-46ea-b060-7ca91e991608", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8fa3241d-bcab-44a9-a610-7cd4de4c33ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.516508Z", + "modified": "2025-02-27T00:38:15.516508Z", + "name": "CVE-2022-49293", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: initialize registers in nft_do_chain()\n\nInitialize registers to avoid stack leak into userspace.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49293" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90ac6636-bc0c-4f5e-ad94-3324475c3fd8.json b/objects/vulnerability/vulnerability--90ac6636-bc0c-4f5e-ad94-3324475c3fd8.json new file mode 100644 index 00000000000..65f8ad1a676 --- /dev/null +++ b/objects/vulnerability/vulnerability--90ac6636-bc0c-4f5e-ad94-3324475c3fd8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13638f25-eac3-489e-b0c4-4a2ea49bc709", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90ac6636-bc0c-4f5e-ad94-3324475c3fd8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.549047Z", + "modified": "2025-02-27T00:38:15.549047Z", + "name": "CVE-2022-49362", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix potential use-after-free in nfsd_file_put()\n\nnfsd_file_put_noref() can free @nf, so don't dereference @nf\nimmediately upon return from nfsd_file_put_noref().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9173344c-b516-4da6-bf83-10efbbcdd8e1.json b/objects/vulnerability/vulnerability--9173344c-b516-4da6-bf83-10efbbcdd8e1.json new file mode 100644 index 00000000000..f07023bc068 --- /dev/null +++ b/objects/vulnerability/vulnerability--9173344c-b516-4da6-bf83-10efbbcdd8e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63bd7886-c9d0-41f8-abfb-b4a7f8cf49fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9173344c-b516-4da6-bf83-10efbbcdd8e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.754593Z", + "modified": "2025-02-27T00:38:15.754593Z", + "name": "CVE-2022-49091", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imx: Fix memory leak in imx_pd_connector_get_modes\n\nAvoid leaking the display mode variable if of_get_drm_display_mode\nfails.\n\nAddresses-Coverity-ID: 1443943 (\"Resource leak\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49091" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--918b2212-2944-49b6-b995-6fdb9e7a58cb.json b/objects/vulnerability/vulnerability--918b2212-2944-49b6-b995-6fdb9e7a58cb.json new file mode 100644 index 00000000000..e0a70a43e11 --- /dev/null +++ b/objects/vulnerability/vulnerability--918b2212-2944-49b6-b995-6fdb9e7a58cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fd77892-1d75-45e5-95c7-7430ef4a5cc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--918b2212-2944-49b6-b995-6fdb9e7a58cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.518474Z", + "modified": "2025-02-27T00:38:15.518474Z", + "name": "CVE-2022-49685", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix use-after-free on remove\n\nEnsure that the irq_work has completed before the trigger is freed.\n\n ==================================================================\n BUG: KASAN: use-after-free in irq_work_run_list\n Read of size 8 at addr 0000000064702248 by task python3/25\n\n Call Trace:\n irq_work_run_list\n irq_work_tick\n update_process_times\n tick_sched_handle\n tick_sched_timer\n __hrtimer_run_queues\n hrtimer_interrupt\n\n Allocated by task 25:\n kmem_cache_alloc_trace\n iio_sysfs_trig_add\n dev_attr_store\n sysfs_kf_write\n kernfs_fop_write_iter\n new_sync_write\n vfs_write\n ksys_write\n sys_write\n\n Freed by task 25:\n kfree\n iio_sysfs_trig_remove\n dev_attr_store\n sysfs_kf_write\n kernfs_fop_write_iter\n new_sync_write\n vfs_write\n ksys_write\n sys_write\n\n ==================================================================", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91a975a8-55bf-4ae7-a8fd-0b0f01ecda69.json b/objects/vulnerability/vulnerability--91a975a8-55bf-4ae7-a8fd-0b0f01ecda69.json new file mode 100644 index 00000000000..5e28c233493 --- /dev/null +++ b/objects/vulnerability/vulnerability--91a975a8-55bf-4ae7-a8fd-0b0f01ecda69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8740ad16-9ebf-4f58-bcdd-c5250d6b3511", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91a975a8-55bf-4ae7-a8fd-0b0f01ecda69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.365002Z", + "modified": "2025-02-27T00:38:15.365002Z", + "name": "CVE-2022-49471", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw89: cfo: check mac_id to avoid out-of-bounds\n\nSomehow, hardware reports incorrect mac_id and pollute memory. Check index\nbefore we access the array.\n\n UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23\n index 188 is out of range for type 's32 [64]'\n CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE\n Call Trace:\n \n show_stack+0x52/0x58\n dump_stack_lvl+0x4c/0x63\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x45\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n ? __alloc_skb+0x92/0x1d0\n rtw89_phy_cfo_parse+0x44/0x7f [rtw89_core]\n rtw89_core_rx+0x261/0x871 [rtw89_core]\n ? __alloc_skb+0xee/0x1d0\n rtw89_pci_napi_poll+0x3fa/0x4ea [rtw89_pci]\n __napi_poll+0x33/0x1a0\n net_rx_action+0x126/0x260\n ? __queue_work+0x217/0x4c0\n __do_softirq+0xd9/0x315\n ? disable_irq_nosync+0x10/0x10\n do_softirq.part.0+0x6d/0x90\n \n \n __local_bh_enable_ip+0x62/0x70\n rtw89_pci_interrupt_threadfn+0x182/0x1a6 [rtw89_pci]\n irq_thread_fn+0x28/0x60\n irq_thread+0xc8/0x190\n ? irq_thread_fn+0x60/0x60\n kthread+0x16b/0x190\n ? irq_thread_check_affinity+0xe0/0xe0\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91e19f86-402f-40b0-9a98-745a475bd0c7.json b/objects/vulnerability/vulnerability--91e19f86-402f-40b0-9a98-745a475bd0c7.json new file mode 100644 index 00000000000..779dc296876 --- /dev/null +++ b/objects/vulnerability/vulnerability--91e19f86-402f-40b0-9a98-745a475bd0c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff330d1f-abcc-47b7-8e5f-34a9c27ab588", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91e19f86-402f-40b0-9a98-745a475bd0c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.520259Z", + "modified": "2025-02-27T00:38:07.520259Z", + "name": "CVE-2025-0941", + "description": "MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store credentials in plain text within the system. This data is not available to unauthenticated users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0941" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--927a74e2-6af0-4cef-b441-39e21d65f0c7.json b/objects/vulnerability/vulnerability--927a74e2-6af0-4cef-b441-39e21d65f0c7.json new file mode 100644 index 00000000000..691b275cfcd --- /dev/null +++ b/objects/vulnerability/vulnerability--927a74e2-6af0-4cef-b441-39e21d65f0c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9d0aeaa-d7aa-457b-80de-74b3da90f203", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--927a74e2-6af0-4cef-b441-39e21d65f0c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.357194Z", + "modified": "2025-02-27T00:38:15.357194Z", + "name": "CVE-2022-49237", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: add missing of_node_put() to avoid leak\n\nThe node pointer is returned by of_find_node_by_type()\nor of_parse_phandle() with refcount incremented. Calling\nof_node_put() to aovid the refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92bcd8cf-9e0f-4c31-bc7a-a7cdc7e6add3.json b/objects/vulnerability/vulnerability--92bcd8cf-9e0f-4c31-bc7a-a7cdc7e6add3.json new file mode 100644 index 00000000000..81051e04ad7 --- /dev/null +++ b/objects/vulnerability/vulnerability--92bcd8cf-9e0f-4c31-bc7a-a7cdc7e6add3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--817c48e6-4253-4c8f-b514-8f9696e54a63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92bcd8cf-9e0f-4c31-bc7a-a7cdc7e6add3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.417219Z", + "modified": "2025-02-27T00:38:15.417219Z", + "name": "CVE-2022-49053", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcmu: Fix possible page UAF\n\ntcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not\ntake refcount properly and just returns page pointer. When\ntcmu_try_get_data_page() returns, the returned page may have been freed by\ntcmu_blocks_release().\n\nWe need to get_page() under cmdr_lock to avoid concurrent\ntcmu_blocks_release().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49053" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92fb8a48-5276-45ac-9208-c4e2be5904e3.json b/objects/vulnerability/vulnerability--92fb8a48-5276-45ac-9208-c4e2be5904e3.json new file mode 100644 index 00000000000..2c28a475bf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--92fb8a48-5276-45ac-9208-c4e2be5904e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7974ee0a-f753-4ccc-93ea-1ee35602762d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92fb8a48-5276-45ac-9208-c4e2be5904e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.716521Z", + "modified": "2025-02-27T00:38:07.716521Z", + "name": "CVE-2025-25784", + "description": "An arbitrary file upload vulnerability in the component \\c\\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--935dfc63-9cd7-4ee5-90f6-a9acf93b6237.json b/objects/vulnerability/vulnerability--935dfc63-9cd7-4ee5-90f6-a9acf93b6237.json new file mode 100644 index 00000000000..b9779c3e678 --- /dev/null +++ b/objects/vulnerability/vulnerability--935dfc63-9cd7-4ee5-90f6-a9acf93b6237.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--920c439f-c336-41cc-91e6-a5aba37242fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--935dfc63-9cd7-4ee5-90f6-a9acf93b6237", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.767012Z", + "modified": "2025-02-27T00:38:15.767012Z", + "name": "CVE-2022-49464", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix buffer copy overflow of ztailpacking feature\n\nI got some KASAN report as below:\n\n[ 46.959738] ==================================================================\n[ 46.960430] BUG: KASAN: use-after-free in z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] Read of size 4074 at addr ffff8880300c2f8e by task fssum/188\n...\n[ 46.960430] Call Trace:\n[ 46.960430] \n[ 46.960430] dump_stack_lvl+0x41/0x5e\n[ 46.960430] print_report.cold+0xb2/0x6b7\n[ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] kasan_report+0x8a/0x140\n[ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] kasan_check_range+0x14d/0x1d0\n[ 46.960430] memcpy+0x20/0x60\n[ 46.960430] z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] z_erofs_decompress_pcluster+0xaae/0x1080\n\nThe root cause is that the tail pcluster won't be a complete filesystem\nblock anymore. So if ztailpacking is used, the second part of an\nuncompressed tail pcluster may not be ``rq->pageofs_out``.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49464" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--938146cb-0e11-460e-8258-310ee1874f9a.json b/objects/vulnerability/vulnerability--938146cb-0e11-460e-8258-310ee1874f9a.json new file mode 100644 index 00000000000..59163454cae --- /dev/null +++ b/objects/vulnerability/vulnerability--938146cb-0e11-460e-8258-310ee1874f9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a228fa61-240e-4138-aebc-2cfc9d86d686", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--938146cb-0e11-460e-8258-310ee1874f9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.364059Z", + "modified": "2025-02-27T00:38:15.364059Z", + "name": "CVE-2022-49096", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sfc: add missing xdp queue reinitialization\n\nAfter rx/tx ring buffer size is changed, kernel panic occurs when\nit acts XDP_TX or XDP_REDIRECT.\n\nWhen tx/rx ring buffer size is changed(ethtool -G), sfc driver\nreallocates and reinitializes rx and tx queues and their buffer\n(tx_queue->buffer).\nBut it misses reinitializing xdp queues(efx->xdp_tx_queues).\nSo, while it is acting XDP_TX or XDP_REDIRECT, it uses the uninitialized\ntx_queue->buffer.\n\nA new function efx_set_xdp_channels() is separated from efx_set_channels()\nto handle only xdp queues.\n\nSplat looks like:\n BUG: kernel NULL pointer dereference, address: 000000000000002a\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#4] PREEMPT SMP NOPTI\n RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]\n CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.17.0+ #55 e8beeee8289528f11357029357cf\n Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80\n RSP: 0018:ffff92f121e45c60 EFLAGS: 00010297\n RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]\n RAX: 0000000000000040 RBX: ffff92ea506895c0 RCX: ffffffffc0330870\n RDX: 0000000000000001 RSI: 00000001139b10ce RDI: ffff92ea506895c0\n RBP: ffffffffc0358a80 R08: 00000001139b110d R09: 0000000000000000\n R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040\n R13: 0000000000000018 R14: 00000001139b10ce R15: ffff92ea506895c0\n FS: 0000000000000000(0000) GS:ffff92f121ec0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80\n CR2: 000000000000002a CR3: 00000003e6810004 CR4: 00000000007706e0\n RSP: 0018:ffff92f121e85c60 EFLAGS: 00010297\n PKRU: 55555554\n RAX: 0000000000000040 RBX: ffff92ea50689700 RCX: ffffffffc0330870\n RDX: 0000000000000001 RSI: 00000001145a90ce RDI: ffff92ea50689700\n RBP: ffffffffc0358a80 R08: 00000001145a910d R09: 0000000000000000\n R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040\n R13: 0000000000000018 R14: 00000001145a90ce R15: ffff92ea50689700\n FS: 0000000000000000(0000) GS:ffff92f121e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000002a CR3: 00000003e6810005 CR4: 00000000007706e0\n PKRU: 55555554\n Call Trace:\n \n efx_xdp_tx_buffers+0x12b/0x3d0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n __efx_rx_packet+0x5c3/0x930 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n efx_rx_packet+0x28c/0x2e0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n efx_ef10_ev_process+0x5f8/0xf40 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n ? enqueue_task_fair+0x95/0x550\n efx_poll+0xc4/0x360 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49096" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--939276ad-253c-4530-ab80-4befe55da284.json b/objects/vulnerability/vulnerability--939276ad-253c-4530-ab80-4befe55da284.json new file mode 100644 index 00000000000..59d5692868d --- /dev/null +++ b/objects/vulnerability/vulnerability--939276ad-253c-4530-ab80-4befe55da284.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eeb0df27-830d-4615-9bdb-8121409ca937", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--939276ad-253c-4530-ab80-4befe55da284", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.705631Z", + "modified": "2025-02-27T00:38:07.705631Z", + "name": "CVE-2025-25791", + "description": "An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93b31c8f-c171-45ac-b469-bca33748ff99.json b/objects/vulnerability/vulnerability--93b31c8f-c171-45ac-b469-bca33748ff99.json new file mode 100644 index 00000000000..3db5b81d512 --- /dev/null +++ b/objects/vulnerability/vulnerability--93b31c8f-c171-45ac-b469-bca33748ff99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8031255-6a72-408b-a09d-36bc6a8f62ba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93b31c8f-c171-45ac-b469-bca33748ff99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.657849Z", + "modified": "2025-02-27T00:38:15.657849Z", + "name": "CVE-2022-49455", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ocxl: fix possible double free in ocxl_file_register_afu\n\ninfo_release() will be called in device_unregister() when info->dev's\nreference count is 0. So there is no need to call ocxl_afu_put() and\nkfree() again.\n\nFix this by adding free_minor() and return to err_unregister error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49455" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9476305c-0011-440f-a220-a2b776d80716.json b/objects/vulnerability/vulnerability--9476305c-0011-440f-a220-a2b776d80716.json new file mode 100644 index 00000000000..decb7be3f55 --- /dev/null +++ b/objects/vulnerability/vulnerability--9476305c-0011-440f-a220-a2b776d80716.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b4876919-575c-4ebc-97db-163bc51b012b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9476305c-0011-440f-a220-a2b776d80716", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.680383Z", + "modified": "2025-02-27T00:38:15.680383Z", + "name": "CVE-2022-49180", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLSM: general protection fault in legacy_parse_param\n\nThe usual LSM hook \"bail on fail\" scheme doesn't work for cases where\na security module may return an error code indicating that it does not\nrecognize an input. In this particular case Smack sees a mount option\nthat it recognizes, and returns 0. A call to a BPF hook follows, which\nreturns -ENOPARAM, which confuses the caller because Smack has processed\nits data.\n\nThe SELinux hook incorrectly returns 1 on success. There was a time\nwhen this was correct, however the current expectation is that it\nreturn 0 on success. This is repaired.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49180" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--951f5b74-9607-43db-aef3-cb99ab9f8c18.json b/objects/vulnerability/vulnerability--951f5b74-9607-43db-aef3-cb99ab9f8c18.json new file mode 100644 index 00000000000..c5b43005d4c --- /dev/null +++ b/objects/vulnerability/vulnerability--951f5b74-9607-43db-aef3-cb99ab9f8c18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e537b13d-174e-45d2-a3b7-9022a431ead2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--951f5b74-9607-43db-aef3-cb99ab9f8c18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.702646Z", + "modified": "2025-02-27T00:38:07.702646Z", + "name": "CVE-2025-25785", + "description": "JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \\c\\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25785" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95eb8213-33e6-4296-bfd4-800315c8ba99.json b/objects/vulnerability/vulnerability--95eb8213-33e6-4296-bfd4-800315c8ba99.json new file mode 100644 index 00000000000..84815d0de64 --- /dev/null +++ b/objects/vulnerability/vulnerability--95eb8213-33e6-4296-bfd4-800315c8ba99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c1c484e-a280-45a1-9c9e-39926b86643f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95eb8213-33e6-4296-bfd4-800315c8ba99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.395072Z", + "modified": "2025-02-27T00:38:15.395072Z", + "name": "CVE-2022-49617", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: handle errors on card registration\n\nIf the card registration fails, typically because of deferred probes,\nthe device properties added for headset codecs are not removed, which\nleads to kernel oopses in driver bind/unbind tests.\n\nWe already clean-up the device properties when the card is removed,\nthis code can be moved as a helper and called upon card registration\nerrors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--963560d9-6ff1-4117-8171-bd65c0d6b292.json b/objects/vulnerability/vulnerability--963560d9-6ff1-4117-8171-bd65c0d6b292.json new file mode 100644 index 00000000000..8714351b810 --- /dev/null +++ b/objects/vulnerability/vulnerability--963560d9-6ff1-4117-8171-bd65c0d6b292.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5896c9e4-5e29-4564-a1d7-39843f483f9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--963560d9-6ff1-4117-8171-bd65c0d6b292", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.721931Z", + "modified": "2025-02-27T00:38:15.721931Z", + "name": "CVE-2022-49426", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3-sva: Fix mm use-after-free\n\nWe currently call arm64_mm_context_put() without holding a reference to\nthe mm, which can result in use-after-free. Call mmgrab()/mmdrop() to\nensure the mm only gets freed after we unpinned the ASID.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49426" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96e2df79-9190-4d83-824b-d8a0104cf336.json b/objects/vulnerability/vulnerability--96e2df79-9190-4d83-824b-d8a0104cf336.json new file mode 100644 index 00000000000..bfd062fd0aa --- /dev/null +++ b/objects/vulnerability/vulnerability--96e2df79-9190-4d83-824b-d8a0104cf336.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2297c96-c5b5-46f8-8de7-447243587da8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96e2df79-9190-4d83-824b-d8a0104cf336", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.673869Z", + "modified": "2025-02-27T00:38:15.673869Z", + "name": "CVE-2022-49194", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmgenet: Use stronger register read/writes to assure ordering\n\nGCC12 appears to be much smarter about its dependency tracking and is\naware that the relaxed variants are just normal loads and stores and\nthis is causing problems like:\n\n[ 210.074549] ------------[ cut here ]------------\n[ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out\n[ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_watchdog+0x234/0x240\n[ 210.095044] Modules linked in: genet(E) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat]\n[ 210.146561] ACPI CPPC: PCC check channel failed for ss: 0. ret=-110\n[ 210.146927] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G E 5.17.0-rc7G12+ #58\n[ 210.153226] CPPC Cpufreq:cppc_scale_freq_workfn: failed to read perf counters\n[ 210.161349] Hardware name: Raspberry Pi Foundation Raspberry Pi 4 Model B/Raspberry Pi 4 Model B, BIOS EDK2-DEV 02/08/2022\n[ 210.161353] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 210.161358] pc : dev_watchdog+0x234/0x240\n[ 210.161364] lr : dev_watchdog+0x234/0x240\n[ 210.161368] sp : ffff8000080a3a40\n[ 210.161370] x29: ffff8000080a3a40 x28: ffffcd425af87000 x27: ffff8000080a3b20\n[ 210.205150] x26: ffffcd425aa00000 x25: 0000000000000001 x24: ffffcd425af8ec08\n[ 210.212321] x23: 0000000000000100 x22: ffffcd425af87000 x21: ffff55b142688000\n[ 210.219491] x20: 0000000000000001 x19: ffff55b1426884c8 x18: ffffffffffffffff\n[ 210.226661] x17: 64656d6974203120 x16: 0000000000000001 x15: 6d736e617274203a\n[ 210.233831] x14: 2974656e65676d63 x13: ffffcd4259c300d8 x12: ffffcd425b07d5f0\n[ 210.241001] x11: 00000000ffffffff x10: ffffcd425b07d5f0 x9 : ffffcd4258bdad9c\n[ 210.248171] x8 : 00000000ffffdfff x7 : 000000000000003f x6 : 0000000000000000\n[ 210.255341] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000001000\n[ 210.262511] x2 : 0000000000001000 x1 : 0000000000000005 x0 : 0000000000000044\n[ 210.269682] Call trace:\n[ 210.272133] dev_watchdog+0x234/0x240\n[ 210.275811] call_timer_fn+0x3c/0x15c\n[ 210.279489] __run_timers.part.0+0x288/0x310\n[ 210.283777] run_timer_softirq+0x48/0x80\n[ 210.287716] __do_softirq+0x128/0x360\n[ 210.291392] __irq_exit_rcu+0x138/0x140\n[ 210.295243] irq_exit_rcu+0x1c/0x30\n[ 210.298745] el1_interrupt+0x38/0x54\n[ 210.302334] el1h_64_irq_handler+0x18/0x24\n[ 210.306445] el1h_64_irq+0x7c/0x80\n[ 210.309857] arch_cpu_idle+0x18/0x2c\n[ 210.313445] default_idle_call+0x4c/0x140\n[ 210.317470] cpuidle_idle_call+0x14c/0x1a0\n[ 210.321584] do_idle+0xb0/0x100\n[ 210.324737] cpu_startup_entry+0x30/0x8c\n[ 210.328675] secondary_start_kernel+0xe4/0x110\n[ 210.333138] __secondary_switched+0x94/0x98\n\nThe assumption when these were relaxed seems to be that device memory\nwould be mapped non reordering, and that other constructs\n(spinlocks/etc) would provide the barriers to assure that packet data\nand in memory rings/queues were ordered with respect to device\nregister reads/writes. This itself seems a bit sketchy, but the real\nproblem with GCC12 is that it is moving the actual reads/writes around\nat will as though they were independent operations when in truth they\nare not, but the compiler can't know that. When looking at the\nassembly dumps for many of these routines its possible to see very\nclean, but not strictly in program order operations occurring as the\ncompiler would be free to do if these weren't actually register\nreads/write operations.\n\nIts possible to suppress the timeout with a liberal bit of dma_mb()'s\nsprinkled around but the device still seems unable to reliably\nsend/receive data. A better plan is to use the safer readl/writel\neverywhere.\n\nSince this partially reverts an older commit, which notes the use of\nthe relaxed variants for performance reasons. I would suggest that\nany performance problems \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96ec38cf-ef1c-4d90-9e87-ed477b2d2f07.json b/objects/vulnerability/vulnerability--96ec38cf-ef1c-4d90-9e87-ed477b2d2f07.json new file mode 100644 index 00000000000..f67528fc762 --- /dev/null +++ b/objects/vulnerability/vulnerability--96ec38cf-ef1c-4d90-9e87-ed477b2d2f07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2f636c3-e500-4a26-a402-dddc74581d47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96ec38cf-ef1c-4d90-9e87-ed477b2d2f07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.470038Z", + "modified": "2025-02-27T00:38:15.470038Z", + "name": "CVE-2022-49247", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED\n\nIf the callback 'start_streaming' fails, then all\nqueued buffers in the driver should be returned with\nstate 'VB2_BUF_STATE_QUEUED'. Currently, they are\nreturned with 'VB2_BUF_STATE_ERROR' which is wrong.\nFix this. This also fixes the warning:\n\n[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6\n[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14\n[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)\n[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]\n[ 65.592395] sp : ffff800012bc3ad0\n[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8\n[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612\n[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0\n[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff\n[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78\n[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce\n[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228\n[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78\n[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880\n[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0\n[ 65.598940] Call trace:\n[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]\n[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]\n[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]\n[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]\n[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]\n[ 65.601977] video_usercopy+0x320/0x828 [videodev]\n[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]\n[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]\n[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0\n[ 65.603576] invoke_syscall+0x54/0x118\n[ 65.603911] el0_svc_common.constprop.3+0x84/0x100\n[ 65.604332] do_el0_svc+0x34/0xa0\n[ 65.604625] el0_svc+0x1c/0x50\n[ 65.604897] el0t_64_sync_handler+0x88/0xb0\n[ 65.605264] el0t_64_sync+0x16c/0x170\n[ 65.605587] ---[ end trace 578e0ba07742170d ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49247" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9789cf3a-83d5-48da-8713-449bfbd936a0.json b/objects/vulnerability/vulnerability--9789cf3a-83d5-48da-8713-449bfbd936a0.json new file mode 100644 index 00000000000..86fd0d90fb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--9789cf3a-83d5-48da-8713-449bfbd936a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c28cf8e9-3bd2-4a20-9976-e33140579342", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9789cf3a-83d5-48da-8713-449bfbd936a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.358297Z", + "modified": "2025-02-27T00:38:15.358297Z", + "name": "CVE-2022-49419", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup\n\nCommit b3c9a924aab6 (\"fbdev: vesafb: Cleanup fb_info in .fb_destroy rather\nthan .remove\") fixed a use-after-free error due the vesafb driver freeing\nthe fb_info in the .remove handler instead of doing it in .fb_destroy.\n\nThis can happen if the .fb_destroy callback is executed after the .remove\ncallback, since the former tries to access a pointer freed by the latter.\n\nBut that change didn't take into account that another possible scenario is\nthat .fb_destroy is called before the .remove callback. For example, if no\nprocess has the fbdev chardev opened by the time the driver is removed.\n\nIf that's the case, fb_info will be freed when unregister_framebuffer() is\ncalled, making the fb_info pointer accessed in vesafb_remove() after that\nto no longer be valid.\n\nTo prevent that, move the expression containing the info->par to happen\nbefore the unregister_framebuffer() function call.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49419" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--982a4de8-2a92-4a35-adc2-0d78dc733a08.json b/objects/vulnerability/vulnerability--982a4de8-2a92-4a35-adc2-0d78dc733a08.json new file mode 100644 index 00000000000..0039dc8bf53 --- /dev/null +++ b/objects/vulnerability/vulnerability--982a4de8-2a92-4a35-adc2-0d78dc733a08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b23b04ab-b67b-4929-b87f-900b382d6cef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--982a4de8-2a92-4a35-adc2-0d78dc733a08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.416207Z", + "modified": "2025-02-27T00:38:15.416207Z", + "name": "CVE-2022-49532", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes\n\ndrm_cvt_mode may return NULL and we should check it.\n\nThis bug is found by syzkaller:\n\nFAULT_INJECTION stacktrace:\n[ 168.567394] FAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 1\n[ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1\n[ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 168.567408] Call trace:\n[ 168.567414] dump_backtrace+0x0/0x310\n[ 168.567418] show_stack+0x28/0x38\n[ 168.567423] dump_stack+0xec/0x15c\n[ 168.567427] should_fail+0x3ac/0x3d0\n[ 168.567437] __should_failslab+0xb8/0x120\n[ 168.567441] should_failslab+0x28/0xc0\n[ 168.567445] kmem_cache_alloc_trace+0x50/0x640\n[ 168.567454] drm_mode_create+0x40/0x90\n[ 168.567458] drm_cvt_mode+0x48/0xc78\n[ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]\n[ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80\n[ 168.567492] drm_mode_getconnector+0x2e0/0xa70\n[ 168.567496] drm_ioctl_kernel+0x11c/0x1d8\n[ 168.567514] drm_ioctl+0x558/0x6d0\n[ 168.567522] do_vfs_ioctl+0x160/0xf30\n[ 168.567525] ksys_ioctl+0x98/0xd8\n[ 168.567530] __arm64_sys_ioctl+0x50/0xc8\n[ 168.567536] el0_svc_common+0xc8/0x320\n[ 168.567540] el0_svc_handler+0xf8/0x160\n[ 168.567544] el0_svc+0x10/0x218\n\nKASAN stacktrace:\n[ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]\n[ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425\n[ 168.567566]\n[ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1\n[ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 168.567575] Call trace:\n[ 168.567578] dump_backtrace+0x0/0x310\n[ 168.567582] show_stack+0x28/0x38\n[ 168.567586] dump_stack+0xec/0x15c\n[ 168.567591] kasan_report+0x244/0x2f0\n[ 168.567594] __asan_load4+0x58/0xb0\n[ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]\n[ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80\n[ 168.567617] drm_mode_getconnector+0x2e0/0xa70\n[ 168.567621] drm_ioctl_kernel+0x11c/0x1d8\n[ 168.567624] drm_ioctl+0x558/0x6d0\n[ 168.567628] do_vfs_ioctl+0x160/0xf30\n[ 168.567632] ksys_ioctl+0x98/0xd8\n[ 168.567636] __arm64_sys_ioctl+0x50/0xc8\n[ 168.567641] el0_svc_common+0xc8/0x320\n[ 168.567645] el0_svc_handler+0xf8/0x160\n[ 168.567649] el0_svc+0x10/0x218", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49532" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--984e9edc-dd7b-42fd-88b6-2a8cbfcb9cc3.json b/objects/vulnerability/vulnerability--984e9edc-dd7b-42fd-88b6-2a8cbfcb9cc3.json new file mode 100644 index 00000000000..08948190d14 --- /dev/null +++ b/objects/vulnerability/vulnerability--984e9edc-dd7b-42fd-88b6-2a8cbfcb9cc3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ffd7561-4b76-4b9d-9f31-4a63542b1197", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--984e9edc-dd7b-42fd-88b6-2a8cbfcb9cc3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.535648Z", + "modified": "2025-02-27T00:38:15.535648Z", + "name": "CVE-2022-49222", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: anx7625: Fix overflow issue on reading EDID\n\nThe length of EDID block can be longer than 256 bytes, so we should use\n`int` instead of `u8` for the `edid_pos` variable.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98870356-48e6-462b-af14-2ebffef0efec.json b/objects/vulnerability/vulnerability--98870356-48e6-462b-af14-2ebffef0efec.json new file mode 100644 index 00000000000..e0c877fe93e --- /dev/null +++ b/objects/vulnerability/vulnerability--98870356-48e6-462b-af14-2ebffef0efec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e92d9507-b4c6-4f46-ae8d-2da5d3bf6345", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98870356-48e6-462b-af14-2ebffef0efec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.362121Z", + "modified": "2025-02-27T00:38:15.362121Z", + "name": "CVE-2022-49684", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data\n\nof_find_node_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49684" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--988d84d7-93b2-4966-a3ab-d7d324c2ef43.json b/objects/vulnerability/vulnerability--988d84d7-93b2-4966-a3ab-d7d324c2ef43.json new file mode 100644 index 00000000000..6d0e3f16608 --- /dev/null +++ b/objects/vulnerability/vulnerability--988d84d7-93b2-4966-a3ab-d7d324c2ef43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6967682b-91fd-4944-8732-e6c4fd189b70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--988d84d7-93b2-4966-a3ab-d7d324c2ef43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.456621Z", + "modified": "2025-02-27T00:38:15.456621Z", + "name": "CVE-2022-49339", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: unexport __init-annotated seg6_hmac_init()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the caller (net/ipv6/seg6.c)\nand the callee (net/ipv6/seg6_hmac.c) belong to the same module.\nIt seems an internal function call in ipv6.ko.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98b6f722-33a6-47dd-98b3-5e29063b19d7.json b/objects/vulnerability/vulnerability--98b6f722-33a6-47dd-98b3-5e29063b19d7.json new file mode 100644 index 00000000000..1c9bd386747 --- /dev/null +++ b/objects/vulnerability/vulnerability--98b6f722-33a6-47dd-98b3-5e29063b19d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd432e06-e0d9-4d6f-8baf-bd2642143240", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98b6f722-33a6-47dd-98b3-5e29063b19d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.746749Z", + "modified": "2025-02-27T00:38:07.746749Z", + "name": "CVE-2025-25797", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25797" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98df3d07-9809-485b-968e-6f9004ea68b6.json b/objects/vulnerability/vulnerability--98df3d07-9809-485b-968e-6f9004ea68b6.json new file mode 100644 index 00000000000..6a397aa9056 --- /dev/null +++ b/objects/vulnerability/vulnerability--98df3d07-9809-485b-968e-6f9004ea68b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25d78f35-bbca-44b3-9a9c-f118ecc70d0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98df3d07-9809-485b-968e-6f9004ea68b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.41321Z", + "modified": "2025-02-27T00:38:15.41321Z", + "name": "CVE-2022-49142", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: preserve skb_end_offset() in skb_unclone_keeptruesize()\n\nsyzbot found another way to trigger the infamous WARN_ON_ONCE(delta < len)\nin skb_try_coalesce() [1]\n\nI was able to root cause the issue to kfence.\n\nWhen kfence is in action, the following assertion is no longer true:\n\nint size = xxxx;\nvoid *ptr1 = kmalloc(size, gfp);\nvoid *ptr2 = kmalloc(size, gfp);\n\nif (ptr1 && ptr2)\n\tASSERT(ksize(ptr1) == ksize(ptr2));\n\nWe attempted to fix these issues in the blamed commits, but forgot\nthat TCP was possibly shifting data after skb_unclone_keeptruesize()\nhas been used, notably from tcp_retrans_try_collapse().\n\nSo we not only need to keep same skb->truesize value,\nwe also need to make sure TCP wont fill new tailroom\nthat pskb_expand_head() was able to get from a\naddr = kmalloc(...) followed by ksize(addr)\n\nSplit skb_unclone_keeptruesize() into two parts:\n\n1) Inline skb_unclone_keeptruesize() for the common case,\n when skb is not cloned.\n\n2) Out of line __skb_unclone_keeptruesize() for the 'slow path'.\n\nWARNING: CPU: 1 PID: 6490 at net/core/skbuff.c:5295 skb_try_coalesce+0x1235/0x1560 net/core/skbuff.c:5295\nModules linked in:\nCPU: 1 PID: 6490 Comm: syz-executor161 Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:skb_try_coalesce+0x1235/0x1560 net/core/skbuff.c:5295\nCode: bf 01 00 00 00 0f b7 c0 89 c6 89 44 24 20 e8 62 24 4e fa 8b 44 24 20 83 e8 01 0f 85 e5 f0 ff ff e9 87 f4 ff ff e8 cb 20 4e fa <0f> 0b e9 06 f9 ff ff e8 af b2 95 fa e9 69 f0 ff ff e8 95 b2 95 fa\nRSP: 0018:ffffc900063af268 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 00000000ffffffd5 RCX: 0000000000000000\nRDX: ffff88806fc05700 RSI: ffffffff872abd55 RDI: 0000000000000003\nRBP: ffff88806e675500 R08: 00000000ffffffd5 R09: 0000000000000000\nR10: ffffffff872ab659 R11: 0000000000000000 R12: ffff88806dd554e8\nR13: ffff88806dd9bac0 R14: ffff88806dd9a2c0 R15: 0000000000000155\nFS: 00007f18014f9700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020002000 CR3: 000000006be7a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n tcp_try_coalesce net/ipv4/tcp_input.c:4651 [inline]\n tcp_try_coalesce+0x393/0x920 net/ipv4/tcp_input.c:4630\n tcp_queue_rcv+0x8a/0x6e0 net/ipv4/tcp_input.c:4914\n tcp_data_queue+0x11fd/0x4bb0 net/ipv4/tcp_input.c:5025\n tcp_rcv_established+0x81e/0x1ff0 net/ipv4/tcp_input.c:5947\n tcp_v4_do_rcv+0x65e/0x980 net/ipv4/tcp_ipv4.c:1719\n sk_backlog_rcv include/net/sock.h:1037 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2779\n release_sock+0x54/0x1b0 net/core/sock.c:3311\n sk_wait_data+0x177/0x450 net/core/sock.c:2821\n tcp_recvmsg_locked+0xe28/0x1fd0 net/ipv4/tcp.c:2457\n tcp_recvmsg+0x137/0x610 net/ipv4/tcp.c:2572\n inet_recvmsg+0x11b/0x5e0 net/ipv4/af_inet.c:850\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632\n ___sys_recvmsg+0x127/0x200 net/socket.c:2674\n __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--990205ab-dcd3-4ea8-86b7-53060d46080f.json b/objects/vulnerability/vulnerability--990205ab-dcd3-4ea8-86b7-53060d46080f.json new file mode 100644 index 00000000000..c2c4f8177d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--990205ab-dcd3-4ea8-86b7-53060d46080f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab0373ea-e411-4938-9f9f-a12847ade2b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--990205ab-dcd3-4ea8-86b7-53060d46080f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.469063Z", + "modified": "2025-02-27T00:38:15.469063Z", + "name": "CVE-2022-49285", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: mma8452: use the correct logic to get mma8452_data\n\nThe original logic to get mma8452_data is wrong, the *dev point to\nthe device belong to iio_dev. we can't use this dev to find the\ncorrect i2c_client. The original logic happen to work because it\nfinally use dev->driver_data to get iio_dev. Here use the API\nto_i2c_client() is wrong and make reader confuse. To correct the\nlogic, it should be like this\n\n struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));\n\nBut after commit 8b7651f25962 (\"iio: iio_device_alloc(): Remove\nunnecessary self drvdata\"), the upper logic also can't work.\nWhen try to show the avialable scale in userspace, will meet kernel\ndump, kernel handle NULL pointer dereference.\n\nSo use dev_to_iio_dev() to correct the logic.\n\nDual fixes tags as the second reflects when the bug was exposed, whilst\nthe first reflects when the original bug was introduced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49285" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--993e36a4-eb6f-4f19-aa99-dd6bb4e04101.json b/objects/vulnerability/vulnerability--993e36a4-eb6f-4f19-aa99-dd6bb4e04101.json new file mode 100644 index 00000000000..94913feea0e --- /dev/null +++ b/objects/vulnerability/vulnerability--993e36a4-eb6f-4f19-aa99-dd6bb4e04101.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19c2e3e0-f92b-4c38-afe6-e240130042da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--993e36a4-eb6f-4f19-aa99-dd6bb4e04101", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.624665Z", + "modified": "2025-02-27T00:38:15.624665Z", + "name": "CVE-2022-49171", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't BUG if someone dirty pages without asking ext4 first\n\n[un]pin_user_pages_remote is dirtying pages without properly warning\nthe file system in advance. A related race was noted by Jan Kara in\n2018[1]; however, more recently instead of it being a very hard-to-hit\nrace, it could be reliably triggered by process_vm_writev(2) which was\ndiscovered by Syzbot[2].\n\nThis is technically a bug in mm/gup.c, but arguably ext4 is fragile in\nthat if some other kernel subsystem dirty pages without properly\nnotifying the file system using page_mkwrite(), ext4 will BUG, while\nother file systems will not BUG (although data will still be lost).\n\nSo instead of crashing with a BUG, issue a warning (since there may be\npotential data loss) and just mark the page as clean to avoid\nunprivileged denial of service attacks until the problem can be\nproperly fixed. More discussion and background can be found in the\nthread starting at [2].\n\n[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz\n[2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99789a8e-feca-4177-8041-6f5cef43816a.json b/objects/vulnerability/vulnerability--99789a8e-feca-4177-8041-6f5cef43816a.json new file mode 100644 index 00000000000..7512ff4020f --- /dev/null +++ b/objects/vulnerability/vulnerability--99789a8e-feca-4177-8041-6f5cef43816a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38e81056-bfbc-43d1-af32-074225beb409", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99789a8e-feca-4177-8041-6f5cef43816a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.370859Z", + "modified": "2025-02-27T00:38:15.370859Z", + "name": "CVE-2022-49319", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49319" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b0942d9-8ee2-4e8f-9598-aa4f67a40216.json b/objects/vulnerability/vulnerability--9b0942d9-8ee2-4e8f-9598-aa4f67a40216.json new file mode 100644 index 00000000000..db667d19634 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b0942d9-8ee2-4e8f-9598-aa4f67a40216.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e72ce175-bbd6-4f63-b420-69a70f5b6fbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b0942d9-8ee2-4e8f-9598-aa4f67a40216", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.282785Z", + "modified": "2025-02-27T00:38:15.282785Z", + "name": "CVE-2022-49320", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\n\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\n\ndma_alloc_coherent(chan->dev, (2 * chan->desc_size *\n\t\t ZYNQMP_DMA_NUM_DESCS),\n\t\t &chan->desc_pool_p, GFP_KERNEL);\n\ndma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\n ZYNQMP_DMA_NUM_DESCS),\n chan->desc_pool_v, chan->desc_pool_p);\n\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\n\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\n\nAddresses-Coverity: Event overflow_before_widen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b157ad9-efd7-44c5-b481-f26cf93dd501.json b/objects/vulnerability/vulnerability--9b157ad9-efd7-44c5-b481-f26cf93dd501.json new file mode 100644 index 00000000000..d7df3982d47 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b157ad9-efd7-44c5-b481-f26cf93dd501.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1ef0569-2b75-4efa-b046-b71803d667ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b157ad9-efd7-44c5-b481-f26cf93dd501", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.384504Z", + "modified": "2025-02-27T00:38:15.384504Z", + "name": "CVE-2022-49332", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n\nCalls to starget_to_rport() may return NULL. Add check for NULL rport\nbefore dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49332" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b53526d-5915-4ee7-ac86-7414ceb2437b.json b/objects/vulnerability/vulnerability--9b53526d-5915-4ee7-ac86-7414ceb2437b.json new file mode 100644 index 00000000000..49545b3da01 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b53526d-5915-4ee7-ac86-7414ceb2437b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ca52851-9ff8-4736-9c8a-66e6863ca5bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b53526d-5915-4ee7-ac86-7414ceb2437b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.616908Z", + "modified": "2025-02-27T00:38:01.616908Z", + "name": "CVE-2024-13634", + "description": "The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b5a01d9-783b-4699-8900-d18b69c98dcb.json b/objects/vulnerability/vulnerability--9b5a01d9-783b-4699-8900-d18b69c98dcb.json new file mode 100644 index 00000000000..e030e91c9f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b5a01d9-783b-4699-8900-d18b69c98dcb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd08a9ed-6e23-4ad3-9fc2-e5ef4bcd3485", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b5a01d9-783b-4699-8900-d18b69c98dcb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.423942Z", + "modified": "2025-02-27T00:38:15.423942Z", + "name": "CVE-2022-49252", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: rx-macro: fix accessing array out of bounds for enum type\n\nAccessing enums using integer would result in array out of bounds access\non platforms like aarch64 where sizeof(long) is 8 compared to enum size\nwhich is 4 bytes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49252" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b939853-6a90-4feb-ac9e-1e86d5dccac1.json b/objects/vulnerability/vulnerability--9b939853-6a90-4feb-ac9e-1e86d5dccac1.json new file mode 100644 index 00000000000..b895643200f --- /dev/null +++ b/objects/vulnerability/vulnerability--9b939853-6a90-4feb-ac9e-1e86d5dccac1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3bfc30e4-384b-4e08-a2e3-1e2f63d37e49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b939853-6a90-4feb-ac9e-1e86d5dccac1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.594538Z", + "modified": "2025-02-27T00:38:15.594538Z", + "name": "CVE-2022-49436", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/papr_scm: Fix leaking nvdimm_events_map elements\n\nRight now 'char *' elements allocated for individual 'stat_id' in\n'papr_scm_priv.nvdimm_events_map[]' during papr_scm_pmu_check_events(), get\nleaked in papr_scm_remove() and papr_scm_pmu_register(),\npapr_scm_pmu_check_events() error paths.\n\nAlso individual 'stat_id' arent NULL terminated 'char *' instead they are fixed\n8-byte sized identifiers. However papr_scm_pmu_register() assumes it to be a\nNULL terminated 'char *' and at other places it assumes it to be a\n'papr_scm_perf_stat.stat_id' sized string which is 8-byes in size.\n\nFix this by allocating the memory for papr_scm_priv.nvdimm_events_map to also\ninclude space for 'stat_id' entries. This is possible since number of available\nevents/stat_ids are known upfront. This saves some memory and one extra level of\nindirection from 'nvdimm_events_map' to 'stat_id'. Also rest of the code\ncan continue to call 'kfree(papr_scm_priv.nvdimm_events_map)' without needing to\niterate over the array and free up individual elements.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49436" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c161991-eb2d-4f68-b8b4-bf1e50f1ba15.json b/objects/vulnerability/vulnerability--9c161991-eb2d-4f68-b8b4-bf1e50f1ba15.json new file mode 100644 index 00000000000..173a4b6c969 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c161991-eb2d-4f68-b8b4-bf1e50f1ba15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b8c8efb-4160-4445-b570-2e4fd378ef70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c161991-eb2d-4f68-b8b4-bf1e50f1ba15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.451887Z", + "modified": "2025-02-27T00:38:15.451887Z", + "name": "CVE-2022-49669", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race on unaccepted mptcp sockets\n\nWhen the listener socket owning the relevant request is closed,\nit frees the unaccepted subflows and that causes later deletion\nof the paired MPTCP sockets.\n\nThe mptcp socket's worker can run in the time interval between such delete\noperations. When that happens, any access to msk->first will cause an UaF\naccess, as the subflow cleanup did not cleared such field in the mptcp\nsocket.\n\nAddress the issue explicitly traversing the listener socket accept\nqueue at close time and performing the needed cleanup on the pending\nmsk.\n\nNote that the locking is a bit tricky, as we need to acquire the msk\nsocket lock, while still owning the subflow socket one.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c7c4f94-d1f3-44f9-9c67-7289abb40e77.json b/objects/vulnerability/vulnerability--9c7c4f94-d1f3-44f9-9c67-7289abb40e77.json new file mode 100644 index 00000000000..0afa46a00b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c7c4f94-d1f3-44f9-9c67-7289abb40e77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce539a35-e7b3-409a-a2b9-186b73848226", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c7c4f94-d1f3-44f9-9c67-7289abb40e77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.390448Z", + "modified": "2025-02-27T00:38:15.390448Z", + "name": "CVE-2022-49653", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: piix4: Fix a memory leak in the EFCH MMIO support\n\nThe recently added support for EFCH MMIO regions introduced a memory\nleak in that code path. The leak is caused by the fact that\nrelease_resource() merely removes the resource from the tree but does\nnot free its memory. We need to call release_mem_region() instead,\nwhich does free the memory. As a nice side effect, this brings back\nsome symmetry between the legacy and MMIO paths.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d7093ca-b3b2-43a9-a16c-41cc23b5a6fd.json b/objects/vulnerability/vulnerability--9d7093ca-b3b2-43a9-a16c-41cc23b5a6fd.json new file mode 100644 index 00000000000..0b261ed3585 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d7093ca-b3b2-43a9-a16c-41cc23b5a6fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a46973c-1574-4dbf-97b2-a98fc132bbfa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d7093ca-b3b2-43a9-a16c-41cc23b5a6fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.502245Z", + "modified": "2025-02-27T00:38:15.502245Z", + "name": "CVE-2022-49509", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: max9286: fix kernel oops when removing module\n\nWhen removing the max9286 module we get a kernel oops:\n\nUnable to handle kernel paging request at virtual address 000000aa00000094\nMem abort info:\n ESR = 0x96000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000\n[000000aa00000094] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 96000004 [#1] PREEMPT SMP\nModules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec\nCPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5\nHardware name: Freescale i.MX8QXP MEK (DT)\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : i2c_mux_del_adapters+0x24/0xf0\nlr : max9286_remove+0x28/0xd0 [max9286]\nsp : ffff800013a9bbf0\nx29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000\nx20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8\nx11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000\nCall trace:\n i2c_mux_del_adapters+0x24/0xf0\n max9286_remove+0x28/0xd0 [max9286]\n i2c_device_remove+0x40/0x110\n __device_release_driver+0x188/0x234\n driver_detach+0xc4/0x150\n bus_remove_driver+0x60/0xe0\n driver_unregister+0x34/0x64\n i2c_del_driver+0x58/0xa0\n max9286_i2c_driver_exit+0x1c/0x490 [max9286]\n __arm64_sys_delete_module+0x194/0x260\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xd4/0xfc\n do_el0_svc+0x2c/0x94\n el0_svc+0x28/0x80\n el0t_64_sync_handler+0xa8/0x130\n el0t_64_sync+0x1a0/0x1a4\n\nThe Oops happens because the I2C client data does not point to\nmax9286_priv anymore but to v4l2_subdev. The change happened in\nmax9286_init() which calls v4l2_i2c_subdev_init() later on...\n\nBesides fixing the max9286_remove() function, remove the call to\ni2c_set_clientdata() in max9286_probe(), to avoid confusion, and make\nthe necessary changes to max9286_init() so that it doesn't have to use\ni2c_get_clientdata() in order to fetch the pointer to priv.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d7bd40e-9e23-4f2f-a70b-6e65727edba5.json b/objects/vulnerability/vulnerability--9d7bd40e-9e23-4f2f-a70b-6e65727edba5.json new file mode 100644 index 00000000000..2d20f7e5df4 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d7bd40e-9e23-4f2f-a70b-6e65727edba5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a42ca4b9-8db1-4822-8598-4ded50e9f568", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d7bd40e-9e23-4f2f-a70b-6e65727edba5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.715315Z", + "modified": "2025-02-27T00:38:15.715315Z", + "name": "CVE-2022-49044", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm integrity: fix memory corruption when tag_size is less than digest size\n\nIt is possible to set up dm-integrity in such a way that the\n\"tag_size\" parameter is less than the actual digest size. In this\nsituation, a part of the digest beyond tag_size is ignored.\n\nIn this case, dm-integrity would write beyond the end of the\nic->recalc_tags array and corrupt memory. The corruption happened in\nintegrity_recalc->integrity_sector_checksum->crypto_shash_final.\n\nFix this corruption by increasing the tags array so that it has enough\npadding at the end to accomodate the loop in integrity_recalc() being\nable to write a full digest size for the last member of the tags\narray.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49044" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e229cf4-0dc7-44ba-bc58-2cd7cdd86544.json b/objects/vulnerability/vulnerability--9e229cf4-0dc7-44ba-bc58-2cd7cdd86544.json new file mode 100644 index 00000000000..1d94278ecf8 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e229cf4-0dc7-44ba-bc58-2cd7cdd86544.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbfae27f-86bf-4100-b404-328e2d980fef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e229cf4-0dc7-44ba-bc58-2cd7cdd86544", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.241682Z", + "modified": "2025-02-27T00:38:15.241682Z", + "name": "CVE-2022-49492", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags\n\nIn nvme_alloc_admin_tags, the admin_q can be set to an error (typically\n-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which\nis checked immediately after the call. However, when we return the error\nmessage up the stack, to nvme_reset_work the error takes us to\nnvme_remove_dead_ctrl()\n nvme_dev_disable()\n nvme_suspend_queue(&dev->queues[0]).\n\nHere, we only check that the admin_q is non-NULL, rather than not\nan error or NULL, and begin quiescing a queue that never existed, leading\nto bad / NULL pointer dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e35d0b5-8966-40f2-b5b7-a9485dc13fcf.json b/objects/vulnerability/vulnerability--9e35d0b5-8966-40f2-b5b7-a9485dc13fcf.json new file mode 100644 index 00000000000..6512f2ca398 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e35d0b5-8966-40f2-b5b7-a9485dc13fcf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3e0fdfb-189a-4ebe-9050-6b3938fbe3ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e35d0b5-8966-40f2-b5b7-a9485dc13fcf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.239471Z", + "modified": "2025-02-27T00:38:15.239471Z", + "name": "CVE-2022-49070", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix unregistering of framebuffers without device\n\nOF framebuffers do not have an underlying device in the Linux\ndevice hierarchy. Do a regular unregister call instead of hot\nunplugging such a non-existing device. Fixes a NULL dereference.\nAn example error message on ppc64le is shown below.\n\n BUG: Kernel NULL pointer dereference on read at 0x00000060\n Faulting instruction address: 0xc00000000080dfa4\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\n [...]\n CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1\n NIP: c00000000080dfa4 LR: c00000000080df9c CTR: c000000000797430\n REGS: c000000004132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365)\n MSR: 8000000002009033 CR: 28228282 XER: 20000000\n CFAR: c00000000000c80c DAR: 0000000000000060 DSISR: 40000000 IRQMASK: 0\n GPR00: c00000000080df9c c000000004133280 c00000000169d200 0000000000000029\n GPR04: 00000000ffffefff c000000004132f90 c000000004132f88 0000000000000000\n GPR08: c0000000015658f8 c0000000015cd200 c0000000014f57d0 0000000048228283\n GPR12: 0000000000000000 c00000003fffe300 0000000020000000 0000000000000000\n GPR16: 0000000000000000 0000000113fc4a40 0000000000000005 0000000113fcfb80\n GPR20: 000001000f7283b0 0000000000000000 c000000000e4a588 c000000000e4a5b0\n GPR24: 0000000000000001 00000000000a0000 c008000000db0168 c0000000021f6ec0\n GPR28: c0000000016d65a8 c000000004b36460 0000000000000000 c0000000016d64b0\n NIP [c00000000080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0\n [c000000004133280] [c00000000080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable)\n [c000000004133350] [c00000000080e4d0] remove_conflicting_framebuffers+0x60/0x150\n [c0000000041333a0] [c00000000080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0\n [c000000004133450] [c008000000e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm]\n [c000000004133490] [c008000000da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs]\n [...]\n [c000000004133db0] [c00000000002aaa0] system_call_exception+0x170/0x2d0\n [c000000004133e10] [c00000000000c3cc] system_call_common+0xec/0x250\n\nThe bug [1] was introduced by commit 27599aacbaef (\"fbdev: Hot-unplug\nfirmware fb devices on forced removal\"). Most firmware framebuffers\nhave an underlying platform device, which can be hot-unplugged\nbefore loading the native graphics driver. OF framebuffers do not\n(yet) have that device. Fix the code by unregistering the framebuffer\nas before without a hot unplug.\n\nTested with 5.17 on qemu ppc64le emulation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49070" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e80ba3a-1e72-41ce-af76-550526653f2a.json b/objects/vulnerability/vulnerability--9e80ba3a-1e72-41ce-af76-550526653f2a.json new file mode 100644 index 00000000000..3260b01f846 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e80ba3a-1e72-41ce-af76-550526653f2a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02aec3c7-f239-47ec-b9b8-33af28dd8341", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e80ba3a-1e72-41ce-af76-550526653f2a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.54314Z", + "modified": "2025-02-27T00:38:15.54314Z", + "name": "CVE-2022-49441", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix deadlock caused by calling printk() under tty_port->lock\n\npty_write() invokes kmalloc() which may invoke a normal printk() to print\nfailure message. This can cause a deadlock in the scenario reported by\nsyz-bot below:\n\n CPU0 CPU1 CPU2\n ---- ---- ----\n lock(console_owner);\n lock(&port_lock_key);\n lock(&port->lock);\n lock(&port_lock_key);\n lock(&port->lock);\n lock(console_owner);\n\nAs commit dbdda842fe96 (\"printk: Add console owner and waiter logic to\nload balance console writes\") said, such deadlock can be prevented by\nusing printk_deferred() in kmalloc() (which is invoked in the section\nguarded by the port->lock). But there are too many printk() on the\nkmalloc() path, and kmalloc() can be called from anywhere, so changing\nprintk() to printk_deferred() is too complicated and inelegant.\n\nTherefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so\nthat printk() will not be called, and this deadlock problem can be\navoided.\n\nSyzbot reported the following lockdep error:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.4.143-00237-g08ccc19a-dirty #10 Not tainted\n------------------------------------------------------\nsyz-executor.4/29420 is trying to acquire lock:\nffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline]\nffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023\n\nbut task is already holding lock:\nffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (&port->lock){-.-.}-{2:2}:\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159\n tty_port_tty_get drivers/tty/tty_port.c:288 [inline] \t\t<-- lock(&port->lock);\n tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47\n serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767\n serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854\n serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] \t<-- lock(&port_lock_key);\n serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870\n serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126\n __handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156\n [...]\n\n-> #1 (&port_lock_key){-.-.}-{2:2}:\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159\n serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198\n\t\t\t\t\t\t\t\t\t\t<-- lock(&port_lock_key);\n call_console_drivers kernel/printk/printk.c:1819 [inline]\n console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504\n vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024\t\t\t<-- lock(console_owner);\n vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394\n printk+0xba/0xed kernel/printk/printk.c:2084\n register_console+0x8b3/0xc10 kernel/printk/printk.c:2829\n univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681\n console_init+0x49d/0x6d3 kernel/printk/printk.c:2915\n start_kernel+0x5e9/0x879 init/main.c:713\n secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241\n\n-> #0 (console_owner){....}-{0:0}:\n [...]\n lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734\n console_trylock_spinning kernel/printk/printk.c:1773 \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49441" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e83c2e6-ea27-4d61-b5bd-fa48d9fd7499.json b/objects/vulnerability/vulnerability--9e83c2e6-ea27-4d61-b5bd-fa48d9fd7499.json new file mode 100644 index 00000000000..f48b15fa451 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e83c2e6-ea27-4d61-b5bd-fa48d9fd7499.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19825db6-d143-45e2-b77f-ac264a2f181f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e83c2e6-ea27-4d61-b5bd-fa48d9fd7499", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.613304Z", + "modified": "2025-02-27T00:38:15.613304Z", + "name": "CVE-2022-49081", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhighmem: fix checks in __kmap_local_sched_{in,out}\n\nWhen CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check\nthat even slots in the tsk->kmap_ctrl.pteval are unmapped. The slots are\ninitialized with 0 value, but the check is done with pte_none. 0 pte\nhowever does not necessarily mean that pte_none will return true. e.g.\non xtensa it returns false, resulting in the following runtime warnings:\n\n WARNING: CPU: 0 PID: 101 at mm/highmem.c:627 __kmap_local_sched_out+0x51/0x108\n CPU: 0 PID: 101 Comm: touch Not tainted 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13\n Call Trace:\n dump_stack+0xc/0x40\n __warn+0x8f/0x174\n warn_slowpath_fmt+0x48/0xac\n __kmap_local_sched_out+0x51/0x108\n __schedule+0x71a/0x9c4\n preempt_schedule_irq+0xa0/0xe0\n common_exception_return+0x5c/0x93\n do_wp_page+0x30e/0x330\n handle_mm_fault+0xa70/0xc3c\n do_page_fault+0x1d8/0x3c4\n common_exception+0x7f/0x7f\n\n WARNING: CPU: 0 PID: 101 at mm/highmem.c:664 __kmap_local_sched_in+0x50/0xe0\n CPU: 0 PID: 101 Comm: touch Tainted: G W 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13\n Call Trace:\n dump_stack+0xc/0x40\n __warn+0x8f/0x174\n warn_slowpath_fmt+0x48/0xac\n __kmap_local_sched_in+0x50/0xe0\n finish_task_switch$isra$0+0x1ce/0x2f8\n __schedule+0x86e/0x9c4\n preempt_schedule_irq+0xa0/0xe0\n common_exception_return+0x5c/0x93\n do_wp_page+0x30e/0x330\n handle_mm_fault+0xa70/0xc3c\n do_page_fault+0x1d8/0x3c4\n common_exception+0x7f/0x7f\n\nFix it by replacing !pte_none(pteval) with pte_val(pteval) != 0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49081" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f4f2ccd-45cf-4acf-a8d3-fe4216821e01.json b/objects/vulnerability/vulnerability--9f4f2ccd-45cf-4acf-a8d3-fe4216821e01.json new file mode 100644 index 00000000000..931d0dec01e --- /dev/null +++ b/objects/vulnerability/vulnerability--9f4f2ccd-45cf-4acf-a8d3-fe4216821e01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a96fa498-e253-450a-9106-31701ff74c34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f4f2ccd-45cf-4acf-a8d3-fe4216821e01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.162472Z", + "modified": "2025-02-27T00:38:11.162472Z", + "name": "CVE-2021-47645", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com\n\nOn the case tmp_dcim=1, the index of buffer is miscalculated.\nThis generate a NULL pointer dereference later.\n\nSo let's fix the calcul and add a check to prevent this to reappear.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f86db42-66a6-42f0-a4bd-a93305ceba3a.json b/objects/vulnerability/vulnerability--9f86db42-66a6-42f0-a4bd-a93305ceba3a.json new file mode 100644 index 00000000000..a3fa6508258 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f86db42-66a6-42f0-a4bd-a93305ceba3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--391d8b85-5c87-447c-a5de-4d9083b41e83", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f86db42-66a6-42f0-a4bd-a93305ceba3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.625705Z", + "modified": "2025-02-27T00:38:15.625705Z", + "name": "CVE-2022-49444", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: fix [e_shstrndx].sh_size=0 OOB access\n\nIt is trivial to craft a module to trigger OOB access in this line:\n\n\tif (info->secstrings[strhdr->sh_size - 1] != '\\0') {\n\nBUG: unable to handle page fault for address: ffffc90000aa0fff\nPGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014\nRIP: 0010:load_module+0x19b/0x2391\n\n[rebased patch onto modules-next]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49444" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9fa2d9cd-63e4-44b0-8489-f965b2682c95.json b/objects/vulnerability/vulnerability--9fa2d9cd-63e4-44b0-8489-f965b2682c95.json new file mode 100644 index 00000000000..ee1815f9f67 --- /dev/null +++ b/objects/vulnerability/vulnerability--9fa2d9cd-63e4-44b0-8489-f965b2682c95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbb03a07-ddf8-4c03-8ef2-cd7ee7d2a081", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9fa2d9cd-63e4-44b0-8489-f965b2682c95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:02.569871Z", + "modified": "2025-02-27T00:38:02.569871Z", + "name": "CVE-2024-47053", + "description": "This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n * Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions > View Own\" and \"Reporting Permissions > View Others\" permissions, which should restrict access to non-System Reports.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47053" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9fbe7dc5-0558-43e0-9b3a-c57299d20c26.json b/objects/vulnerability/vulnerability--9fbe7dc5-0558-43e0-9b3a-c57299d20c26.json new file mode 100644 index 00000000000..b00ec932bf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--9fbe7dc5-0558-43e0-9b3a-c57299d20c26.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f603779-ef56-4d96-8a94-01371ac2a5c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9fbe7dc5-0558-43e0-9b3a-c57299d20c26", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.6993Z", + "modified": "2025-02-27T00:38:15.6993Z", + "name": "CVE-2022-49639", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncipso: Fix data-races around sysctl.\n\nWhile reading cipso sysctl variables, they can be changed concurrently.\nSo, we need to add READ_ONCE() to avoid data-races.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49639" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9fc5f2bd-4763-4dbc-aa21-b39e74a34070.json b/objects/vulnerability/vulnerability--9fc5f2bd-4763-4dbc-aa21-b39e74a34070.json new file mode 100644 index 00000000000..ebe4ae79c89 --- /dev/null +++ b/objects/vulnerability/vulnerability--9fc5f2bd-4763-4dbc-aa21-b39e74a34070.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad21e583-ad5e-4135-8178-afc122cecac4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9fc5f2bd-4763-4dbc-aa21-b39e74a34070", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.649305Z", + "modified": "2025-02-27T00:38:15.649305Z", + "name": "CVE-2022-49192", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool\n\ncpsw_ethtool_begin directly returns the result of pm_runtime_get_sync\nwhen successful.\npm_runtime_get_sync returns -error code on failure and 0 on successful\nresume but also 1 when the device is already active. So the common case\nfor cpsw_ethtool_begin is to return 1. That leads to inconsistent calls\nto pm_runtime_put in the call-chain so that pm_runtime_put is called\none too many times and as result leaving the cpsw dev behind suspended.\n\nThe suspended cpsw dev leads to an access violation later on by\ndifferent parts of the cpsw driver.\n\nFix this by calling the return-friendly pm_runtime_resume_and_get\nfunction.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49192" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0060576-b535-46eb-bd04-5a8819f8a076.json b/objects/vulnerability/vulnerability--a0060576-b535-46eb-bd04-5a8819f8a076.json new file mode 100644 index 00000000000..26f81d6b9a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0060576-b535-46eb-bd04-5a8819f8a076.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5e59471-ea0e-4526-aa65-3c6b9e25152e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0060576-b535-46eb-bd04-5a8819f8a076", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.328993Z", + "modified": "2025-02-27T00:38:15.328993Z", + "name": "CVE-2022-49528", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: dw9714: Disable the regulator when the driver fails to probe\n\nWhen the driver fails to probe, we will get the following splat:\n\n[ 59.305988] ------------[ cut here ]------------\n[ 59.306417] WARNING: CPU: 2 PID: 395 at drivers/regulator/core.c:2257 _regulator_put+0x3ec/0x4e0\n[ 59.310345] RIP: 0010:_regulator_put+0x3ec/0x4e0\n[ 59.318362] Call Trace:\n[ 59.318582] \n[ 59.318765] regulator_put+0x1f/0x30\n[ 59.319058] devres_release_group+0x319/0x3d0\n[ 59.319420] i2c_device_probe+0x766/0x940\n\nFix this by disabling the regulator in error handling.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49528" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0744377-b603-4e20-b7a7-84754496d62f.json b/objects/vulnerability/vulnerability--a0744377-b603-4e20-b7a7-84754496d62f.json new file mode 100644 index 00000000000..a76d748177a --- /dev/null +++ b/objects/vulnerability/vulnerability--a0744377-b603-4e20-b7a7-84754496d62f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85939317-b301-4a30-b7d9-e16babb88884", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0744377-b603-4e20-b7a7-84754496d62f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.586036Z", + "modified": "2025-02-27T00:38:15.586036Z", + "name": "CVE-2022-49345", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xfrm: unexport __init-annotated xfrm4_protocol_init()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\nnet/ipv4/xfrm4_policy.c is never compiled as modular.\n(CONFIG_XFRM is boolean)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a149eb67-f078-4cc3-a882-7beba72a924d.json b/objects/vulnerability/vulnerability--a149eb67-f078-4cc3-a882-7beba72a924d.json new file mode 100644 index 00000000000..2383b5d2149 --- /dev/null +++ b/objects/vulnerability/vulnerability--a149eb67-f078-4cc3-a882-7beba72a924d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21e06c80-0e3e-413d-b01e-b943a3e71eed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a149eb67-f078-4cc3-a882-7beba72a924d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.313645Z", + "modified": "2025-02-27T00:38:15.313645Z", + "name": "CVE-2022-49342", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1b3d579-d94b-4f87-96e9-f584c476d8b5.json b/objects/vulnerability/vulnerability--a1b3d579-d94b-4f87-96e9-f584c476d8b5.json new file mode 100644 index 00000000000..70591170093 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1b3d579-d94b-4f87-96e9-f584c476d8b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8940b966-7def-4880-94e6-9afcb24f5969", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1b3d579-d94b-4f87-96e9-f584c476d8b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.385728Z", + "modified": "2025-02-27T00:38:15.385728Z", + "name": "CVE-2022-49087", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: fix a race in rxrpc_exit_net()\n\nCurrent code can lead to the following race:\n\nCPU0 CPU1\n\nrxrpc_exit_net()\n rxrpc_peer_keepalive_worker()\n if (rxnet->live)\n\n rxnet->live = false;\n del_timer_sync(&rxnet->peer_keepalive_timer);\n\n timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay);\n\n cancel_work_sync(&rxnet->peer_keepalive_work);\n\nrxrpc_exit_net() exits while peer_keepalive_timer is still armed,\nleading to use-after-free.\n\nsyzbot report was:\n\nODEBUG: free active (active state 0) object type: timer_list hint: rxrpc_peer_keepalive_timeout+0x0/0xb0\nWARNING: CPU: 0 PID: 3660 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505\nModules linked in:\nCPU: 0 PID: 3660 Comm: kworker/u4:6 Not tainted 5.17.0-syzkaller-13993-g88e6c0207623 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nRIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505\nCode: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 00 1c 26 8a 4c 89 ee 48 c7 c7 00 10 26 8a e8 b1 e7 28 05 <0f> 0b 83 05 15 eb c5 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3\nRSP: 0018:ffffc9000353fb00 EFLAGS: 00010082\nRAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000\nRDX: ffff888029196140 RSI: ffffffff815efad8 RDI: fffff520006a7f52\nRBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffffff815ea4ae R11: 0000000000000000 R12: ffffffff89ce23e0\nR13: ffffffff8a2614e0 R14: ffffffff816628c0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe1f2908924 CR3: 0000000043720000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __debug_check_no_obj_freed lib/debugobjects.c:992 [inline]\n debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1023\n kfree+0xd6/0x310 mm/slab.c:3809\n ops_free_list.part.0+0x119/0x370 net/core/net_namespace.c:176\n ops_free_list net/core/net_namespace.c:174 [inline]\n cleanup_net+0x591/0xb00 net/core/net_namespace.c:598\n process_one_work+0x996/0x1610 kernel/workqueue.c:2289\n worker_thread+0x665/0x1080 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49087" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1b6cd89-dd36-468f-9b29-bb1aa8ac275c.json b/objects/vulnerability/vulnerability--a1b6cd89-dd36-468f-9b29-bb1aa8ac275c.json new file mode 100644 index 00000000000..253483a90e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1b6cd89-dd36-468f-9b29-bb1aa8ac275c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--058b1a9e-3f26-4301-9739-cb3404965c03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1b6cd89-dd36-468f-9b29-bb1aa8ac275c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.6831Z", + "modified": "2025-02-27T00:38:15.6831Z", + "name": "CVE-2022-49675", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/nohz: unexport __init-annotated tick_nohz_full_setup()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it had been broken for a decade.\n\nCommit 28438794aba4 (\"modpost: fix section mismatch check for exported\ninit/exit sections\") fixed it so modpost started to warn it again, then\nthis showed up:\n\n MODPOST vmlinux.symvers\n WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()\n The symbol tick_nohz_full_setup is exported and annotated __init\n Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.\n\nDrop the export because tick_nohz_full_setup() is only called from the\nbuilt-in code in kernel/sched/isolation.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1e12b99-951c-43af-bdce-f71bba6126fc.json b/objects/vulnerability/vulnerability--a1e12b99-951c-43af-bdce-f71bba6126fc.json new file mode 100644 index 00000000000..aa52275b241 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1e12b99-951c-43af-bdce-f71bba6126fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0dea4d8-f7c0-44e7-a994-605e8789273a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1e12b99-951c-43af-bdce-f71bba6126fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.647746Z", + "modified": "2025-02-27T00:38:01.647746Z", + "name": "CVE-2024-13630", + "description": "The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2dc4f2a-0956-402f-bfc0-c839f67dfd46.json b/objects/vulnerability/vulnerability--a2dc4f2a-0956-402f-bfc0-c839f67dfd46.json new file mode 100644 index 00000000000..7162550e503 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2dc4f2a-0956-402f-bfc0-c839f67dfd46.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f85b2c52-57cf-4419-8a7b-7a201fdba104", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2dc4f2a-0956-402f-bfc0-c839f67dfd46", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.111421Z", + "modified": "2025-02-27T00:38:04.111421Z", + "name": "CVE-2024-50686", + "description": "SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50686" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3485740-2e64-4428-a77b-8e651c30eafd.json b/objects/vulnerability/vulnerability--a3485740-2e64-4428-a77b-8e651c30eafd.json new file mode 100644 index 00000000000..e086c8ab3db --- /dev/null +++ b/objects/vulnerability/vulnerability--a3485740-2e64-4428-a77b-8e651c30eafd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1461a43-3666-40f6-8f62-7c9226c484e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3485740-2e64-4428-a77b-8e651c30eafd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.294145Z", + "modified": "2025-02-27T00:38:15.294145Z", + "name": "CVE-2022-49631", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nraw: Fix a data-race around sysctl_raw_l3mdev_accept.\n\nWhile reading sysctl_raw_l3mdev_accept, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its reader.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3be4478-caa3-45a2-833b-6b8cac6a0cd3.json b/objects/vulnerability/vulnerability--a3be4478-caa3-45a2-833b-6b8cac6a0cd3.json new file mode 100644 index 00000000000..50f5b5908f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3be4478-caa3-45a2-833b-6b8cac6a0cd3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--932197d2-f749-4200-8ce3-b55dab22cc50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3be4478-caa3-45a2-833b-6b8cac6a0cd3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.352138Z", + "modified": "2025-02-27T00:38:15.352138Z", + "name": "CVE-2022-49469", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49469" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3ddbc68-e6dd-4bc4-921f-6df04cb311fc.json b/objects/vulnerability/vulnerability--a3ddbc68-e6dd-4bc4-921f-6df04cb311fc.json new file mode 100644 index 00000000000..430ad78b0bb --- /dev/null +++ b/objects/vulnerability/vulnerability--a3ddbc68-e6dd-4bc4-921f-6df04cb311fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af98fc70-ef26-4041-b2df-442ffa7d7380", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3ddbc68-e6dd-4bc4-921f-6df04cb311fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.19845Z", + "modified": "2025-02-27T00:38:11.19845Z", + "name": "CVE-2021-47636", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()\n\nFunction ubifs_wbuf_write_nolock() may access buf out of bounds in\nfollowing process:\n\nubifs_wbuf_write_nolock():\n aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096\n if (aligned_len <= wbuf->avail) ... // Not satisfy\n if (wbuf->used) {\n ubifs_leb_write() // Fill some data in avail wbuf\n len -= wbuf->avail; // len is still not 8-bytes aligned\n aligned_len -= wbuf->avail;\n }\n n = aligned_len >> c->max_write_shift;\n if (n) {\n n <<= c->max_write_shift;\n err = ubifs_leb_write(c, wbuf->lnum, buf + written,\n wbuf->offs, n);\n // n > len, read out of bounds less than 8(n-len) bytes\n }\n\n, which can be catched by KASAN:\n =========================================================\n BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0\n Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128\n Workqueue: writeback wb_workfn (flush-ubifs_0_0)\n Call Trace:\n kasan_report.cold+0x81/0x165\n nand_write_page_swecc+0xa9/0x160\n ubifs_leb_write+0xf2/0x1b0 [ubifs]\n ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs]\n write_head+0xdc/0x1c0 [ubifs]\n ubifs_jnl_write_inode+0x627/0x960 [ubifs]\n wb_workfn+0x8af/0xb80\n\nFunction ubifs_wbuf_write_nolock() accepts that parameter 'len' is not 8\nbytes aligned, the 'len' represents the true length of buf (which is\nallocated in 'ubifs_jnl_xxx', eg. ubifs_jnl_write_inode), so\nubifs_wbuf_write_nolock() must handle the length read from 'buf' carefully\nto write leb safely.\n\nFetch a reproducer in [Link].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a56a01da-4daa-4c51-b369-9216f501589e.json b/objects/vulnerability/vulnerability--a56a01da-4daa-4c51-b369-9216f501589e.json new file mode 100644 index 00000000000..08f7066a91c --- /dev/null +++ b/objects/vulnerability/vulnerability--a56a01da-4daa-4c51-b369-9216f501589e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a5703f4-af96-412a-bdcc-fc64d1d9abdb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a56a01da-4daa-4c51-b369-9216f501589e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.732335Z", + "modified": "2025-02-27T00:38:15.732335Z", + "name": "CVE-2022-49095", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()\n\nThe error handling path of the probe releases a resource that is not freed\nin the remove function. In some cases, a ioremap() must be undone.\n\nAdd the missing iounmap() call in the remove function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49095" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a59e0535-5844-40d0-af14-378f9f7bfcf8.json b/objects/vulnerability/vulnerability--a59e0535-5844-40d0-af14-378f9f7bfcf8.json new file mode 100644 index 00000000000..fc2b02a6f93 --- /dev/null +++ b/objects/vulnerability/vulnerability--a59e0535-5844-40d0-af14-378f9f7bfcf8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5ce37ca-34e9-4326-b1d7-848729941370", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a59e0535-5844-40d0-af14-378f9f7bfcf8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.728437Z", + "modified": "2025-02-27T00:38:15.728437Z", + "name": "CVE-2022-49481", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt\n\nof_node_get() returns a node with refcount incremented.\nCalling of_node_put() to drop the reference when not needed anymore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5ace224-81e2-46b0-a8f5-70258baab2df.json b/objects/vulnerability/vulnerability--a5ace224-81e2-46b0-a8f5-70258baab2df.json new file mode 100644 index 00000000000..acecd764d5a --- /dev/null +++ b/objects/vulnerability/vulnerability--a5ace224-81e2-46b0-a8f5-70258baab2df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--846a0acc-895d-4774-88b6-cc261c033ed5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5ace224-81e2-46b0-a8f5-70258baab2df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.79323Z", + "modified": "2025-02-27T00:38:15.79323Z", + "name": "CVE-2022-49290", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix potential double free on mesh join\n\nWhile commit 6a01afcf8468 (\"mac80211: mesh: Free ie data when leaving\nmesh\") fixed a memory leak on mesh leave / teardown it introduced a\npotential memory corruption caused by a double free when rejoining the\nmesh:\n\n ieee80211_leave_mesh()\n -> kfree(sdata->u.mesh.ie);\n ...\n ieee80211_join_mesh()\n -> copy_mesh_setup()\n -> old_ie = ifmsh->ie;\n -> kfree(old_ie);\n\nThis double free / kernel panics can be reproduced by using wpa_supplicant\nwith an encrypted mesh (if set up without encryption via \"iw\" then\nifmsh->ie is always NULL, which avoids this issue). And then calling:\n\n $ iw dev mesh0 mesh leave\n $ iw dev mesh0 mesh join my-mesh\n\nNote that typically these commands are not used / working when using\nwpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going\nthrough a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join\nwhere the NETDEV_UP resets the mesh.ie to NULL via a memcpy of\ndefault_mesh_setup in cfg80211_netdev_notifier_call, which then avoids\nthe memory corruption, too.\n\nThe issue was first observed in an application which was not using\nwpa_supplicant but \"Senf\" instead, which implements its own calls to\nnl80211.\n\nFixing the issue by removing the kfree()'ing of the mesh IE in the mesh\njoin function and leaving it solely up to the mesh leave to free the\nmesh IE.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a60dfe8a-977c-4e16-9629-31a3bfffcc12.json b/objects/vulnerability/vulnerability--a60dfe8a-977c-4e16-9629-31a3bfffcc12.json new file mode 100644 index 00000000000..c2de12dfdc7 --- /dev/null +++ b/objects/vulnerability/vulnerability--a60dfe8a-977c-4e16-9629-31a3bfffcc12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86d5831d-2682-4bf6-b3ac-1cf90c501a92", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a60dfe8a-977c-4e16-9629-31a3bfffcc12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.534767Z", + "modified": "2025-02-27T00:38:15.534767Z", + "name": "CVE-2022-49615", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error\n\nThe initial settings will be written before the codec probe function.\nBut, the rt711->component doesn't be assigned yet.\nIf IO error happened during initial settings operations, it will cause the kernel panic.\nThis patch changed component->dev to slave->dev to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a641d7c9-856b-47ae-b626-75550a515836.json b/objects/vulnerability/vulnerability--a641d7c9-856b-47ae-b626-75550a515836.json new file mode 100644 index 00000000000..d97218fecce --- /dev/null +++ b/objects/vulnerability/vulnerability--a641d7c9-856b-47ae-b626-75550a515836.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--306eaaf0-b052-45b4-8afc-7fcb593a8eb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a641d7c9-856b-47ae-b626-75550a515836", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.340773Z", + "modified": "2025-02-27T00:38:15.340773Z", + "name": "CVE-2022-49189", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: clk-rcg2: Update logic to calculate D value for RCG\n\nThe display pixel clock has a requirement on certain newer platforms to\nsupport M/N as (2/3) and the final D value calculated results in\nunderflow errors.\nAs the current implementation does not check for D value is within\nthe accepted range for a given M & N value. Update the logic to\ncalculate the final D value based on the range.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49189" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a64ba506-3030-495b-a88d-f29be5b15de8.json b/objects/vulnerability/vulnerability--a64ba506-3030-495b-a88d-f29be5b15de8.json new file mode 100644 index 00000000000..980316e6081 --- /dev/null +++ b/objects/vulnerability/vulnerability--a64ba506-3030-495b-a88d-f29be5b15de8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3eab63e4-551c-41c8-8501-48135d848ac2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a64ba506-3030-495b-a88d-f29be5b15de8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.35123Z", + "modified": "2025-02-27T00:38:15.35123Z", + "name": "CVE-2022-49642", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwc-qos: Disable split header for Tegra194\n\nThere is a long-standing issue with the Synopsys DWC Ethernet driver\nfor Tegra194 where random system crashes have been observed [0]. The\nproblem occurs when the split header feature is enabled in the stmmac\ndriver. In the bad case, a larger than expected buffer length is\nreceived and causes the calculation of the total buffer length to\noverflow. This results in a very large buffer length that causes the\nkernel to crash. Why this larger buffer length is received is not clear,\nhowever, the feedback from the NVIDIA design team is that the split\nheader feature is not supported for Tegra194. Therefore, disable split\nheader support for Tegra194 to prevent these random crashes from\noccurring.\n\n[0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a68ecb1d-6eb9-49bc-9b8c-3b14263371e8.json b/objects/vulnerability/vulnerability--a68ecb1d-6eb9-49bc-9b8c-3b14263371e8.json new file mode 100644 index 00000000000..c42fac3df0f --- /dev/null +++ b/objects/vulnerability/vulnerability--a68ecb1d-6eb9-49bc-9b8c-3b14263371e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3363a564-6816-4953-b916-c3853c102568", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a68ecb1d-6eb9-49bc-9b8c-3b14263371e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.76308Z", + "modified": "2025-02-27T00:38:15.76308Z", + "name": "CVE-2022-49516", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: always check VF VSI pointer values\n\nThe ice_get_vf_vsi function can return NULL in some cases, such as if\nhandling messages during a reset where the VSI is being removed and\nrecreated.\n\nSeveral places throughout the driver do not bother to check whether this\nVSI pointer is valid. Static analysis tools maybe report issues because\nthey detect paths where a potentially NULL pointer could be dereferenced.\n\nFix this by checking the return value of ice_get_vf_vsi everywhere.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49516" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6c3e51c-ce7b-49cc-a255-4e90dae69ec3.json b/objects/vulnerability/vulnerability--a6c3e51c-ce7b-49cc-a255-4e90dae69ec3.json new file mode 100644 index 00000000000..91f7bf0e4df --- /dev/null +++ b/objects/vulnerability/vulnerability--a6c3e51c-ce7b-49cc-a255-4e90dae69ec3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0e7be93-404e-4e83-99e4-0ff6f84c2be9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6c3e51c-ce7b-49cc-a255-4e90dae69ec3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.58303Z", + "modified": "2025-02-27T00:38:15.58303Z", + "name": "CVE-2022-49440", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Keep MSR[RI] set when calling RTAS\n\nRTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big\nendian mode (MSR[SF,LE] unset).\n\nThe change in MSR is done in enter_rtas() in a relatively complex way,\nsince the MSR value could be hardcoded.\n\nFurthermore, a panic has been reported when hitting the watchdog interrupt\nwhile running in RTAS, this leads to the following stack trace:\n\n watchdog: CPU 24 Hard LOCKUP\n watchdog: CPU 24 TB:997512652051031, last heartbeat TB:997504470175378 (15980ms ago)\n ...\n Supported: No, Unreleased kernel\n CPU: 24 PID: 87504 Comm: drmgr Kdump: loaded Tainted: G E X 5.14.21-150400.71.1.bz196362_2-default #1 SLE15-SP4 (unreleased) 0d821077ef4faa8dfaf370efb5fdca1fa35f4e2c\n NIP: 000000001fb41050 LR: 000000001fb4104c CTR: 0000000000000000\n REGS: c00000000fc33d60 TRAP: 0100 Tainted: G E X (5.14.21-150400.71.1.bz196362_2-default)\n MSR: 8000000002981000 CR: 48800002 XER: 20040020\n CFAR: 000000000000011c IRQMASK: 1\n GPR00: 0000000000000003 ffffffffffffffff 0000000000000001 00000000000050dc\n GPR04: 000000001ffb6100 0000000000000020 0000000000000001 000000001fb09010\n GPR08: 0000000020000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 80040000072a40a8 c00000000ff8b680 0000000000000007 0000000000000034\n GPR16: 000000001fbf6e94 000000001fbf6d84 000000001fbd1db0 000000001fb3f008\n GPR20: 000000001fb41018 ffffffffffffffff 000000000000017f fffffffffffff68f\n GPR24: 000000001fb18fe8 000000001fb3e000 000000001fb1adc0 000000001fb1cf40\n GPR28: 000000001fb26000 000000001fb460f0 000000001fb17f18 000000001fb17000\n NIP [000000001fb41050] 0x1fb41050\n LR [000000001fb4104c] 0x1fb4104c\n Call Trace:\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n Oops: Unrecoverable System Reset, sig: 6 [#1]\n LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\n ...\n Supported: No, Unreleased kernel\n CPU: 24 PID: 87504 Comm: drmgr Kdump: loaded Tainted: G E X 5.14.21-150400.71.1.bz196362_2-default #1 SLE15-SP4 (unreleased) 0d821077ef4faa8dfaf370efb5fdca1fa35f4e2c\n NIP: 000000001fb41050 LR: 000000001fb4104c CTR: 0000000000000000\n REGS: c00000000fc33d60 TRAP: 0100 Tainted: G E X (5.14.21-150400.71.1.bz196362_2-default)\n MSR: 8000000002981000 CR: 48800002 XER: 20040020\n CFAR: 000000000000011c IRQMASK: 1\n GPR00: 0000000000000003 ffffffffffffffff 0000000000000001 00000000000050dc\n GPR04: 000000001ffb6100 0000000000000020 0000000000000001 000000001fb09010\n GPR08: 0000000020000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 80040000072a40a8 c00000000ff8b680 0000000000000007 0000000000000034\n GPR16: 000000001fbf6e94 000000001fbf6d84 000000001fbd1db0 000000001fb3f008\n GPR20: 000000001fb41018 ffffffffffffffff 000000000000017f fffffffffffff68f\n GPR24: 000000001fb18fe8 000000001fb3e000 000000001fb1adc0 000000001fb1cf40\n GPR28: 000000001fb26000 000000001fb460f0 000000001fb17f18 000000001fb17000\n NIP [000000001fb41050] 0x1fb41050\n LR [000000001fb4104c] 0x1fb4104c\n Call Trace:\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 3ddec07f638c34a2 ]---\n\nThis happens because MSR[RI] is unset when entering RTAS but there is no\nvalid reason to not set it here.\n\nRTAS is expected to be called with MSR[RI] as specified in PAPR+ section\n\"7.2.1 Machine State\":\n\n R1–7.2.1–9. If called with MSR[RI] equal to 1, then RTAS must protect\n its own critical regions from recursion by setting the MSR[RI] bit to\n 0 when in the critical regions.\n\nFixing this by reviewing the way MSR is compute before calling RTAS. Now a\nhardcoded value meaning real \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49440" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6c3fa83-70b6-45bc-a38a-09fe1a778995.json b/objects/vulnerability/vulnerability--a6c3fa83-70b6-45bc-a38a-09fe1a778995.json new file mode 100644 index 00000000000..43c78e33fcc --- /dev/null +++ b/objects/vulnerability/vulnerability--a6c3fa83-70b6-45bc-a38a-09fe1a778995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a21693a-4d18-42d4-9777-36c4c2f8731e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6c3fa83-70b6-45bc-a38a-09fe1a778995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.679477Z", + "modified": "2025-02-27T00:38:15.679477Z", + "name": "CVE-2022-49061", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link\n\nWhen using a fixed-link, the altr_tse_pcs driver crashes\ndue to null-pointer dereference as no phy_device is provided to\ntse_pcs_fix_mac_speed function. Fix this by adding a check for\nphy_dev before calling the tse_pcs_fix_mac_speed() function.\n\nAlso clean up the tse_pcs_fix_mac_speed function a bit. There is\nno need to check for splitter_base and sgmii_adapter_base\nbecause the driver will fail if these 2 variables are not\nderived from the device tree.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7a54eeb-f0d3-4301-82b7-118be96c0a5c.json b/objects/vulnerability/vulnerability--a7a54eeb-f0d3-4301-82b7-118be96c0a5c.json new file mode 100644 index 00000000000..ce2368c8c50 --- /dev/null +++ b/objects/vulnerability/vulnerability--a7a54eeb-f0d3-4301-82b7-118be96c0a5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3068731b-e58d-4445-9062-c3b6eb3f996b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7a54eeb-f0d3-4301-82b7-118be96c0a5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.124523Z", + "modified": "2025-02-27T00:38:04.124523Z", + "name": "CVE-2024-50684", + "description": "SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50684" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a80578ae-e762-4898-bf12-bc2d311b7673.json b/objects/vulnerability/vulnerability--a80578ae-e762-4898-bf12-bc2d311b7673.json new file mode 100644 index 00000000000..472b5696b67 --- /dev/null +++ b/objects/vulnerability/vulnerability--a80578ae-e762-4898-bf12-bc2d311b7673.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ff5b662-4656-4f18-9038-2ba5f15eb781", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a80578ae-e762-4898-bf12-bc2d311b7673", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.635329Z", + "modified": "2025-02-27T00:38:15.635329Z", + "name": "CVE-2022-49259", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't delete queue kobject before its children\n\nkobjects aren't supposed to be deleted before their child kobjects are\ndeleted. Apparently this is usually benign; however, a WARN will be\ntriggered if one of the child kobjects has a named attribute group:\n\n sysfs group 'modes' not found for kobject 'crypto'\n WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80\n ...\n Call Trace:\n sysfs_remove_groups+0x29/0x40 fs/sysfs/group.c:312\n __kobject_del+0x20/0x80 lib/kobject.c:611\n kobject_cleanup+0xa4/0x140 lib/kobject.c:696\n kobject_release lib/kobject.c:736 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x53/0x70 lib/kobject.c:753\n blk_crypto_sysfs_unregister+0x10/0x20 block/blk-crypto-sysfs.c:159\n blk_unregister_queue+0xb0/0x110 block/blk-sysfs.c:962\n del_gendisk+0x117/0x250 block/genhd.c:610\n\nFix this by moving the kobject_del() and the corresponding\nkobject_uevent() to the correct place.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49259" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8284db4-f2c8-4d94-97d6-fe0afb867d9c.json b/objects/vulnerability/vulnerability--a8284db4-f2c8-4d94-97d6-fe0afb867d9c.json new file mode 100644 index 00000000000..b09619ef100 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8284db4-f2c8-4d94-97d6-fe0afb867d9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84268f09-9051-4442-938f-0d412d687354", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8284db4-f2c8-4d94-97d6-fe0afb867d9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.757035Z", + "modified": "2025-02-27T00:38:07.757035Z", + "name": "CVE-2025-25794", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a851a57e-0b6b-471f-9c50-837f6920ac74.json b/objects/vulnerability/vulnerability--a851a57e-0b6b-471f-9c50-837f6920ac74.json new file mode 100644 index 00000000000..792a794a241 --- /dev/null +++ b/objects/vulnerability/vulnerability--a851a57e-0b6b-471f-9c50-837f6920ac74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c286639c-d9d5-45a9-812a-2859c1487bad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a851a57e-0b6b-471f-9c50-837f6920ac74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.486232Z", + "modified": "2025-02-27T00:38:15.486232Z", + "name": "CVE-2022-49071", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: ili9341: fix optional regulator handling\n\nIf the optional regulator lookup fails, reset the pointer to NULL.\nOther functions such as mipi_dbi_poweron_reset_conditional() only do\na NULL pointer check and will otherwise dereference the error pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49071" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8e3b598-3385-40d5-b60a-a48708bd95a6.json b/objects/vulnerability/vulnerability--a8e3b598-3385-40d5-b60a-a48708bd95a6.json new file mode 100644 index 00000000000..7e50f7676c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8e3b598-3385-40d5-b60a-a48708bd95a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41abba0e-19ac-4af0-9c26-f950f0c16b03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8e3b598-3385-40d5-b60a-a48708bd95a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.64013Z", + "modified": "2025-02-27T00:38:15.64013Z", + "name": "CVE-2022-49384", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix double free of io_acct_set bioset\n\nNow io_acct_set is alloc and free in personality. Remove the codes that\nfree io_acct_set in md_free and md_stop.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49384" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a95ca10b-f6b2-4e46-a3de-ae77f422bd77.json b/objects/vulnerability/vulnerability--a95ca10b-f6b2-4e46-a3de-ae77f422bd77.json new file mode 100644 index 00000000000..0b551ab153a --- /dev/null +++ b/objects/vulnerability/vulnerability--a95ca10b-f6b2-4e46-a3de-ae77f422bd77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e3ec92e-f844-493f-a040-ea64a96c848c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a95ca10b-f6b2-4e46-a3de-ae77f422bd77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.365941Z", + "modified": "2025-02-27T00:38:15.365941Z", + "name": "CVE-2022-49432", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xics: fix refcount leak in icp_opal_init()\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, use of_node_put() on it when done.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49432" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9b9c524-7773-4782-9d37-f600e8aab962.json b/objects/vulnerability/vulnerability--a9b9c524-7773-4782-9d37-f600e8aab962.json new file mode 100644 index 00000000000..f0db3dd155b --- /dev/null +++ b/objects/vulnerability/vulnerability--a9b9c524-7773-4782-9d37-f600e8aab962.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10346a71-b590-44ce-aecc-084348919cc7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9b9c524-7773-4782-9d37-f600e8aab962", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.531828Z", + "modified": "2025-02-27T00:38:15.531828Z", + "name": "CVE-2022-49372", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: tcp_rtx_synack() can be called from process context\n\nLaurent reported the enclosed report [1]\n\nThis bug triggers with following coditions:\n\n0) Kernel built with CONFIG_DEBUG_PREEMPT=y\n\n1) A new passive FastOpen TCP socket is created.\n This FO socket waits for an ACK coming from client to be a complete\n ESTABLISHED one.\n2) A socket operation on this socket goes through lock_sock()\n release_sock() dance.\n3) While the socket is owned by the user in step 2),\n a retransmit of the SYN is received and stored in socket backlog.\n4) At release_sock() time, the socket backlog is processed while\n in process context.\n5) A SYNACK packet is cooked in response of the SYN retransmit.\n6) -> tcp_rtx_synack() is called in process context.\n\nBefore blamed commit, tcp_rtx_synack() was always called from BH handler,\nfrom a timer handler.\n\nFix this by using TCP_INC_STATS() & NET_INC_STATS()\nwhich do not assume caller is in non preemptible context.\n\n[1]\nBUG: using __this_cpu_add() in preemptible [00000000] code: epollpep/2180\ncaller is tcp_rtx_synack.part.0+0x36/0xc0\nCPU: 10 PID: 2180 Comm: epollpep Tainted: G OE 5.16.0-0.bpo.4-amd64 #1 Debian 5.16.12-1~bpo11+1\nHardware name: Supermicro SYS-5039MC-H8TRF/X11SCD-F, BIOS 1.7 11/23/2021\nCall Trace:\n \n dump_stack_lvl+0x48/0x5e\n check_preemption_disabled+0xde/0xe0\n tcp_rtx_synack.part.0+0x36/0xc0\n tcp_rtx_synack+0x8d/0xa0\n ? kmem_cache_alloc+0x2e0/0x3e0\n ? apparmor_file_alloc_security+0x3b/0x1f0\n inet_rtx_syn_ack+0x16/0x30\n tcp_check_req+0x367/0x610\n tcp_rcv_state_process+0x91/0xf60\n ? get_nohz_timer_target+0x18/0x1a0\n ? lock_timer_base+0x61/0x80\n ? preempt_count_add+0x68/0xa0\n tcp_v4_do_rcv+0xbd/0x270\n __release_sock+0x6d/0xb0\n release_sock+0x2b/0x90\n sock_setsockopt+0x138/0x1140\n ? __sys_getsockname+0x7e/0xc0\n ? aa_sk_perm+0x3e/0x1a0\n __sys_setsockopt+0x198/0x1e0\n __x64_sys_setsockopt+0x21/0x30\n do_syscall_64+0x38/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49372" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa7936aa-cb66-4200-b996-68ce8d44cb9b.json b/objects/vulnerability/vulnerability--aa7936aa-cb66-4200-b996-68ce8d44cb9b.json new file mode 100644 index 00000000000..ddd430bbce0 --- /dev/null +++ b/objects/vulnerability/vulnerability--aa7936aa-cb66-4200-b996-68ce8d44cb9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e32fd6b9-5adf-4e6a-8066-bdcf1e896c54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa7936aa-cb66-4200-b996-68ce8d44cb9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.431769Z", + "modified": "2025-02-27T00:38:15.431769Z", + "name": "CVE-2022-49268", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM\n\nDo not call snd_dma_free_pages() when snd_dma_alloc_pages() returns\n-ENOMEM because it leads to a NULL pointer dereference bug.\n\nThe dmesg says:\n\n [ T1387] sof-audio-pci-intel-tgl 0000:00:1f.3: error: memory alloc failed: -12\n [ T1387] BUG: kernel NULL pointer dereference, address: 0000000000000000\n [ T1387] #PF: supervisor read access in kernel mode\n [ T1387] #PF: error_code(0x0000) - not-present page\n [ T1387] PGD 0 P4D 0\n [ T1387] Oops: 0000 [#1] PREEMPT SMP NOPTI\n [ T1387] CPU: 6 PID: 1387 Comm: alsa-sink-HDA A Tainted: G W 5.17.0-rc4-superb-owl-00055-g80d47f5de5e3\n [ T1387] Hardware name: HP HP Laptop 14s-dq2xxx/87FD, BIOS F.15 09/15/2021\n [ T1387] RIP: 0010:dma_free_noncontiguous+0x37/0x80\n [ T1387] Code: [... snip ...]\n [ T1387] RSP: 0000:ffffc90002b87770 EFLAGS: 00010246\n [ T1387] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n [ T1387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888101db30d0\n [ T1387] RBP: 00000000fffffff4 R08: 0000000000000000 R09: 0000000000000000\n [ T1387] R10: 0000000000000000 R11: ffffc90002b874d0 R12: 0000000000000001\n [ T1387] R13: 0000000000058000 R14: ffff888105260c68 R15: ffff888105260828\n [ T1387] FS: 00007f42e2ffd640(0000) GS:ffff888466b80000(0000) knlGS:0000000000000000\n [ T1387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ T1387] CR2: 0000000000000000 CR3: 000000014acf0003 CR4: 0000000000770ee0\n [ T1387] PKRU: 55555554\n [ T1387] Call Trace:\n [ T1387] \n [ T1387] cl_stream_prepare+0x10a/0x120 [snd_sof_intel_hda_common 146addf995b9279ae7f509621078cccbe4f875e1]\n [... snip ...]\n [ T1387] ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49268" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa91b5a4-f695-4d6d-9acb-23ed4da34a21.json b/objects/vulnerability/vulnerability--aa91b5a4-f695-4d6d-9acb-23ed4da34a21.json new file mode 100644 index 00000000000..3ec19dfba70 --- /dev/null +++ b/objects/vulnerability/vulnerability--aa91b5a4-f695-4d6d-9acb-23ed4da34a21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8166cc3-f8f7-453b-aa05-02d38124dc70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa91b5a4-f695-4d6d-9acb-23ed4da34a21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.445223Z", + "modified": "2025-02-27T00:38:15.445223Z", + "name": "CVE-2022-49133", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: svm range restore work deadlock when process exit\n\nkfd_process_notifier_release flush svm_range_restore_work\nwhich calls svm_range_list_lock_and_flush_work to flush deferred_list\nwork, but if deferred_list work mmput release the last user, it will\ncall exit_mmap -> notifier_release, it is deadlock with below backtrace.\n\nMove flush svm_range_restore_work to kfd_process_wq_release to avoid\ndeadlock. Then svm_range_restore_work take task->mm ref to avoid mm is\ngone while validating and mapping ranges to GPU.\n\nWorkqueue: events svm_range_deferred_list_work [amdgpu]\nCall Trace:\n wait_for_completion+0x94/0x100\n __flush_work+0x12a/0x1e0\n __cancel_work_timer+0x10e/0x190\n cancel_delayed_work_sync+0x13/0x20\n kfd_process_notifier_release+0x98/0x2a0 [amdgpu]\n __mmu_notifier_release+0x74/0x1f0\n exit_mmap+0x170/0x200\n mmput+0x5d/0x130\n svm_range_deferred_list_work+0x104/0x230 [amdgpu]\n process_one_work+0x220/0x3c0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aadb8d9f-f24e-4bf7-bc64-6f98e2e27d81.json b/objects/vulnerability/vulnerability--aadb8d9f-f24e-4bf7-bc64-6f98e2e27d81.json new file mode 100644 index 00000000000..27edcbe682a --- /dev/null +++ b/objects/vulnerability/vulnerability--aadb8d9f-f24e-4bf7-bc64-6f98e2e27d81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f70cb26-f7ba-4d81-9d2b-d48aa01a7f3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aadb8d9f-f24e-4bf7-bc64-6f98e2e27d81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.46324Z", + "modified": "2025-02-27T00:38:15.46324Z", + "name": "CVE-2022-49092", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix route with nexthop object delete warning\n\nFRR folks have hit a kernel warning[1] while deleting routes[2] which is\ncaused by trying to delete a route pointing to a nexthop id without\nspecifying nhid but matching on an interface. That is, a route is found\nbut we hit a warning while matching it. The warning is from\nfib_info_nh() in include/net/nexthop.h because we run it on a fib_info\nwith nexthop object. The call chain is:\n inet_rtm_delroute -> fib_table_delete -> fib_nh_match (called with a\nnexthop fib_info and also with fc_oif set thus calling fib_info_nh on\nthe fib_info and triggering the warning). The fix is to not do any\nmatching in that branch if the fi has a nexthop object because those are\nmanaged separately. I.e. we should match when deleting without nh spec and\nshould fail when deleting a nexthop route with old-style nh spec because\nnexthop objects are managed separately, e.g.:\n $ ip r show 1.2.3.4/32\n 1.2.3.4 nhid 12 via 192.168.11.2 dev dummy0\n\n $ ip r del 1.2.3.4/32\n $ ip r del 1.2.3.4/32 nhid 12\n \n\n $ ip r del 1.2.3.4/32 dev dummy0\n \n\n[1]\n [ 523.462226] ------------[ cut here ]------------\n [ 523.462230] WARNING: CPU: 14 PID: 22893 at include/net/nexthop.h:468 fib_nh_match+0x210/0x460\n [ 523.462236] Modules linked in: dummy rpcsec_gss_krb5 xt_socket nf_socket_ipv4 nf_socket_ipv6 ip6table_raw iptable_raw bpf_preload xt_statistic ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs xt_mark nf_tables xt_nat veth nf_conntrack_netlink nfnetlink xt_addrtype br_netfilter overlay dm_crypt nfsv3 nfs fscache netfs vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack 8021q garp mrp ipt_REJECT nf_reject_ipv4 ip6table_mangle ip6table_nat iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bridge stp llc rfcomm snd_seq_dummy snd_hrtimer rpcrdma rdma_cm iw_cm ib_cm ib_core ip6table_filter xt_comment ip6_tables vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) qrtr bnep binfmt_misc xfs vfat fat squashfs loop nvidia_drm(POE) nvidia_modeset(POE) nvidia_uvm(POE) nvidia(POE) intel_rapl_msr intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi btusb btrtl iwlmvm uvcvideo btbcm snd_hda_intel edac_mce_amd\n [ 523.462274] videobuf2_vmalloc videobuf2_memops btintel snd_intel_dspcfg videobuf2_v4l2 snd_intel_sdw_acpi bluetooth snd_usb_audio snd_hda_codec mac80211 snd_usbmidi_lib joydev snd_hda_core videobuf2_common kvm_amd snd_rawmidi snd_hwdep snd_seq videodev ccp snd_seq_device libarc4 ecdh_generic mc snd_pcm kvm iwlwifi snd_timer drm_kms_helper snd cfg80211 cec soundcore irqbypass rapl wmi_bmof i2c_piix4 rfkill k10temp pcspkr acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc drm zram ip_tables crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel nvme sp5100_tco r8169 nvme_core wmi ipmi_devintf ipmi_msghandler fuse\n [ 523.462300] CPU: 14 PID: 22893 Comm: ip Tainted: P OE 5.16.18-200.fc35.x86_64 #1\n [ 523.462302] Hardware name: Micro-Star International Co., Ltd. MS-7C37/MPG X570 GAMING EDGE WIFI (MS-7C37), BIOS 1.C0 10/29/2020\n [ 523.462303] RIP: 0010:fib_nh_match+0x210/0x460\n [ 523.462304] Code: 7c 24 20 48 8b b5 90 00 00 00 e8 bb ee f4 ff 48 8b 7c 24 20 41 89 c4 e8 ee eb f4 ff 45 85 e4 0f 85 2e fe ff ff e9 4c ff ff ff <0f> 0b e9 17 ff ff ff 3c 0a 0f 85 61 fe ff ff 48 8b b5 98 00 00 00\n [ 523.462306] RSP: 0018:ffffaa53d4d87928 EFLAGS: 00010286\n [ 523.462307] RAX: 0000000000000000 RBX: ffffaa53d4d87a90 RCX: ffffaa53d4d87bb0\n [ 523.462308] RDX: ffff9e3d2ee6be80 RSI: ffffaa53d4d87a90 RDI: ffffffff920ed380\n [ 523.462309] RBP: ffff9e3d2ee6be80 R08: 0000000000000064 R09: 0000000000000000\n [ 523.462310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000031\n [ 523.462310] R13: 0000000000000020 R14: 0000000000000000 R15: ffff9e3d331054e0\n [ 523.462311] FS: 00007f2455\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49092" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aaed0209-60d4-427c-b119-8e667fc9620f.json b/objects/vulnerability/vulnerability--aaed0209-60d4-427c-b119-8e667fc9620f.json new file mode 100644 index 00000000000..ff453e403be --- /dev/null +++ b/objects/vulnerability/vulnerability--aaed0209-60d4-427c-b119-8e667fc9620f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be933692-e375-4c83-87a8-1bdb9a26d21e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aaed0209-60d4-427c-b119-8e667fc9620f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.110114Z", + "modified": "2025-02-27T00:38:04.110114Z", + "name": "CVE-2024-50685", + "description": "SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--abf94ff9-93e5-4a05-b857-29b18a89d494.json b/objects/vulnerability/vulnerability--abf94ff9-93e5-4a05-b857-29b18a89d494.json new file mode 100644 index 00000000000..4336c8862f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--abf94ff9-93e5-4a05-b857-29b18a89d494.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--460f11bb-703e-4ad6-ba5a-cd231d3581da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--abf94ff9-93e5-4a05-b857-29b18a89d494", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.464181Z", + "modified": "2025-02-27T00:38:15.464181Z", + "name": "CVE-2022-49198", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb\n\nGot crash when doing pressure test of mptcp:\n\n===========================================================================\ndst_release: dst:ffffa06ce6e5c058 refcnt:-1\nkernel tried to execute NX-protected page - exploit attempt? (uid: 0)\nBUG: unable to handle kernel paging request at ffffa06ce6e5c058\nPGD 190a01067 P4D 190a01067 PUD 43fffb067 PMD 22e403063 PTE 8000000226e5c063\nOops: 0011 [#1] SMP PTI\nCPU: 7 PID: 7823 Comm: kworker/7:0 Kdump: loaded Tainted: G E\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.2.1 04/01/2014\nCall Trace:\n ? skb_release_head_state+0x68/0x100\n ? skb_release_all+0xe/0x30\n ? kfree_skb+0x32/0xa0\n ? mptcp_sendmsg_frag+0x57e/0x750\n ? __mptcp_retrans+0x21b/0x3c0\n ? __switch_to_asm+0x35/0x70\n ? mptcp_worker+0x25e/0x320\n ? process_one_work+0x1a7/0x360\n ? worker_thread+0x30/0x390\n ? create_worker+0x1a0/0x1a0\n ? kthread+0x112/0x130\n ? kthread_flush_work_fn+0x10/0x10\n ? ret_from_fork+0x35/0x40\n===========================================================================\n\nIn __mptcp_alloc_tx_skb skb was allocated and skb->tcp_tsorted_anchor will\nbe initialized, in under memory pressure situation sk_wmem_schedule will\nreturn false and then kfree_skb. In this case skb->_skb_refdst is not null\nbecause_skb_refdst and tcp_tsorted_anchor are stored in the same mem, and\nkfree_skb will try to release dst and cause crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49198" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad255849-ad23-44e3-93c5-9bc1ee45b8e5.json b/objects/vulnerability/vulnerability--ad255849-ad23-44e3-93c5-9bc1ee45b8e5.json new file mode 100644 index 00000000000..059f4f3f733 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad255849-ad23-44e3-93c5-9bc1ee45b8e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--816e3086-4356-4c26-b708-8c75b108013c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad255849-ad23-44e3-93c5-9bc1ee45b8e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.454724Z", + "modified": "2025-02-27T00:38:15.454724Z", + "name": "CVE-2022-49622", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: avoid skb access on nf_stolen\n\nWhen verdict is NF_STOLEN, the skb might have been freed.\n\nWhen tracing is enabled, this can result in a use-after-free:\n1. access to skb->nf_trace\n2. access to skb->mark\n3. computation of trace id\n4. dump of packet payload\n\nTo avoid 1, keep a cached copy of skb->nf_trace in the\ntrace state struct.\nRefresh this copy whenever verdict is != STOLEN.\n\nAvoid 2 by skipping skb->mark access if verdict is STOLEN.\n\n3 is avoided by precomputing the trace id.\n\nOnly dump the packet when verdict is not \"STOLEN\".", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad6d8034-a97d-427e-8c32-4afdd9ff9792.json b/objects/vulnerability/vulnerability--ad6d8034-a97d-427e-8c32-4afdd9ff9792.json new file mode 100644 index 00000000000..5c436172fea --- /dev/null +++ b/objects/vulnerability/vulnerability--ad6d8034-a97d-427e-8c32-4afdd9ff9792.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e5c0cdb-1583-4899-82e8-6105b5264f4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad6d8034-a97d-427e-8c32-4afdd9ff9792", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.783063Z", + "modified": "2025-02-27T00:38:15.783063Z", + "name": "CVE-2022-49385", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: base: fix UAF when driver_attach failed\n\nWhen driver_attach(drv); failed, the driver_private will be freed.\nBut it has been added to the bus, which caused a UAF.\n\nTo fix it, we need to delete it from the bus when failed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49385" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad783acc-3788-4290-a0a7-a1192b9f3f61.json b/objects/vulnerability/vulnerability--ad783acc-3788-4290-a0a7-a1192b9f3f61.json new file mode 100644 index 00000000000..10c154d71d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad783acc-3788-4290-a0a7-a1192b9f3f61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc33c54a-0004-4523-8c9a-ba4486cec28c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad783acc-3788-4290-a0a7-a1192b9f3f61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.71622Z", + "modified": "2025-02-27T00:38:15.71622Z", + "name": "CVE-2022-49431", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Add missing of_node_put in iommu_init_early_dart\n\nThe device_node pointer is returned by of_find_compatible_node\nwith refcount incremented. We should use of_node_put() to avoid\nthe refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49431" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ada7e47a-309a-4fb0-b6b6-3ddc226528ef.json b/objects/vulnerability/vulnerability--ada7e47a-309a-4fb0-b6b6-3ddc226528ef.json new file mode 100644 index 00000000000..6c90728aaf1 --- /dev/null +++ b/objects/vulnerability/vulnerability--ada7e47a-309a-4fb0-b6b6-3ddc226528ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97cedb4f-45ce-4fc9-a6d2-fb2f3c82d7c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ada7e47a-309a-4fb0-b6b6-3ddc226528ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.647513Z", + "modified": "2025-02-27T00:38:15.647513Z", + "name": "CVE-2022-49533", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: Change max no of active probe SSID and BSSID to fw capability\n\nThe maximum number of SSIDs in a for active probe requests is currently\nreported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver.\nThe scan_req_params structure only has the capacity to hold 10 SSIDs.\nThis leads to a buffer overflow which can be triggered from\nwpa_supplicant in userspace. When copying the SSIDs into the\nscan_req_params structure in the ath11k_mac_op_hw_scan route, it can\noverwrite the extraie pointer.\n\nFirmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe\nrequest will be sent, so totally 64 probe requests supported. So\nset both max ssid and bssid to 16 and 4 respectively. Remove the\nredundant macros of ssid and bssid.\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af1e55c3-094c-4fdb-87d7-7c644d46cc89.json b/objects/vulnerability/vulnerability--af1e55c3-094c-4fdb-87d7-7c644d46cc89.json new file mode 100644 index 00000000000..26610957859 --- /dev/null +++ b/objects/vulnerability/vulnerability--af1e55c3-094c-4fdb-87d7-7c644d46cc89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5150813b-5b4a-4393-9552-1b8064c157a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af1e55c3-094c-4fdb-87d7-7c644d46cc89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.489968Z", + "modified": "2025-02-27T00:38:15.489968Z", + "name": "CVE-2022-49173", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsi: Implement a timeout for polling status\n\nThe data transfer routines must poll the status register to\ndetermine when more data can be shifted in or out. If the hardware\ngets into a bad state, these polling loops may never exit. Prevent\nthis by returning an error if a timeout is exceeded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af9e8338-4bc7-44d9-bcc9-3843f293b620.json b/objects/vulnerability/vulnerability--af9e8338-4bc7-44d9-bcc9-3843f293b620.json new file mode 100644 index 00000000000..bf6a5de1796 --- /dev/null +++ b/objects/vulnerability/vulnerability--af9e8338-4bc7-44d9-bcc9-3843f293b620.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26ee62a0-2167-48e0-91c2-ccaa1429f51a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af9e8338-4bc7-44d9-bcc9-3843f293b620", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.697368Z", + "modified": "2025-02-27T00:38:15.697368Z", + "name": "CVE-2022-49048", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix panic when forwarding a pkt with no in6 dev\n\nkongweibin reported a kernel panic in ip6_forward() when input interface\nhas no in6 dev associated.\n\nThe following tc commands were used to reproduce this panic:\ntc qdisc del dev vxlan100 root\ntc qdisc add dev vxlan100 root netem corrupt 5%", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49048" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b03a9c55-ece3-4f39-beec-f1e59273a227.json b/objects/vulnerability/vulnerability--b03a9c55-ece3-4f39-beec-f1e59273a227.json new file mode 100644 index 00000000000..c64b108c251 --- /dev/null +++ b/objects/vulnerability/vulnerability--b03a9c55-ece3-4f39-beec-f1e59273a227.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1a522c6-196e-47c0-8572-12a377cd9da4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b03a9c55-ece3-4f39-beec-f1e59273a227", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.341673Z", + "modified": "2025-02-27T00:38:15.341673Z", + "name": "CVE-2022-49328", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix use-after-free by removing a non-RCU wcid pointer\n\nFixes an issue caught by KASAN about use-after-free in mt76_txq_schedule\nby protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and\nsta_info_[alloc, free].\n\n[18853.876689] ==================================================================\n[18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76]\n[18853.876773] Read of size 8 at addr ffffffaf989a2138 by task mt76-tx phy0/883\n[18853.876786]\n[18853.876810] CPU: 5 PID: 883 Comm: mt76-tx phy0 Not tainted 5.10.100-fix-510-56778d365941-kasan #5 0b01fbbcf41a530f52043508fec2e31a4215\n\n[18853.876840] Call trace:\n[18853.876861] dump_backtrace+0x0/0x3ec\n[18853.876878] show_stack+0x20/0x2c\n[18853.876899] dump_stack+0x11c/0x1ac\n[18853.876918] print_address_description+0x74/0x514\n[18853.876934] kasan_report+0x134/0x174\n[18853.876948] __asan_report_load8_noabort+0x44/0x50\n[18853.876976] mt76_txq_schedule+0x204/0xaf8 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]\n[18853.877002] mt76_txq_schedule_all+0x2c/0x48 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]\n[18853.877030] mt7921_tx_worker+0xa0/0x1cc [mt7921_common f0875ebac9d7b4754e1010549e7db50fbd90a047]\n[18853.877054] __mt76_worker_fn+0x190/0x22c [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]\n[18853.877071] kthread+0x2f8/0x3b8\n[18853.877087] ret_from_fork+0x10/0x30\n[18853.877098]\n[18853.877112] Allocated by task 941:\n[18853.877131] kasan_save_stack+0x38/0x68\n[18853.877147] __kasan_kmalloc+0xd4/0xfc\n[18853.877163] kasan_kmalloc+0x10/0x1c\n[18853.877177] __kmalloc+0x264/0x3c4\n[18853.877294] sta_info_alloc+0x460/0xf88 [mac80211]\n[18853.877410] ieee80211_prep_connection+0x204/0x1ee0 [mac80211]\n[18853.877523] ieee80211_mgd_auth+0x6c4/0xa4c [mac80211]\n[18853.877635] ieee80211_auth+0x20/0x2c [mac80211]\n[18853.877733] rdev_auth+0x7c/0x438 [cfg80211]\n[18853.877826] cfg80211_mlme_auth+0x26c/0x390 [cfg80211]\n[18853.877919] nl80211_authenticate+0x6d4/0x904 [cfg80211]\n[18853.877938] genl_rcv_msg+0x748/0x93c\n[18853.877954] netlink_rcv_skb+0x160/0x2a8\n[18853.877969] genl_rcv+0x3c/0x54\n[18853.877985] netlink_unicast_kernel+0x104/0x1ec\n[18853.877999] netlink_unicast+0x178/0x268\n[18853.878015] netlink_sendmsg+0x3cc/0x5f0\n[18853.878030] sock_sendmsg+0xb4/0xd8\n[18853.878043] ____sys_sendmsg+0x2f8/0x53c\n[18853.878058] ___sys_sendmsg+0xe8/0x150\n[18853.878071] __sys_sendmsg+0xc4/0x1f4\n[18853.878087] __arm64_compat_sys_sendmsg+0x88/0x9c\n[18853.878101] el0_svc_common+0x1b4/0x390\n[18853.878115] do_el0_svc_compat+0x8c/0xdc\n[18853.878131] el0_svc_compat+0x10/0x1c\n[18853.878146] el0_sync_compat_handler+0xa8/0xcc\n[18853.878161] el0_sync_compat+0x188/0x1c0\n[18853.878171]\n[18853.878183] Freed by task 10927:\n[18853.878200] kasan_save_stack+0x38/0x68\n[18853.878215] kasan_set_track+0x28/0x3c\n[18853.878228] kasan_set_free_info+0x24/0x48\n[18853.878244] __kasan_slab_free+0x11c/0x154\n[18853.878259] kasan_slab_free+0x14/0x24\n[18853.878273] slab_free_freelist_hook+0xac/0x1b0\n[18853.878287] kfree+0x104/0x390\n[18853.878402] sta_info_free+0x198/0x210 [mac80211]\n[18853.878515] __sta_info_destroy_part2+0x230/0x2d4 [mac80211]\n[18853.878628] __sta_info_flush+0x300/0x37c [mac80211]\n[18853.878740] ieee80211_set_disassoc+0x2cc/0xa7c [mac80211]\n[18853.878851] ieee80211_mgd_deauth+0x4a4/0x10a0 [mac80211]\n[18853.878962] ieee80211_deauth+0x20/0x2c [mac80211]\n[18853.879057] rdev_deauth+0x7c/0x438 [cfg80211]\n[18853.879150] cfg80211_mlme_deauth+0x274/0x414 [cfg80211]\n[18853.879243] cfg80211_mlme_down+0xe4/0x118 [cfg80211]\n[18853.879335] cfg80211_disconnect+0x218/0x2d8 [cfg80211]\n[18853.879427] __cfg80211_leave+0x17c/0x240 [cfg80211]\n[18853.879519] cfg80211_leave+0x3c/0x58 [cfg80211]\n[18853.879611] wiphy_suspend+0xdc/0x200 [cfg80211]\n[18853.879628] dpm_run_callback+0x58/0x408\n[18853.879642] __device_suspend+0x4cc/0x864\n[18853.879658] async_suspend+0x34/0xf4\n[18\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b086ddd6-6d48-4df5-9708-c14f0d0c841c.json b/objects/vulnerability/vulnerability--b086ddd6-6d48-4df5-9708-c14f0d0c841c.json new file mode 100644 index 00000000000..c974da265be --- /dev/null +++ b/objects/vulnerability/vulnerability--b086ddd6-6d48-4df5-9708-c14f0d0c841c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d01c2a85-8904-4397-a219-16a0aa02dc76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b086ddd6-6d48-4df5-9708-c14f0d0c841c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.786629Z", + "modified": "2025-02-27T00:38:15.786629Z", + "name": "CVE-2022-49545", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0fcf441-5237-4f99-83f7-4e61e548559a.json b/objects/vulnerability/vulnerability--b0fcf441-5237-4f99-83f7-4e61e548559a.json new file mode 100644 index 00000000000..3ebc5756ee1 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0fcf441-5237-4f99-83f7-4e61e548559a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c55eb905-77c6-41d6-bc12-e9c957f0da34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0fcf441-5237-4f99-83f7-4e61e548559a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.733236Z", + "modified": "2025-02-27T00:38:15.733236Z", + "name": "CVE-2022-49603", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nip: Fix data-races around sysctl_ip_fwd_update_priority.\n\nWhile reading sysctl_ip_fwd_update_priority, it can be changed\nconcurrently. Thus, we need to add READ_ONCE() to its readers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b191dab8-456a-4b42-96db-7fcf6b16065f.json b/objects/vulnerability/vulnerability--b191dab8-456a-4b42-96db-7fcf6b16065f.json new file mode 100644 index 00000000000..b79e8213147 --- /dev/null +++ b/objects/vulnerability/vulnerability--b191dab8-456a-4b42-96db-7fcf6b16065f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12f7e5e8-8497-4591-bf8a-44b43a517a26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b191dab8-456a-4b42-96db-7fcf6b16065f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.587853Z", + "modified": "2025-02-27T00:38:15.587853Z", + "name": "CVE-2022-49550", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: provide block_invalidate_folio to fix memory leak\n\nThe ntfs3 filesystem lacks the 'invalidate_folio' method and it causes\nmemory leak. If you write to the filesystem and then unmount it, the\ncached written data are not freed and they are permanently leaked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49550" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1adae4f-2c41-45fb-971f-ceaf9a168715.json b/objects/vulnerability/vulnerability--b1adae4f-2c41-45fb-971f-ceaf9a168715.json new file mode 100644 index 00000000000..6592df8c320 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1adae4f-2c41-45fb-971f-ceaf9a168715.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--617b9631-a32e-4d5b-8598-43b8e78edff0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1adae4f-2c41-45fb-971f-ceaf9a168715", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.474757Z", + "modified": "2025-02-27T00:38:15.474757Z", + "name": "CVE-2022-49086", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix leak of nested actions\n\nWhile parsing user-provided actions, openvswitch module may dynamically\nallocate memory and store pointers in the internal copy of the actions.\nSo this memory has to be freed while destroying the actions.\n\nCurrently there are only two such actions: ct() and set(). However,\nthere are many actions that can hold nested lists of actions and\novs_nla_free_flow_actions() just jumps over them leaking the memory.\n\nFor example, removal of the flow with the following actions will lead\nto a leak of the memory allocated by nf_ct_tmpl_alloc():\n\n actions:clone(ct(commit),0)\n\nNon-freed set() action may also leak the 'dst' structure for the\ntunnel info including device references.\n\nUnder certain conditions with a high rate of flow rotation that may\ncause significant memory leak problem (2MB per second in reporter's\ncase). The problem is also hard to mitigate, because the user doesn't\nhave direct control over the datapath flows generated by OVS.\n\nFix that by iterating over all the nested actions and freeing\neverything that needs to be freed recursively.\n\nNew build time assertion should protect us from this problem if new\nactions will be added in the future.\n\nUnfortunately, openvswitch module doesn't use NLA_F_NESTED, so all\nattributes has to be explicitly checked. sample() and clone() actions\nare mixing extra attributes into the user-provided action list. That\nprevents some code generalization too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49086" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1bb395a-3acd-4eff-be7e-39e6d69fb416.json b/objects/vulnerability/vulnerability--b1bb395a-3acd-4eff-be7e-39e6d69fb416.json new file mode 100644 index 00000000000..7b88ee7eb9b --- /dev/null +++ b/objects/vulnerability/vulnerability--b1bb395a-3acd-4eff-be7e-39e6d69fb416.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2f82827-a08b-40a7-a680-c71fe43bc71c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1bb395a-3acd-4eff-be7e-39e6d69fb416", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.388509Z", + "modified": "2025-02-27T00:38:15.388509Z", + "name": "CVE-2022-49458", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: don't free the IRQ if it was not requested\n\nAs msm_drm_uninit() is called from the msm_drm_init() error path,\nadditional care should be necessary as not to call the free_irq() for\nthe IRQ that was not requested before (because an error occured earlier\nthan the request_irq() call).\n\nThis fixed the issue reported with the following backtrace:\n\n[ 8.571329] Trying to free already-free IRQ 187\n[ 8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 free_irq+0x1e0/0x35c\n[ 8.588746] Modules linked in: pmic_glink pdr_interface fastrpc qrtr_smd snd_soc_hdmi_codec msm fsa4480 gpu_sched drm_dp_aux_bus qrtr i2c_qcom_geni crct10dif_ce qcom_stats qcom_q6v5_pas drm_display_helper gpi qcom_pil_info drm_kms_helper qcom_q6v5 qcom_sysmon qcom_common qcom_glink_smem qcom_rng mdt_loader qmi_helpers phy_qcom_qmp ufs_qcom typec qnoc_sm8350 socinfo rmtfs_mem fuse drm ipv6\n[ 8.624154] CPU: 0 PID: 76 Comm: kworker/u16:2 Not tainted 5.18.0-rc5-next-20220506-00033-g6cee8cab6089-dirty #419\n[ 8.624161] Hardware name: Qualcomm Technologies, Inc. SM8350 HDK (DT)\n[ 8.641496] Workqueue: events_unbound deferred_probe_work_func\n[ 8.647510] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.654681] pc : free_irq+0x1e0/0x35c\n[ 8.658454] lr : free_irq+0x1e0/0x35c\n[ 8.662228] sp : ffff800008ab3950\n[ 8.665642] x29: ffff800008ab3950 x28: 0000000000000000 x27: ffff16350f56a700\n[ 8.672994] x26: ffff1635025df080 x25: ffff16350251badc x24: ffff16350251bb90\n[ 8.680343] x23: 0000000000000000 x22: 00000000000000bb x21: ffff16350e8f9800\n[ 8.687690] x20: ffff16350251ba00 x19: ffff16350cbd5880 x18: ffffffffffffffff\n[ 8.695039] x17: 0000000000000000 x16: ffffa2dd12179434 x15: ffffa2dd1431d02d\n[ 8.702391] x14: 0000000000000000 x13: ffffa2dd1431d028 x12: 662d79646165726c\n[ 8.709740] x11: ffffa2dd13fd2438 x10: 000000000000000a x9 : 00000000000000bb\n[ 8.717111] x8 : ffffa2dd13fd23f0 x7 : ffff800008ab3750 x6 : 00000000fffff202\n[ 8.724487] x5 : ffff16377e870a18 x4 : 00000000fffff202 x3 : ffff735a6ae1b000\n[ 8.731851] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1635015f8000\n[ 8.739217] Call trace:\n[ 8.741755] free_irq+0x1e0/0x35c\n[ 8.745198] msm_drm_uninit.isra.0+0x14c/0x294 [msm]\n[ 8.750548] msm_drm_bind+0x28c/0x5d0 [msm]\n[ 8.755081] try_to_bring_up_aggregate_device+0x164/0x1d0\n[ 8.760657] __component_add+0xa0/0x170\n[ 8.764626] component_add+0x14/0x20\n[ 8.768337] dp_display_probe+0x2a4/0x464 [msm]\n[ 8.773242] platform_probe+0x68/0xe0\n[ 8.777043] really_probe.part.0+0x9c/0x28c\n[ 8.781368] __driver_probe_device+0x98/0x144\n[ 8.785871] driver_probe_device+0x40/0x140\n[ 8.790191] __device_attach_driver+0xb4/0x120\n[ 8.794788] bus_for_each_drv+0x78/0xd0\n[ 8.798751] __device_attach+0xdc/0x184\n[ 8.802713] device_initial_probe+0x14/0x20\n[ 8.807031] bus_probe_device+0x9c/0xa4\n[ 8.810991] deferred_probe_work_func+0x88/0xc0\n[ 8.815667] process_one_work+0x1d0/0x320\n[ 8.819809] worker_thread+0x14c/0x444\n[ 8.823688] kthread+0x10c/0x110\n[ 8.827036] ret_from_fork+0x10/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/485422/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49458" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1bfdc1d-699c-49bd-8ab5-ba63e92308cb.json b/objects/vulnerability/vulnerability--b1bfdc1d-699c-49bd-8ab5-ba63e92308cb.json new file mode 100644 index 00000000000..b782272a4f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1bfdc1d-699c-49bd-8ab5-ba63e92308cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a5470bb-6a9c-40bc-9110-cded49406b04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1bfdc1d-699c-49bd-8ab5-ba63e92308cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.452809Z", + "modified": "2025-02-27T00:38:15.452809Z", + "name": "CVE-2022-49207", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix memleak in sk_psock_queue_msg\n\nIf tcp_bpf_sendmsg is running during a tear down operation we may enqueue\ndata on the ingress msg queue while tear down is trying to free it.\n\n sk1 (redirect sk2) sk2\n ------------------- ---------------\ntcp_bpf_sendmsg()\n tcp_bpf_send_verdict()\n tcp_bpf_sendmsg_redir()\n bpf_tcp_ingress()\n sock_map_close()\n lock_sock()\n lock_sock() ... blocking\n sk_psock_stop\n sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED);\n release_sock(sk);\n lock_sock()\n sk_mem_charge()\n get_page()\n sk_psock_queue_msg()\n sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED);\n drop_sk_msg()\n release_sock()\n\nWhile drop_sk_msg(), the msg has charged memory form sk by sk_mem_charge\nand has sg pages need to put. To fix we use sk_msg_free() and then kfee()\nmsg.\n\nThis issue can cause the following info:\nWARNING: CPU: 0 PID: 9202 at net/core/stream.c:205 sk_stream_kill_queues+0xc8/0xe0\nCall Trace:\n \n inet_csk_destroy_sock+0x55/0x110\n tcp_rcv_state_process+0xe5f/0xe90\n ? sk_filter_trim_cap+0x10d/0x230\n ? tcp_v4_do_rcv+0x161/0x250\n tcp_v4_do_rcv+0x161/0x250\n tcp_v4_rcv+0xc3a/0xce0\n ip_protocol_deliver_rcu+0x3d/0x230\n ip_local_deliver_finish+0x54/0x60\n ip_local_deliver+0xfd/0x110\n ? ip_protocol_deliver_rcu+0x230/0x230\n ip_rcv+0xd6/0x100\n ? ip_local_deliver+0x110/0x110\n __netif_receive_skb_one_core+0x85/0xa0\n process_backlog+0xa4/0x160\n __napi_poll+0x29/0x1b0\n net_rx_action+0x287/0x300\n __do_softirq+0xff/0x2fc\n do_softirq+0x79/0x90\n \n\nWARNING: CPU: 0 PID: 531 at net/ipv4/af_inet.c:154 inet_sock_destruct+0x175/0x1b0\nCall Trace:\n \n __sk_destruct+0x24/0x1f0\n sk_psock_destroy+0x19b/0x1c0\n process_one_work+0x1b3/0x3c0\n ? process_one_work+0x3c0/0x3c0\n worker_thread+0x30/0x350\n ? process_one_work+0x3c0/0x3c0\n kthread+0xe6/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1d83e83-afdd-43bf-a70f-f8c6f69d34b0.json b/objects/vulnerability/vulnerability--b1d83e83-afdd-43bf-a70f-f8c6f69d34b0.json new file mode 100644 index 00000000000..6809edfa108 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1d83e83-afdd-43bf-a70f-f8c6f69d34b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70afbfb9-7975-45eb-9e76-083947d653e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1d83e83-afdd-43bf-a70f-f8c6f69d34b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.314581Z", + "modified": "2025-02-27T00:38:15.314581Z", + "name": "CVE-2022-49056", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: abort file assignment prior to assigning creds\n\nWe need to either restore creds properly if we fail on the file\nassignment, or just do the file assignment first instead. Let's do\nthe latter as it's simpler, should make no difference here for\nfile assignment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2059c48-1867-433e-9c7b-6c4751c8832f.json b/objects/vulnerability/vulnerability--b2059c48-1867-433e-9c7b-6c4751c8832f.json new file mode 100644 index 00000000000..ba4dbff3d8f --- /dev/null +++ b/objects/vulnerability/vulnerability--b2059c48-1867-433e-9c7b-6c4751c8832f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a8be456-3080-485b-a00a-d718de33884f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2059c48-1867-433e-9c7b-6c4751c8832f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.751803Z", + "modified": "2025-02-27T00:38:15.751803Z", + "name": "CVE-2022-49417", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: mei: fix potential NULL-ptr deref\n\nIf SKB allocation fails, continue rather than using the NULL\npointer.\n\nCoverity CID: 1497650", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49417" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b22dc6f0-d3c0-4201-897e-8f3d1e268cc9.json b/objects/vulnerability/vulnerability--b22dc6f0-d3c0-4201-897e-8f3d1e268cc9.json new file mode 100644 index 00000000000..0bb8d549d94 --- /dev/null +++ b/objects/vulnerability/vulnerability--b22dc6f0-d3c0-4201-897e-8f3d1e268cc9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--787388f1-6739-418e-b7d0-835ea89ccf1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b22dc6f0-d3c0-4201-897e-8f3d1e268cc9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.681285Z", + "modified": "2025-02-27T00:38:15.681285Z", + "name": "CVE-2022-49377", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: don't touch ->tagset in blk_mq_get_sq_hctx\n\nblk_mq_run_hw_queues() could be run when there isn't queued request and\nafter queue is cleaned up, at that time tagset is freed, because tagset\nlifetime is covered by driver, and often freed after blk_cleanup_queue()\nreturns.\n\nSo don't touch ->tagset for figuring out current default hctx by the mapping\nbuilt in request queue, so use-after-free on tagset can be avoided. Meantime\nthis way should be fast than retrieving mapping from tagset.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49377" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b24c8bb6-3bc0-4b07-8b02-3fba17a838f9.json b/objects/vulnerability/vulnerability--b24c8bb6-3bc0-4b07-8b02-3fba17a838f9.json new file mode 100644 index 00000000000..7aa967898e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--b24c8bb6-3bc0-4b07-8b02-3fba17a838f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0fdb0ef-2b96-4498-bf1e-d6a59d4a558b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b24c8bb6-3bc0-4b07-8b02-3fba17a838f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.674828Z", + "modified": "2025-02-27T00:38:15.674828Z", + "name": "CVE-2022-49512", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: denali: Use managed device resources\n\nAll of the resources used by this driver has managed interfaces, so use\nthem. Otherwise we will get the following splat:\n\n[ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000\n[ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5\n[ 4.473538] nand: No NAND device found\n[ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410\n[ 4.475169] #PF: supervisor write access in kernel mode\n[ 4.475579] #PF: error_code(0x0002) - not-present page\n[ 4.478362] RIP: 0010:iowrite32+0x9/0x50\n[ 4.486068] Call Trace:\n[ 4.486269] \n[ 4.486443] denali_isr+0x15b/0x300 [denali]\n[ 4.486788] ? denali_direct_write+0x50/0x50 [denali]\n[ 4.487189] __handle_irq_event_percpu+0x161/0x3b0\n[ 4.487571] handle_irq_event+0x7d/0x1b0\n[ 4.487884] handle_fasteoi_irq+0x2b0/0x770\n[ 4.488219] __common_interrupt+0xc8/0x1b0\n[ 4.488549] common_interrupt+0x9a/0xc0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49512" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b317a1ad-0336-4062-a3f5-990f03005bc8.json b/objects/vulnerability/vulnerability--b317a1ad-0336-4062-a3f5-990f03005bc8.json new file mode 100644 index 00000000000..f61ae945ca0 --- /dev/null +++ b/objects/vulnerability/vulnerability--b317a1ad-0336-4062-a3f5-990f03005bc8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--014527a5-fc04-4a8e-b95e-67b190bd84bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b317a1ad-0336-4062-a3f5-990f03005bc8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.453822Z", + "modified": "2025-02-27T00:38:15.453822Z", + "name": "CVE-2022-49620", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix possible refcount leak in tipc_sk_create()\n\nFree sk in case tipc_sk_insert() fails.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3502945-9553-4561-a6b3-33548290699f.json b/objects/vulnerability/vulnerability--b3502945-9553-4561-a6b3-33548290699f.json new file mode 100644 index 00000000000..255a72af80c --- /dev/null +++ b/objects/vulnerability/vulnerability--b3502945-9553-4561-a6b3-33548290699f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d940083-342a-41d3-aebf-6d62635a6202", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3502945-9553-4561-a6b3-33548290699f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.449971Z", + "modified": "2025-02-27T00:38:15.449971Z", + "name": "CVE-2022-49394", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iolatency: Fix inflight count imbalances and IO hangs on offline\n\niolatency needs to track the number of inflight IOs per cgroup. As this\ntracking can be expensive, it is disabled when no cgroup has iolatency\nconfigured for the device. To ensure that the inflight counters stay\nbalanced, iolatency_set_limit() freezes the request_queue while manipulating\nthe enabled counter, which ensures that no IO is in flight and thus all\ncounters are zero.\n\nUnfortunately, iolatency_set_limit() isn't the only place where the enabled\ncounter is manipulated. iolatency_pd_offline() can also dec the counter and\ntrigger disabling. As this disabling happens without freezing the q, this\ncan easily happen while some IOs are in flight and thus leak the counts.\n\nThis can be easily demonstrated by turning on iolatency on an one empty\ncgroup while IOs are in flight in other cgroups and then removing the\ncgroup. Note that iolatency shouldn't have been enabled elsewhere in the\nsystem to ensure that removing the cgroup disables iolatency for the whole\ndevice.\n\nThe following keeps flipping on and off iolatency on sda:\n\n echo +io > /sys/fs/cgroup/cgroup.subtree_control\n while true; do\n mkdir -p /sys/fs/cgroup/test\n echo '8:0 target=100000' > /sys/fs/cgroup/test/io.latency\n sleep 1\n rmdir /sys/fs/cgroup/test\n sleep 1\n done\n\nand there's concurrent fio generating direct rand reads:\n\n fio --name test --filename=/dev/sda --direct=1 --rw=randread \\\n --runtime=600 --time_based --iodepth=256 --numjobs=4 --bs=4k\n\nwhile monitoring with the following drgn script:\n\n while True:\n for css in css_for_each_descendant_pre(prog['blkcg_root'].css.address_of_()):\n for pos in hlist_for_each(container_of(css, 'struct blkcg', 'css').blkg_list):\n blkg = container_of(pos, 'struct blkcg_gq', 'blkcg_node')\n pd = blkg.pd[prog['blkcg_policy_iolatency'].plid]\n if pd.value_() == 0:\n continue\n iolat = container_of(pd, 'struct iolatency_grp', 'pd')\n inflight = iolat.rq_wait.inflight.counter.value_()\n if inflight:\n print(f'inflight={inflight} {disk_name(blkg.q.disk).decode(\"utf-8\")} '\n f'{cgroup_path(css.cgroup).decode(\"utf-8\")}')\n time.sleep(1)\n\nThe monitoring output looks like the following:\n\n inflight=1 sda /user.slice\n inflight=1 sda /user.slice\n ...\n inflight=14 sda /user.slice\n inflight=13 sda /user.slice\n inflight=17 sda /user.slice\n inflight=15 sda /user.slice\n inflight=18 sda /user.slice\n inflight=17 sda /user.slice\n inflight=20 sda /user.slice\n inflight=19 sda /user.slice <- fio stopped, inflight stuck at 19\n inflight=19 sda /user.slice\n inflight=19 sda /user.slice\n\nIf a cgroup with stuck inflight ends up getting throttled, the throttled IOs\nwill never get issued as there's no completion event to wake it up leading\nto an indefinite hang.\n\nThis patch fixes the bug by unifying enable handling into a work item which\nis automatically kicked off from iolatency_set_min_lat_nsec() which is\ncalled from both iolatency_set_limit() and iolatency_pd_offline() paths.\nPunting to a work item is necessary as iolatency_pd_offline() is called\nunder spinlocks while freezing a request_queue requires a sleepable context.\n\nThis also simplifies the code reducing LOC sans the comments and avoids the\nunnecessary freezes which were happening whenever a cgroup's latency target\nis newly set or cleared.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49394" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3c2abc5-24f1-406d-8b2d-2dd68241e32d.json b/objects/vulnerability/vulnerability--b3c2abc5-24f1-406d-8b2d-2dd68241e32d.json new file mode 100644 index 00000000000..12575d9d7e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3c2abc5-24f1-406d-8b2d-2dd68241e32d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b0c8fa6-84c0-4be5-ab5a-368ff5d2ebcf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3c2abc5-24f1-406d-8b2d-2dd68241e32d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.382663Z", + "modified": "2025-02-27T00:38:15.382663Z", + "name": "CVE-2022-49335", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/cs: make commands with 0 chunks illegal behaviour.\n\nSubmitting a cs with 0 chunks, causes an oops later, found trying\nto execute the wrong userspace driver.\n\nMESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo\n\n[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[172536.665188] #PF: supervisor read access in kernel mode\n[172536.665189] #PF: error_code(0x0000) - not-present page\n[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0\n[172536.665195] Oops: 0000 [#1] SMP NOPTI\n[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS\n[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015\n[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]\n[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10\n[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246\n[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68\n[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38\n[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40\n[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28\n[172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000\n[172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0\n[172536.665287] Call Trace:\n[172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]\n[172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm]\n[172536.665338] drm_ioctl+0x201/0x3b0 [drm]\n[172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]\n[172536.665372] ? selinux_file_ioctl+0x135/0x230\n[172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu]\n[172536.665403] __x64_sys_ioctl+0x83/0xb0\n[172536.665406] do_syscall_64+0x33/0x40\n[172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3ee652d-e13e-4450-bace-f787921d2bf1.json b/objects/vulnerability/vulnerability--b3ee652d-e13e-4450-bace-f787921d2bf1.json new file mode 100644 index 00000000000..569c0328aa6 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3ee652d-e13e-4450-bace-f787921d2bf1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ff58dfa-ca76-4bea-84ed-1126097ef1f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3ee652d-e13e-4450-bace-f787921d2bf1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.660785Z", + "modified": "2025-02-27T00:38:15.660785Z", + "name": "CVE-2022-49258", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccree - Fix use after free in cc_cipher_exit()\n\nkfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But\nctx_p->user.key is still used in the next line, which will lead to a\nuse after free.\n\nWe can call kfree_sensitive() after dev_dbg() to avoid the uaf.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b439a223-a217-4a3d-b479-d6ea78c6a510.json b/objects/vulnerability/vulnerability--b439a223-a217-4a3d-b479-d6ea78c6a510.json new file mode 100644 index 00000000000..dcbd93b9b15 --- /dev/null +++ b/objects/vulnerability/vulnerability--b439a223-a217-4a3d-b479-d6ea78c6a510.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acf5b9a1-10f0-42b3-88f8-ea3db84a7d53", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b439a223-a217-4a3d-b479-d6ea78c6a510", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.380788Z", + "modified": "2025-02-27T00:38:15.380788Z", + "name": "CVE-2022-49105", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: wfx: fix an error handling in wfx_init_common()\n\nOne error handler of wfx_init_common() return without calling\nieee80211_free_hw(hw), which may result in memory leak. And I add\none err label to unify the error handler, which is useful for the\nsubsequent changes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49105" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4edc85c-ae8c-47bc-af48-ecc9e2441eaf.json b/objects/vulnerability/vulnerability--b4edc85c-ae8c-47bc-af48-ecc9e2441eaf.json new file mode 100644 index 00000000000..7332fc98c23 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4edc85c-ae8c-47bc-af48-ecc9e2441eaf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21c383b8-140c-4597-ba21-5ca3cca5ec8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4edc85c-ae8c-47bc-af48-ecc9e2441eaf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.435904Z", + "modified": "2025-02-27T00:38:15.435904Z", + "name": "CVE-2022-49291", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\n\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF. Since the existing PCM stream lock can't be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\n\nThis patch introduced a new mutex, runtime->buffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths. Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49291" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4ef5318-51c9-4643-8481-fbdbe9b8c929.json b/objects/vulnerability/vulnerability--b4ef5318-51c9-4643-8481-fbdbe9b8c929.json new file mode 100644 index 00000000000..e5570be0321 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4ef5318-51c9-4643-8481-fbdbe9b8c929.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2162dd81-687c-4cc0-bd6b-3fd8f54f183c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4ef5318-51c9-4643-8481-fbdbe9b8c929", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.7351Z", + "modified": "2025-02-27T00:38:15.7351Z", + "name": "CVE-2022-49149", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix call timer start racing with call destruction\n\nThe rxrpc_call struct has a timer used to handle various timed events\nrelating to a call. This timer can get started from the packet input\nroutines that are run in softirq mode with just the RCU read lock held.\nUnfortunately, because only the RCU read lock is held - and neither ref or\nother lock is taken - the call can start getting destroyed at the same time\na packet comes in addressed to that call. This causes the timer - which\nwas already stopped - to get restarted. Later, the timer dispatch code may\nthen oops if the timer got deallocated first.\n\nFix this by trying to take a ref on the rxrpc_call struct and, if\nsuccessful, passing that ref along to the timer. If the timer was already\nrunning, the ref is discarded.\n\nThe timer completion routine can then pass the ref along to the call's work\nitem when it queues it. If the timer or work item where already\nqueued/running, the extra ref is discarded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49149" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4f322c4-ab5b-4302-809c-f789f2f4c7b3.json b/objects/vulnerability/vulnerability--b4f322c4-ab5b-4302-809c-f789f2f4c7b3.json new file mode 100644 index 00000000000..13079fefd11 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4f322c4-ab5b-4302-809c-f789f2f4c7b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc531315-d162-43e5-b552-68edeee3ed9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4f322c4-ab5b-4302-809c-f789f2f4c7b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.254968Z", + "modified": "2025-02-27T00:38:15.254968Z", + "name": "CVE-2022-49428", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on inline_dots inode\n\nAs Wenqing reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215765\n\nIt will cause a kernel panic with steps:\n- mkdir mnt\n- mount tmp40.img mnt\n- ls mnt\n\nfolio_mark_dirty+0x33/0x50\nf2fs_add_regular_entry+0x541/0xad0 [f2fs]\nf2fs_add_dentry+0x6c/0xb0 [f2fs]\nf2fs_do_add_link+0x182/0x230 [f2fs]\n__recover_dot_dentries+0x2d6/0x470 [f2fs]\nf2fs_lookup+0x5af/0x6a0 [f2fs]\n__lookup_slow+0xac/0x200\nlookup_slow+0x45/0x70\nwalk_component+0x16c/0x250\npath_lookupat+0x8b/0x1f0\nfilename_lookup+0xef/0x250\nuser_path_at_empty+0x46/0x70\nvfs_statx+0x98/0x190\n__do_sys_newlstat+0x41/0x90\n__x64_sys_newlstat+0x1a/0x30\ndo_syscall_64+0x37/0xb0\nentry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is for special file: e.g. character, block, fifo or\nsocket file, f2fs doesn't assign address space operations pointer array\nfor mapping->a_ops field, so, in a fuzzed image, if inline_dots flag was\ntagged in special file, during lookup(), when f2fs runs into\n__recover_dot_dentries(), it will cause NULL pointer access once\nf2fs_add_regular_entry() calls a_ops->set_dirty_page().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b6b5d0bf-39ea-45f6-8896-6bc1a14082e6.json b/objects/vulnerability/vulnerability--b6b5d0bf-39ea-45f6-8896-6bc1a14082e6.json new file mode 100644 index 00000000000..6eed8f078ef --- /dev/null +++ b/objects/vulnerability/vulnerability--b6b5d0bf-39ea-45f6-8896-6bc1a14082e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8e062b8-925c-4255-9505-17eed35f7616", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b6b5d0bf-39ea-45f6-8896-6bc1a14082e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.467123Z", + "modified": "2025-02-27T00:38:15.467123Z", + "name": "CVE-2022-49406", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix potential deadlock in blk_ia_range_sysfs_show()\n\nWhen being read, a sysfs attribute is already protected against removal\nwith the kobject node active reference counter. As a result, in\nblk_ia_range_sysfs_show(), there is no need to take the queue sysfs\nlock when reading the value of a range attribute. Using the queue sysfs\nlock in this function creates a potential deadlock situation with the\ndisk removal, something that a lockdep signals with a splat when the\ndevice is removed:\n\n[ 760.703551] Possible unsafe locking scenario:\n[ 760.703551]\n[ 760.703554] CPU0 CPU1\n[ 760.703556] ---- ----\n[ 760.703558] lock(&q->sysfs_lock);\n[ 760.703565] lock(kn->active#385);\n[ 760.703573] lock(&q->sysfs_lock);\n[ 760.703579] lock(kn->active#385);\n[ 760.703587]\n[ 760.703587] *** DEADLOCK ***\n\nSolve this by removing the mutex_lock()/mutex_unlock() calls from\nblk_ia_range_sysfs_show().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b6de9c84-04b0-431f-a709-d266b1b97466.json b/objects/vulnerability/vulnerability--b6de9c84-04b0-431f-a709-d266b1b97466.json new file mode 100644 index 00000000000..2a738dcc715 --- /dev/null +++ b/objects/vulnerability/vulnerability--b6de9c84-04b0-431f-a709-d266b1b97466.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73271630-33e3-4601-a4ed-f4132bddff11", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b6de9c84-04b0-431f-a709-d266b1b97466", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.735252Z", + "modified": "2025-02-27T00:38:07.735252Z", + "name": "CVE-2025-25783", + "description": "An arbitrary file upload vulnerability in the component admin\\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7506960-1498-48fc-a41c-8a6b089698bf.json b/objects/vulnerability/vulnerability--b7506960-1498-48fc-a41c-8a6b089698bf.json new file mode 100644 index 00000000000..18d9f70f3b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7506960-1498-48fc-a41c-8a6b089698bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b6a765c-57e1-46e3-af23-0e34345f06a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7506960-1498-48fc-a41c-8a6b089698bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.558427Z", + "modified": "2025-02-27T00:38:15.558427Z", + "name": "CVE-2022-49186", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: visconti: prevent array overflow in visconti_clk_register_gates()\n\nThis code was using -1 to represent that there was no reset function.\nUnfortunately, the -1 was stored in u8 so the if (clks[i].rs_id >= 0)\ncondition was always true. This lead to an out of bounds access in\nvisconti_clk_register_gates().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49186" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7ad064d-df5c-4fd6-987e-1ecd5f3d18f2.json b/objects/vulnerability/vulnerability--b7ad064d-df5c-4fd6-987e-1ecd5f3d18f2.json new file mode 100644 index 00000000000..d6c4fefd5e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7ad064d-df5c-4fd6-987e-1ecd5f3d18f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d068d0fe-d968-41fe-95c2-ce08886a3332", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7ad064d-df5c-4fd6-987e-1ecd5f3d18f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.672044Z", + "modified": "2025-02-27T00:38:15.672044Z", + "name": "CVE-2022-49555", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Use del_timer_sync() before freeing\n\nWhile looking at a crash report on a timer list being corrupted, which\nusually happens when a timer is freed while still active. This is\ncommonly triggered by code calling del_timer() instead of\ndel_timer_sync() just before freeing.\n\nOne possible culprit is the hci_qca driver, which does exactly that.\n\nEric mentioned that wake_retrans_timer could be rearmed via the work\nqueue, so also move the destruction of the work queue before\ndel_timer_sync().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49555" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8dff9ed-5140-42a9-bb42-5429e5728729.json b/objects/vulnerability/vulnerability--b8dff9ed-5140-42a9-bb42-5429e5728729.json new file mode 100644 index 00000000000..7a43c428eb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--b8dff9ed-5140-42a9-bb42-5429e5728729.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41a5161d-0e2b-4db9-81b1-539a7c21e334", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8dff9ed-5140-42a9-bb42-5429e5728729", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.672944Z", + "modified": "2025-02-27T00:38:15.672944Z", + "name": "CVE-2022-49633", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: Fix data-races around sysctl_icmp_echo_enable_probe.\n\nWhile reading sysctl_icmp_echo_enable_probe, it can be changed\nconcurrently. Thus, we need to add READ_ONCE() to its readers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8fcf309-4e20-4e24-8f1a-e53da04868ee.json b/objects/vulnerability/vulnerability--b8fcf309-4e20-4e24-8f1a-e53da04868ee.json new file mode 100644 index 00000000000..9c606ba5c12 --- /dev/null +++ b/objects/vulnerability/vulnerability--b8fcf309-4e20-4e24-8f1a-e53da04868ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d25655ad-b138-4998-bcdc-3c124db1d9af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8fcf309-4e20-4e24-8f1a-e53da04868ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.694475Z", + "modified": "2025-02-27T00:38:15.694475Z", + "name": "CVE-2022-49397", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp: fix struct clk leak on probe errors\n\nMake sure to release the pipe clock reference in case of a late probe\nerror (e.g. probe deferral).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49397" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b92fed8a-70bb-43e6-a891-99f34848406f.json b/objects/vulnerability/vulnerability--b92fed8a-70bb-43e6-a891-99f34848406f.json new file mode 100644 index 00000000000..0b542bb13ef --- /dev/null +++ b/objects/vulnerability/vulnerability--b92fed8a-70bb-43e6-a891-99f34848406f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce51475e-22c8-4411-b836-b11626e0a820", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b92fed8a-70bb-43e6-a891-99f34848406f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.569728Z", + "modified": "2025-02-27T00:38:15.569728Z", + "name": "CVE-2022-49659", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits\n\nIn commit 1be37d3b0414 (\"can: m_can: fix periph RX path: use\nrx-offload to ensure skbs are sent from softirq context\") the RX path\nfor peripheral devices was switched to RX-offload.\n\nReceived CAN frames are pushed to RX-offload together with a\ntimestamp. RX-offload is designed to handle overflows of the timestamp\ncorrectly, if 32 bit timestamps are provided.\n\nThe timestamps of m_can core are only 16 bits wide. So this patch\nshifts them to full 32 bit before passing them to RX-offload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49659" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba3ef58c-1dfa-4cd5-8dd2-56f483bd5479.json b/objects/vulnerability/vulnerability--ba3ef58c-1dfa-4cd5-8dd2-56f483bd5479.json new file mode 100644 index 00000000000..432181ea513 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba3ef58c-1dfa-4cd5-8dd2-56f483bd5479.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3be52e84-9aec-459d-81b3-f1d37411984f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba3ef58c-1dfa-4cd5-8dd2-56f483bd5479", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.737824Z", + "modified": "2025-02-27T00:38:15.737824Z", + "name": "CVE-2022-49465", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-throttle: Set BIO_THROTTLED when bio has been throttled\n\n1.In current process, all bio will set the BIO_THROTTLED flag\nafter __blk_throtl_bio().\n\n2.If bio needs to be throttled, it will start the timer and\nstop submit bio directly. Bio will submit in\nblk_throtl_dispatch_work_fn() when the timer expires.But in\nthe current process, if bio is throttled. The BIO_THROTTLED\nwill be set to bio after timer start. If the bio has been\ncompleted, it may cause use-after-free blow.\n\nBUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70\nRead of size 2 at addr ffff88801b8902d4 by task fio/26380\n\n dump_stack+0x9b/0xce\n print_address_description.constprop.6+0x3e/0x60\n kasan_report.cold.9+0x22/0x3a\n blk_throtl_bio+0x12f0/0x2c70\n submit_bio_checks+0x701/0x1550\n submit_bio_noacct+0x83/0xc80\n submit_bio+0xa7/0x330\n mpage_readahead+0x380/0x500\n read_pages+0x1c1/0xbf0\n page_cache_ra_unbounded+0x471/0x6f0\n do_page_cache_ra+0xda/0x110\n ondemand_readahead+0x442/0xae0\n page_cache_async_ra+0x210/0x300\n generic_file_buffered_read+0x4d9/0x2130\n generic_file_read_iter+0x315/0x490\n blkdev_read_iter+0x113/0x1b0\n aio_read+0x2ad/0x450\n io_submit_one+0xc8e/0x1d60\n __se_sys_io_submit+0x125/0x350\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAllocated by task 26380:\n kasan_save_stack+0x19/0x40\n __kasan_kmalloc.constprop.2+0xc1/0xd0\n kmem_cache_alloc+0x146/0x440\n mempool_alloc+0x125/0x2f0\n bio_alloc_bioset+0x353/0x590\n mpage_alloc+0x3b/0x240\n do_mpage_readpage+0xddf/0x1ef0\n mpage_readahead+0x264/0x500\n read_pages+0x1c1/0xbf0\n page_cache_ra_unbounded+0x471/0x6f0\n do_page_cache_ra+0xda/0x110\n ondemand_readahead+0x442/0xae0\n page_cache_async_ra+0x210/0x300\n generic_file_buffered_read+0x4d9/0x2130\n generic_file_read_iter+0x315/0x490\n blkdev_read_iter+0x113/0x1b0\n aio_read+0x2ad/0x450\n io_submit_one+0xc8e/0x1d60\n __se_sys_io_submit+0x125/0x350\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nFreed by task 0:\n kasan_save_stack+0x19/0x40\n kasan_set_track+0x1c/0x30\n kasan_set_free_info+0x1b/0x30\n __kasan_slab_free+0x111/0x160\n kmem_cache_free+0x94/0x460\n mempool_free+0xd6/0x320\n bio_free+0xe0/0x130\n bio_put+0xab/0xe0\n bio_endio+0x3a6/0x5d0\n blk_update_request+0x590/0x1370\n scsi_end_request+0x7d/0x400\n scsi_io_completion+0x1aa/0xe50\n scsi_softirq_done+0x11b/0x240\n blk_mq_complete_request+0xd4/0x120\n scsi_mq_done+0xf0/0x200\n virtscsi_vq_done+0xbc/0x150\n vring_interrupt+0x179/0x390\n __handle_irq_event_percpu+0xf7/0x490\n handle_irq_event_percpu+0x7b/0x160\n handle_irq_event+0xcc/0x170\n handle_edge_irq+0x215/0xb20\n common_interrupt+0x60/0x120\n asm_common_interrupt+0x1e/0x40\n\nFix this by move BIO_THROTTLED set into the queue_lock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49465" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba8af4c1-c4c4-4fc3-bda9-341619b7f6a5.json b/objects/vulnerability/vulnerability--ba8af4c1-c4c4-4fc3-bda9-341619b7f6a5.json new file mode 100644 index 00000000000..bf502d72162 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba8af4c1-c4c4-4fc3-bda9-341619b7f6a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61cec164-c692-43f2-b86a-c559c188f9ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba8af4c1-c4c4-4fc3-bda9-341619b7f6a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.336771Z", + "modified": "2025-02-27T00:38:15.336771Z", + "name": "CVE-2022-49214", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Don't use DSISR for SLB faults\n\nSince commit 46ddcb3950a2 (\"powerpc/mm: Show if a bad page fault on data\nis read or write.\") we use page_fault_is_write(regs->dsisr) in\n__bad_page_fault() to determine if the fault is for a read or write, and\nchange the message printed accordingly.\n\nBut SLB faults, aka Data Segment Interrupts, don't set DSISR (Data\nStorage Interrupt Status Register) to a useful value. All ISA versions\nfrom v2.03 through v3.1 specify that the Data Segment Interrupt sets\nDSISR \"to an undefined value\". As far as I can see there's no mention of\nSLB faults setting DSISR in any BookIV content either.\n\nThis manifests as accesses that should be a read being incorrectly\nreported as writes, for example, using the xmon \"dump\" command:\n\n 0:mon> d 0x5deadbeef0000000\n 5deadbeef0000000\n [359526.415354][ C6] BUG: Unable to handle kernel data access on write at 0x5deadbeef0000000\n [359526.415611][ C6] Faulting instruction address: 0xc00000000010a300\n cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf400]\n pc: c00000000010a300: mread+0x90/0x190\n\nIf we disassemble the PC, we see a load instruction:\n\n 0:mon> di c00000000010a300\n c00000000010a300 89490000 lbz r10,0(r9)\n\nWe can also see in exceptions-64s.S that the data_access_slb block\ndoesn't set IDSISR=1, which means it doesn't load DSISR into pt_regs. So\nthe value we're using to determine if the fault is a read/write is some\nstale value in pt_regs from a previous page fault.\n\nRework the printing logic to separate the SLB fault case out, and only\nprint read/write in the cases where we can determine it.\n\nThe result looks like eg:\n\n 0:mon> d 0x5deadbeef0000000\n 5deadbeef0000000\n [ 721.779525][ C6] BUG: Unable to handle kernel data access at 0x5deadbeef0000000\n [ 721.779697][ C6] Faulting instruction address: 0xc00000000014cbe0\n cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]\n\n 0:mon> d 0\n 0000000000000000\n [ 742.793242][ C6] BUG: Kernel NULL pointer dereference at 0x00000000\n [ 742.793316][ C6] Faulting instruction address: 0xc00000000014cbe0\n cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49214" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--baa43694-feb9-412c-b160-9e793e6fe7e6.json b/objects/vulnerability/vulnerability--baa43694-feb9-412c-b160-9e793e6fe7e6.json new file mode 100644 index 00000000000..55dd7138f7d --- /dev/null +++ b/objects/vulnerability/vulnerability--baa43694-feb9-412c-b160-9e793e6fe7e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a40be9f-5541-40c7-a8cb-f4163d0c8193", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--baa43694-feb9-412c-b160-9e793e6fe7e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.714798Z", + "modified": "2025-02-27T00:38:07.714798Z", + "name": "CVE-2025-25462", + "description": "A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25462" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--baadcb47-544a-43cd-9567-a4ad0973f956.json b/objects/vulnerability/vulnerability--baadcb47-544a-43cd-9567-a4ad0973f956.json new file mode 100644 index 00000000000..a91ec8e4735 --- /dev/null +++ b/objects/vulnerability/vulnerability--baadcb47-544a-43cd-9567-a4ad0973f956.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e474d63-2b46-4df1-9813-79bc08032097", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--baadcb47-544a-43cd-9567-a4ad0973f956", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.796957Z", + "modified": "2025-02-27T00:38:15.796957Z", + "name": "CVE-2022-49306", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: host: Stop setting the ACPI companion\n\nIt is no longer needed. The sysdev pointer is now used when\nassigning the ACPI companions to the xHCI ports and USB\ndevices.\n\nAssigning the ACPI companion here resulted in the\nfwnode->secondary pointer to be replaced also for the parent\ndwc3 device since the primary fwnode (the ACPI companion)\nwas shared. That was unintentional and it created potential\nside effects like resource leaks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49306" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--babd60c3-8dd7-4c8f-8273-8fe4cb0e1ee9.json b/objects/vulnerability/vulnerability--babd60c3-8dd7-4c8f-8273-8fe4cb0e1ee9.json new file mode 100644 index 00000000000..bee5e6b8c84 --- /dev/null +++ b/objects/vulnerability/vulnerability--babd60c3-8dd7-4c8f-8273-8fe4cb0e1ee9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83d10a23-ad60-4515-984e-3c70906635c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--babd60c3-8dd7-4c8f-8273-8fe4cb0e1ee9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.259834Z", + "modified": "2025-02-27T00:38:15.259834Z", + "name": "CVE-2022-49062", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr\n\nUse the actual length of volume coherency data when setting the\nxattr to avoid the following KASAN report.\n\n BUG: KASAN: slab-out-of-bounds in cachefiles_set_volume_xattr+0xa0/0x350 [cachefiles]\n Write of size 4 at addr ffff888101e02af4 by task kworker/6:0/1347\n\n CPU: 6 PID: 1347 Comm: kworker/6:0 Kdump: loaded Not tainted 5.18.0-rc1-nfs-fscache-netfs+ #13\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-4.fc34 04/01/2014\n Workqueue: events fscache_create_volume_work [fscache]\n Call Trace:\n \n dump_stack_lvl+0x45/0x5a\n print_report.cold+0x5e/0x5db\n ? __lock_text_start+0x8/0x8\n ? cachefiles_set_volume_xattr+0xa0/0x350 [cachefiles]\n kasan_report+0xab/0x120\n ? cachefiles_set_volume_xattr+0xa0/0x350 [cachefiles]\n kasan_check_range+0xf5/0x1d0\n memcpy+0x39/0x60\n cachefiles_set_volume_xattr+0xa0/0x350 [cachefiles]\n cachefiles_acquire_volume+0x2be/0x500 [cachefiles]\n ? __cachefiles_free_volume+0x90/0x90 [cachefiles]\n fscache_create_volume_work+0x68/0x160 [fscache]\n process_one_work+0x3b7/0x6a0\n worker_thread+0x2c4/0x650\n ? process_one_work+0x6a0/0x6a0\n kthread+0x16c/0x1a0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \n\n Allocated by task 1347:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n cachefiles_set_volume_xattr+0x76/0x350 [cachefiles]\n cachefiles_acquire_volume+0x2be/0x500 [cachefiles]\n fscache_create_volume_work+0x68/0x160 [fscache]\n process_one_work+0x3b7/0x6a0\n worker_thread+0x2c4/0x650\n kthread+0x16c/0x1a0\n ret_from_fork+0x22/0x30\n\n The buggy address belongs to the object at ffff888101e02af0\n which belongs to the cache kmalloc-8 of size 8\n The buggy address is located 4 bytes inside of\n 8-byte region [ffff888101e02af0, ffff888101e02af8)\n\n The buggy address belongs to the physical page:\n page:00000000a2292d70 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e02\n flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)\n raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100042280\n raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888101e02980: fc 00 fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc\n ffff888101e02a00: 00 fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc 00\n >ffff888101e02a80: fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc 04 fc\n ^\n ffff888101e02b00: fc fc fc 00 fc fc fc fc 00 fc fc fc fc 00 fc fc\n ffff888101e02b80: fc fc 00 fc fc fc fc 00 fc fc fc fc 00 fc fc fc\n ==================================================================", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49062" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb2b8825-851d-4be0-9c47-0590ba6347dd.json b/objects/vulnerability/vulnerability--bb2b8825-851d-4be0-9c47-0590ba6347dd.json new file mode 100644 index 00000000000..a1b01bd85e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--bb2b8825-851d-4be0-9c47-0590ba6347dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd9aaa6a-3a6b-4c0c-8f00-f1325b097ddb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb2b8825-851d-4be0-9c47-0590ba6347dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.179367Z", + "modified": "2025-02-27T00:38:11.179367Z", + "name": "CVE-2021-47647", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: ipq8074: fix PCI-E clock oops\n\nFix PCI-E clock related kernel oops that are caused by a missing clock\nparent.\n\npcie0_rchng_clk_src has num_parents set to 2 but only one parent is\nactually set via parent_hws, it should also have \"XO\" defined.\nThis will cause the kernel to panic on a NULL pointer in\nclk_core_get_parent_by_index().\n\nSo, to fix this utilize clk_parent_data to provide gcc_xo_gpll0 parent\ndata.\nSince there is already an existing static const char * const gcc_xo_gpll0[]\nused to provide the same parents via parent_names convert those users to\nclk_parent_data as well.\n\nWithout this earlycon is needed to even catch the OOPS as it will reset\nthe board before serial is initialized with the following:\n\n[ 0.232279] Unable to handle kernel paging request at virtual address 0000a00000000000\n[ 0.232322] Mem abort info:\n[ 0.239094] ESR = 0x96000004\n[ 0.241778] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 0.244908] SET = 0, FnV = 0\n[ 0.250377] EA = 0, S1PTW = 0\n[ 0.253236] FSC = 0x04: level 0 translation fault\n[ 0.256277] Data abort info:\n[ 0.261141] ISV = 0, ISS = 0x00000004\n[ 0.264262] CM = 0, WnR = 0\n[ 0.267820] [0000a00000000000] address between user and kernel address ranges\n[ 0.270954] Internal error: Oops: 96000004 [#1] SMP\n[ 0.278067] Modules linked in:\n[ 0.282751] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.15.10 #0\n[ 0.285882] Hardware name: Xiaomi AX3600 (DT)\n[ 0.292043] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.296299] pc : clk_core_get_parent_by_index+0x68/0xec\n[ 0.303067] lr : __clk_register+0x1d8/0x820\n[ 0.308273] sp : ffffffc01111b7d0\n[ 0.312438] x29: ffffffc01111b7d0 x28: 0000000000000000 x27: 0000000000000040\n[ 0.315919] x26: 0000000000000002 x25: 0000000000000000 x24: ffffff8000308800\n[ 0.323037] x23: ffffff8000308850 x22: ffffff8000308880 x21: ffffff8000308828\n[ 0.330155] x20: 0000000000000028 x19: ffffff8000309700 x18: 0000000000000020\n[ 0.337272] x17: 000000005cc86990 x16: 0000000000000004 x15: ffffff80001d9d0a\n[ 0.344391] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000006\n[ 0.351508] x11: 0000000000000003 x10: 0101010101010101 x9 : 0000000000000000\n[ 0.358626] x8 : 7f7f7f7f7f7f7f7f x7 : 6468626f5e626266 x6 : 17000a3a403c1b06\n[ 0.365744] x5 : 061b3c403a0a0017 x4 : 0000000000000000 x3 : 0000000000000001\n[ 0.372863] x2 : 0000a00000000000 x1 : 0000000000000001 x0 : ffffff8000309700\n[ 0.379982] Call trace:\n[ 0.387091] clk_core_get_parent_by_index+0x68/0xec\n[ 0.389351] __clk_register+0x1d8/0x820\n[ 0.394210] devm_clk_hw_register+0x5c/0xe0\n[ 0.398030] devm_clk_register_regmap+0x44/0x8c\n[ 0.402198] qcom_cc_really_probe+0x17c/0x1d0\n[ 0.406711] qcom_cc_probe+0x34/0x44\n[ 0.411224] gcc_ipq8074_probe+0x18/0x30\n[ 0.414869] platform_probe+0x68/0xe0\n[ 0.418776] really_probe.part.0+0x9c/0x30c\n[ 0.422336] __driver_probe_device+0x98/0x144\n[ 0.426329] driver_probe_device+0x44/0x11c\n[ 0.430842] __device_attach_driver+0xb4/0x120\n[ 0.434836] bus_for_each_drv+0x68/0xb0\n[ 0.439349] __device_attach+0xb0/0x170\n[ 0.443081] device_initial_probe+0x14/0x20\n[ 0.446901] bus_probe_device+0x9c/0xa4\n[ 0.451067] device_add+0x35c/0x834\n[ 0.454886] of_device_add+0x54/0x64\n[ 0.458360] of_platform_device_create_pdata+0xc0/0x100\n[ 0.462181] of_platform_bus_create+0x114/0x370\n[ 0.467128] of_platform_bus_create+0x15c/0x370\n[ 0.471641] of_platform_populate+0x50/0xcc\n[ 0.476155] of_platform_default_populate_init+0xa8/0xc8\n[ 0.480324] do_one_initcall+0x50/0x1b0\n[ 0.485877] kernel_init_freeable+0x234/0x29c\n[ 0.489436] kernel_init+0x24/0x120\n[ 0.493948] ret_from_fork+0x10/0x20\n[ 0.497253] Code: d50323bf d65f03c0 f94002a2 b4000302 (f9400042)\n[ 0.501079] ---[ end trace 4ca7e1129da2abce ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb43e34b-7fd5-4f60-8fda-1ece82ef77b3.json b/objects/vulnerability/vulnerability--bb43e34b-7fd5-4f60-8fda-1ece82ef77b3.json new file mode 100644 index 00000000000..713f2b998d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--bb43e34b-7fd5-4f60-8fda-1ece82ef77b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd24f7ca-641c-464f-a325-81c42526507f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb43e34b-7fd5-4f60-8fda-1ece82ef77b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.331557Z", + "modified": "2025-02-27T00:38:04.331557Z", + "name": "CVE-2024-55581", + "description": "When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55581" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc65b553-b3a3-446e-bebe-aee3e386c531.json b/objects/vulnerability/vulnerability--bc65b553-b3a3-446e-bebe-aee3e386c531.json new file mode 100644 index 00000000000..67006799ac8 --- /dev/null +++ b/objects/vulnerability/vulnerability--bc65b553-b3a3-446e-bebe-aee3e386c531.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--016c9ec8-690c-4b1a-a6f5-dcfd76555a7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc65b553-b3a3-446e-bebe-aee3e386c531", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.359342Z", + "modified": "2025-02-27T00:38:15.359342Z", + "name": "CVE-2022-49457", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: versatile: Add missing of_node_put in dcscb_init\n\nThe device_node pointer is returned by of_find_compatible_node\nwith refcount incremented. We should use of_node_put() to avoid\nthe refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49457" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd314929-e4f1-49bc-8f4c-18e2f36d2ae6.json b/objects/vulnerability/vulnerability--bd314929-e4f1-49bc-8f4c-18e2f36d2ae6.json new file mode 100644 index 00000000000..3509081f5bd --- /dev/null +++ b/objects/vulnerability/vulnerability--bd314929-e4f1-49bc-8f4c-18e2f36d2ae6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf2f7f59-0009-4eb3-8041-864fd977f4c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd314929-e4f1-49bc-8f4c-18e2f36d2ae6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.40549Z", + "modified": "2025-02-27T00:38:15.40549Z", + "name": "CVE-2022-49602", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nip: Fix a data-race around sysctl_fwmark_reflect.\n\nWhile reading sysctl_fwmark_reflect, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its reader.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd4f571f-0373-4bde-9e7e-f7795fe53c04.json b/objects/vulnerability/vulnerability--bd4f571f-0373-4bde-9e7e-f7795fe53c04.json new file mode 100644 index 00000000000..b96c32e7d6f --- /dev/null +++ b/objects/vulnerability/vulnerability--bd4f571f-0373-4bde-9e7e-f7795fe53c04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2827cf99-db53-4dd2-bc7d-2f13a4e14897", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd4f571f-0373-4bde-9e7e-f7795fe53c04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.77574Z", + "modified": "2025-02-27T00:38:15.77574Z", + "name": "CVE-2022-49191", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmxser: fix xmit_buf leak in activate when LSR == 0xff\n\nWhen LSR is 0xff in ->activate() (rather unlike), we return an error.\nProvided ->shutdown() is not called when ->activate() fails, nothing\nactually frees the buffer in this case.\n\nFix this by properly freeing the buffer in a designated label. We jump\nthere also from the \"!info->type\" if now too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bdcf2f7f-6d9c-413a-a582-1086a9ab33eb.json b/objects/vulnerability/vulnerability--bdcf2f7f-6d9c-413a-a582-1086a9ab33eb.json new file mode 100644 index 00000000000..35691ebb87c --- /dev/null +++ b/objects/vulnerability/vulnerability--bdcf2f7f-6d9c-413a-a582-1086a9ab33eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a8b72a8-2344-41fd-8155-a8524e4c82a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bdcf2f7f-6d9c-413a-a582-1086a9ab33eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.190507Z", + "modified": "2025-02-27T00:38:11.190507Z", + "name": "CVE-2021-47652", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()\n\nI got a null-ptr-deref report:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:fb_destroy_modelist+0x38/0x100\n...\nCall Trace:\n ufx_usb_probe.cold+0x2b5/0xac1 [smscufx]\n usb_probe_interface+0x1aa/0x3c0 [usbcore]\n really_probe+0x167/0x460\n...\n ret_from_fork+0x1f/0x30\n\nIf fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will\nbe called to destroy modelist in the error handling path. But modelist\nhas not been initialized yet, so it will result in null-ptr-deref.\n\nInitialize modelist before calling fb_alloc_cmap() to fix this bug.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be193ac9-1988-47a0-a1b5-d4dc3878e972.json b/objects/vulnerability/vulnerability--be193ac9-1988-47a0-a1b5-d4dc3878e972.json new file mode 100644 index 00000000000..387cb788670 --- /dev/null +++ b/objects/vulnerability/vulnerability--be193ac9-1988-47a0-a1b5-d4dc3878e972.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d9873ab-f7f0-4965-a0e3-112b21655124", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be193ac9-1988-47a0-a1b5-d4dc3878e972", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.201807Z", + "modified": "2025-02-27T00:38:11.201807Z", + "name": "CVE-2021-47653", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: davinci: vpif: fix use-after-free on driver unbind\n\nThe driver allocates and registers two platform device structures during\nprobe, but the devices were never deregistered on driver unbind.\n\nThis results in a use-after-free on driver unbind as the device\nstructures were allocated using devres and would be freed by driver\ncore when remove() returns.\n\nFix this by adding the missing deregistration calls to the remove()\ncallback and failing probe on registration errors.\n\nNote that the platform device structures must be freed using a proper\nrelease callback to avoid leaking associated resources like device\nnames.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be71a4a1-74bc-4237-b0eb-60e0f099f65d.json b/objects/vulnerability/vulnerability--be71a4a1-74bc-4237-b0eb-60e0f099f65d.json new file mode 100644 index 00000000000..729be2cad07 --- /dev/null +++ b/objects/vulnerability/vulnerability--be71a4a1-74bc-4237-b0eb-60e0f099f65d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--251f0cf5-b242-43a5-aee3-efedf3f4d1bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be71a4a1-74bc-4237-b0eb-60e0f099f65d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.481381Z", + "modified": "2025-02-27T00:38:15.481381Z", + "name": "CVE-2022-49513", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: governor: Use kobject release() method to free dbs_data\n\nThe struct dbs_data embeds a struct gov_attr_set and\nthe struct gov_attr_set embeds a kobject. Since every kobject must have\na release() method and we can't use kfree() to free it directly,\nso introduce cpufreq_dbs_data_release() to release the dbs_data via\nthe kobject::release() method. This fixes the calltrace like below:\n\n ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x34\n WARNING: CPU: 12 PID: 810 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100\n Modules linked in:\n CPU: 12 PID: 810 Comm: sh Not tainted 5.16.0-next-20220120-yocto-standard+ #536\n Hardware name: Marvell OcteonTX CN96XX board (DT)\n pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : debug_print_object+0xb8/0x100\n lr : debug_print_object+0xb8/0x100\n sp : ffff80001dfcf9a0\n x29: ffff80001dfcf9a0 x28: 0000000000000001 x27: ffff0001464f0000\n x26: 0000000000000000 x25: ffff8000090e3f00 x24: ffff80000af60210\n x23: ffff8000094dfb78 x22: ffff8000090e3f00 x21: ffff0001080b7118\n x20: ffff80000aeb2430 x19: ffff800009e8f5e0 x18: 0000000000000000\n x17: 0000000000000002 x16: 00004d62e58be040 x15: 013590470523aff8\n x14: ffff8000090e1828 x13: 0000000001359047 x12: 00000000f5257d14\n x11: 0000000000040591 x10: 0000000066c1ffea x9 : ffff8000080d15e0\n x8 : ffff80000a1765a8 x7 : 0000000000000000 x6 : 0000000000000001\n x5 : ffff800009e8c000 x4 : ffff800009e8c760 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0001474ed040\n Call trace:\n debug_print_object+0xb8/0x100\n __debug_check_no_obj_freed+0x1d0/0x25c\n debug_check_no_obj_freed+0x24/0xa0\n kfree+0x11c/0x440\n cpufreq_dbs_governor_exit+0xa8/0xac\n cpufreq_exit_governor+0x44/0x90\n cpufreq_set_policy+0x29c/0x570\n store_scaling_governor+0x110/0x154\n store+0xb0/0xe0\n sysfs_kf_write+0x58/0x84\n kernfs_fop_write_iter+0x12c/0x1c0\n new_sync_write+0xf0/0x18c\n vfs_write+0x1cc/0x220\n ksys_write+0x74/0x100\n __arm64_sys_write+0x28/0x3c\n invoke_syscall.constprop.0+0x58/0xf0\n do_el0_svc+0x70/0x170\n el0_svc+0x54/0x190\n el0t_64_sync_handler+0xa4/0x130\n el0t_64_sync+0x1a0/0x1a4\n irq event stamp: 189006\n hardirqs last enabled at (189005): [] finish_task_switch.isra.0+0xe0/0x2c0\n hardirqs last disabled at (189006): [] el1_dbg+0x24/0xa0\n softirqs last enabled at (188966): [] __do_softirq+0x4b0/0x6a0\n softirqs last disabled at (188957): [] __irq_exit_rcu+0x108/0x1a4\n\n[ rjw: Because can be freed by the gov_attr_set_put() in\n cpufreq_dbs_governor_exit() now, it is also necessary to put the\n invocation of the governor ->exit() callback into the new\n cpufreq_dbs_data_release() function. ]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49513" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--becfaec2-8a44-4821-9979-a646ad75ed76.json b/objects/vulnerability/vulnerability--becfaec2-8a44-4821-9979-a646ad75ed76.json new file mode 100644 index 00000000000..f9b36181ba9 --- /dev/null +++ b/objects/vulnerability/vulnerability--becfaec2-8a44-4821-9979-a646ad75ed76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c1dbac4-c2a6-45e5-a8f7-6b701419476b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--becfaec2-8a44-4821-9979-a646ad75ed76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.530853Z", + "modified": "2025-02-27T00:38:15.530853Z", + "name": "CVE-2022-49364", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to clear dirty inode in f2fs_evict_inode()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215904\n\nThe kernel message is shown below:\n\nkernel BUG at fs/f2fs/inode.c:825!\nCall Trace:\n evict+0x282/0x4e0\n __dentry_kill+0x2b2/0x4d0\n shrink_dentry_list+0x17c/0x4f0\n shrink_dcache_parent+0x143/0x1e0\n do_one_tree+0x9/0x30\n shrink_dcache_for_umount+0x51/0x120\n generic_shutdown_super+0x5c/0x3a0\n kill_block_super+0x90/0xd0\n kill_f2fs_super+0x225/0x310\n deactivate_locked_super+0x78/0xc0\n cleanup_mnt+0x2b7/0x480\n task_work_run+0xc8/0x150\n exit_to_user_mode_prepare+0x14a/0x150\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0x90\n\nThe root cause is: inode node and dnode node share the same nid,\nso during f2fs_evict_inode(), dnode node truncation will invalidate\nits NAT entry, so when truncating inode node, it fails due to\ninvalid NAT entry, result in inode is still marked as dirty, fix\nthis issue by clearing dirty for inode and setting SBI_NEED_FSCK\nflag in filesystem.\n\noutput from dump.f2fs:\n[print_node_info: 354] Node ID [0xf:15] is inode\ni_nid[0] \t\t[0x f : 15]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--beedea92-5e45-47f6-9628-6871d18f2687.json b/objects/vulnerability/vulnerability--beedea92-5e45-47f6-9628-6871d18f2687.json new file mode 100644 index 00000000000..6acef690708 --- /dev/null +++ b/objects/vulnerability/vulnerability--beedea92-5e45-47f6-9628-6871d18f2687.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a85858a-ea15-4171-8bd0-20040a09b24a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--beedea92-5e45-47f6-9628-6871d18f2687", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.787931Z", + "modified": "2025-02-27T00:38:15.787931Z", + "name": "CVE-2022-49178", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/mspro_block: fix handling of read-only devices\n\nUse set_disk_ro to propagate the read-only state to the block layer\ninstead of checking for it in ->open and leaking a reference in case\nof a read-only device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf5ae0fa-f443-4c9d-be77-86c92d57a297.json b/objects/vulnerability/vulnerability--bf5ae0fa-f443-4c9d-be77-86c92d57a297.json new file mode 100644 index 00000000000..5e93856c5fc --- /dev/null +++ b/objects/vulnerability/vulnerability--bf5ae0fa-f443-4c9d-be77-86c92d57a297.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e135ce1-8f7b-4d27-82d3-3348735f0ade", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf5ae0fa-f443-4c9d-be77-86c92d57a297", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.593555Z", + "modified": "2025-02-27T00:38:15.593555Z", + "name": "CVE-2022-49629", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnexthop: Fix data-races around nexthop_compat_mode.\n\nWhile reading nexthop_compat_mode, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its readers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf73b121-9941-49e8-88b9-1aee2b0c1a6a.json b/objects/vulnerability/vulnerability--bf73b121-9941-49e8-88b9-1aee2b0c1a6a.json new file mode 100644 index 00000000000..627b74a1af2 --- /dev/null +++ b/objects/vulnerability/vulnerability--bf73b121-9941-49e8-88b9-1aee2b0c1a6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1790ebaf-3b77-47aa-a0c3-66d2be00ba9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf73b121-9941-49e8-88b9-1aee2b0c1a6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.577279Z", + "modified": "2025-02-27T00:38:15.577279Z", + "name": "CVE-2022-49641", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix data races in proc_douintvec().\n\nA sysctl variable is accessed concurrently, and there is always a chance\nof data-race. So, all readers and writers need some basic protection to\navoid load/store-tearing.\n\nThis patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE()\ninternally to fix data-races on the sysctl side. For now, proc_douintvec()\nitself is tolerant to a data-race, but we still need to add annotations on\nthe other subsystem's side.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0247461-a003-4b54-9398-78559044ff21.json b/objects/vulnerability/vulnerability--c0247461-a003-4b54-9398-78559044ff21.json new file mode 100644 index 00000000000..f0a02394b02 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0247461-a003-4b54-9398-78559044ff21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--090808bf-8790-49f3-ab3c-dfd958682684", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0247461-a003-4b54-9398-78559044ff21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.582038Z", + "modified": "2025-02-27T00:38:15.582038Z", + "name": "CVE-2022-49261", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: add missing boundary check in vm_access\n\nA missing bounds check in vm_access() can lead to an out-of-bounds read\nor write in the adjacent memory area, since the len attribute is not\nvalidated before the memcpy later in the function, potentially hitting:\n\n[ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000\n[ 183.637934] #PF: supervisor read access in kernel mode\n[ 183.637997] #PF: error_code(0x0000) - not-present page\n[ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0\n[ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI\n[ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1\n[ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019\n[ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10\n[ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246\n[ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc\n[ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004\n[ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000\n[ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000\n[ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000\n[ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000\n[ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0\n[ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 183.650142] Call Trace:\n[ 183.650988] \n[ 183.651793] vm_access+0x1f0/0x2a0 [i915]\n[ 183.652726] __access_remote_vm+0x224/0x380\n[ 183.653561] mem_rw.isra.0+0xf9/0x190\n[ 183.654402] vfs_read+0x9d/0x1b0\n[ 183.655238] ksys_read+0x63/0xe0\n[ 183.656065] do_syscall_64+0x38/0xc0\n[ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 183.657663] RIP: 0033:0x7fe5ef725142\n[ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142\n[ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005\n[ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046\n[ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0\n[ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000\n\nChanges since v1:\n - Updated if condition with range_overflows_t [Chris Wilson]\n\n[mauld: tidy up the commit message and add Cc: stable]\n(cherry picked from commit 661412e301e2ca86799aa4f400d1cf0bd38c57c6)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49261" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c04f2f76-0365-43e9-ba86-bfd0538f5962.json b/objects/vulnerability/vulnerability--c04f2f76-0365-43e9-ba86-bfd0538f5962.json new file mode 100644 index 00000000000..d125bbc08c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--c04f2f76-0365-43e9-ba86-bfd0538f5962.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--304cf75c-a3a4-4189-92fd-2dc169022d32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c04f2f76-0365-43e9-ba86-bfd0538f5962", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.770237Z", + "modified": "2025-02-27T00:38:15.770237Z", + "name": "CVE-2022-49341", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Clear prog->jited_len along prog->jited\n\nsyzbot reported an illegal copy_to_user() attempt\nfrom bpf_prog_get_info_by_fd() [1]\n\nThere was no repro yet on this bug, but I think\nthat commit 0aef499f3172 (\"mm/usercopy: Detect vmalloc overruns\")\nis exposing a prior bug in bpf arm64.\n\nbpf_prog_get_info_by_fd() looks at prog->jited_len\nto determine if the JIT image can be copied out to user space.\n\nMy theory is that syzbot managed to get a prog where prog->jited_len\nhas been set to 43, while prog->bpf_func has ben cleared.\n\nIt is not clear why copy_to_user(uinsns, NULL, ulen) is triggering\nthis particular warning.\n\nI thought find_vma_area(NULL) would not find a vm_struct.\nAs we do not hold vmap_area_lock spinlock, it might be possible\nthat the found vm_struct was garbage.\n\n[1]\nusercopy: Kernel memory exposure attempt detected from vmalloc (offset 792633534417210172, size 43)!\nkernel BUG at mm/usercopy.c:101!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 25002 Comm: syz-executor.1 Not tainted 5.18.0-syzkaller-10139-g8291eaafed36 #0\nHardware name: linux,dummy-virt (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usercopy_abort+0x90/0x94 mm/usercopy.c:101\nlr : usercopy_abort+0x90/0x94 mm/usercopy.c:89\nsp : ffff80000b773a20\nx29: ffff80000b773a30 x28: faff80000b745000 x27: ffff80000b773b48\nx26: 0000000000000000 x25: 000000000000002b x24: 0000000000000000\nx23: 00000000000000e0 x22: ffff80000b75db67 x21: 0000000000000001\nx20: 000000000000002b x19: ffff80000b75db3c x18: 00000000fffffffd\nx17: 2820636f6c6c616d x16: 76206d6f72662064 x15: 6574636574656420\nx14: 74706d6574746120 x13: 2129333420657a69 x12: 73202c3237313031\nx11: 3237313434333533 x10: 3336323937207465 x9 : 657275736f707865\nx8 : ffff80000a30c550 x7 : ffff80000b773830 x6 : ffff80000b773830\nx5 : 0000000000000000 x4 : ffff00007fbbaa10 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : f7ff000028fc0000 x0 : 0000000000000064\nCall trace:\n usercopy_abort+0x90/0x94 mm/usercopy.c:89\n check_heap_object mm/usercopy.c:186 [inline]\n __check_object_size mm/usercopy.c:252 [inline]\n __check_object_size+0x198/0x36c mm/usercopy.c:214\n check_object_size include/linux/thread_info.h:199 [inline]\n check_copy_size include/linux/thread_info.h:235 [inline]\n copy_to_user include/linux/uaccess.h:159 [inline]\n bpf_prog_get_info_by_fd.isra.0+0xf14/0xfdc kernel/bpf/syscall.c:3993\n bpf_obj_get_info_by_fd+0x12c/0x510 kernel/bpf/syscall.c:4253\n __sys_bpf+0x900/0x2150 kernel/bpf/syscall.c:4956\n __do_sys_bpf kernel/bpf/syscall.c:5021 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5019 [inline]\n __arm64_sys_bpf+0x28/0x40 kernel/bpf/syscall.c:5019\n __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\n invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52\n el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142\n do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206\n el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624\n el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581\nCode: aa0003e3 d00038c0 91248000 97fff65f (d4210000)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0548685-58bf-4117-9184-7d5667fd3e76.json b/objects/vulnerability/vulnerability--c0548685-58bf-4117-9184-7d5667fd3e76.json new file mode 100644 index 00000000000..18c2f75add9 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0548685-58bf-4117-9184-7d5667fd3e76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1c5cff0-90c3-4a4d-97b7-abd605870249", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0548685-58bf-4117-9184-7d5667fd3e76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.629548Z", + "modified": "2025-02-27T00:38:15.629548Z", + "name": "CVE-2022-49511", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: defio: fix the pagelist corruption\n\nEasily hit the below list corruption:\n==\nlist_add corruption. prev->next should be next (ffffffffc0ceb090), but\nwas ffffec604507edc8. (prev=ffffec604507edc8).\nWARNING: CPU: 65 PID: 3959 at lib/list_debug.c:26\n__list_add_valid+0x53/0x80\nCPU: 65 PID: 3959 Comm: fbdev Tainted: G U\nRIP: 0010:__list_add_valid+0x53/0x80\nCall Trace:\n \n fb_deferred_io_mkwrite+0xea/0x150\n do_page_mkwrite+0x57/0xc0\n do_wp_page+0x278/0x2f0\n __handle_mm_fault+0xdc2/0x1590\n handle_mm_fault+0xdd/0x2c0\n do_user_addr_fault+0x1d3/0x650\n exc_page_fault+0x77/0x180\n ? asm_exc_page_fault+0x8/0x30\n asm_exc_page_fault+0x1e/0x30\nRIP: 0033:0x7fd98fc8fad1\n==\n\nFigure out the race happens when one process is adding &page->lru into\nthe pagelist tail in fb_deferred_io_mkwrite(), another process is\nre-initializing the same &page->lru in fb_deferred_io_fault(), which is\nnot protected by the lock.\n\nThis fix is to init all the page lists one time during initialization,\nit not only fixes the list corruption, but also avoids INIT_LIST_HEAD()\nredundantly.\n\nV2: change \"int i\" to \"unsigned int i\" (Geert Uytterhoeven)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1f26cf3-b33a-4c62-a36d-550afd8e6ac9.json b/objects/vulnerability/vulnerability--c1f26cf3-b33a-4c62-a36d-550afd8e6ac9.json new file mode 100644 index 00000000000..38bc558b6de --- /dev/null +++ b/objects/vulnerability/vulnerability--c1f26cf3-b33a-4c62-a36d-550afd8e6ac9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af3015a4-9c07-4ead-b713-2e515451e766", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1f26cf3-b33a-4c62-a36d-550afd8e6ac9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.779669Z", + "modified": "2025-02-27T00:38:15.779669Z", + "name": "CVE-2022-49047", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix UAF in ep93xx_clk_register_gate()\n\narch/arm/mach-ep93xx/clock.c:154:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]\narch/arm/mach-ep93xx/clock.c:151:2: note: Taking true branch\nif (IS_ERR(clk))\n^\narch/arm/mach-ep93xx/clock.c:152:3: note: Memory is released\nkfree(psc);\n^~~~~~~~~~\narch/arm/mach-ep93xx/clock.c:154:2: note: Use of memory after it is freed\nreturn &psc->hw;\n^ ~~~~~~~~", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49047" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2256f5c-a36b-4220-bc64-bb7700ddb887.json b/objects/vulnerability/vulnerability--c2256f5c-a36b-4220-bc64-bb7700ddb887.json new file mode 100644 index 00000000000..649bf0b11db --- /dev/null +++ b/objects/vulnerability/vulnerability--c2256f5c-a36b-4220-bc64-bb7700ddb887.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c46f59ed-9b15-4c53-a51e-087021120312", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2256f5c-a36b-4220-bc64-bb7700ddb887", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.764265Z", + "modified": "2025-02-27T00:38:01.764265Z", + "name": "CVE-2024-39441", + "description": "In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39441" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c22e9482-c611-410b-b0b5-05c6393f682a.json b/objects/vulnerability/vulnerability--c22e9482-c611-410b-b0b5-05c6393f682a.json new file mode 100644 index 00000000000..0a428a91a37 --- /dev/null +++ b/objects/vulnerability/vulnerability--c22e9482-c611-410b-b0b5-05c6393f682a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--123daddf-438f-40c1-b59a-d6af4348d04b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c22e9482-c611-410b-b0b5-05c6393f682a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.258784Z", + "modified": "2025-02-27T00:38:15.258784Z", + "name": "CVE-2022-49325", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add accessors to read/set tp->snd_cwnd\n\nWe had various bugs over the years with code\nbreaking the assumption that tp->snd_cwnd is greater\nthan zero.\n\nLately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added\nin commit 8b8a321ff72c (\"tcp: fix zero cwnd in tcp_cwnd_reduction\")\ncan trigger, and without a repro we would have to spend\nconsiderable time finding the bug.\n\nInstead of complaining too late, we want to catch where\nand when tp->snd_cwnd is set to an illegal value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c25d9a07-e7fa-4092-8111-e1292c00af38.json b/objects/vulnerability/vulnerability--c25d9a07-e7fa-4092-8111-e1292c00af38.json new file mode 100644 index 00000000000..842a35a3dd2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c25d9a07-e7fa-4092-8111-e1292c00af38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6dfef764-2cae-4a92-be91-704dc3009ac4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c25d9a07-e7fa-4092-8111-e1292c00af38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.711562Z", + "modified": "2025-02-27T00:38:15.711562Z", + "name": "CVE-2022-49614", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: use struct group for generic command dwords\n\nThis will allow the trace event to know the full size of the data\nintended to be copied and silence read overflow checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c27d1d48-a8e8-4d5a-9326-c10c4eca79d1.json b/objects/vulnerability/vulnerability--c27d1d48-a8e8-4d5a-9326-c10c4eca79d1.json new file mode 100644 index 00000000000..50a57c157ea --- /dev/null +++ b/objects/vulnerability/vulnerability--c27d1d48-a8e8-4d5a-9326-c10c4eca79d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--569b526c-933b-4432-b48e-dd7dbaeeda74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c27d1d48-a8e8-4d5a-9326-c10c4eca79d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.47762Z", + "modified": "2025-02-27T00:38:15.47762Z", + "name": "CVE-2022-49263", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path\n\nThis avoids leaking memory if brcmf_chip_get_raminfo fails. Note that\nthe CLM blob is released in the device remove path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49263" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2994c25-4158-4af5-8b0e-a3c1ba315308.json b/objects/vulnerability/vulnerability--c2994c25-4158-4af5-8b0e-a3c1ba315308.json new file mode 100644 index 00000000000..e665deb96b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2994c25-4158-4af5-8b0e-a3c1ba315308.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42add561-0b39-4f2b-8c69-3f3aff0bef8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2994c25-4158-4af5-8b0e-a3c1ba315308", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.297082Z", + "modified": "2025-02-27T00:38:15.297082Z", + "name": "CVE-2022-49197", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_netlink: Fix shift out of bounds in group mask calculation\n\nWhen a netlink message is received, netlink_recvmsg() fills in the address\nof the sender. One of the fields is the 32-bit bitfield nl_groups, which\ncarries the multicast group on which the message was received. The least\nsignificant bit corresponds to group 1, and therefore the highest group\nthat the field can represent is 32. Above that, the UB sanitizer flags the\nout-of-bounds shift attempts.\n\nWhich bits end up being set in such case is implementation defined, but\nit's either going to be a wrong non-zero value, or zero, which is at least\nnot misleading. Make the latter choice deterministic by always setting to 0\nfor higher-numbered multicast groups.\n\nTo get information about membership in groups >= 32, userspace is expected\nto use nl_pktinfo control messages[0], which are enabled by NETLINK_PKTINFO\nsocket option.\n[0] https://lwn.net/Articles/147608/\n\nThe way to trigger this issue is e.g. through monitoring the BRVLAN group:\n\n\t# bridge monitor vlan &\n\t# ip link add name br type bridge\n\nWhich produces the following citation:\n\n\tUBSAN: shift-out-of-bounds in net/netlink/af_netlink.c:162:19\n\tshift exponent 32 is too large for 32-bit type 'int'", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49197" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c302755a-f9a6-401f-8992-9bcf048a70ae.json b/objects/vulnerability/vulnerability--c302755a-f9a6-401f-8992-9bcf048a70ae.json new file mode 100644 index 00000000000..4cc7123b6a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c302755a-f9a6-401f-8992-9bcf048a70ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c193edd-f703-4043-bac1-dc9c27ccc613", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c302755a-f9a6-401f-8992-9bcf048a70ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.609462Z", + "modified": "2025-02-27T00:38:15.609462Z", + "name": "CVE-2022-49518", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload\n\nIt is possible to craft a topology where sof_get_control_data() would do\nout of bounds access because it expects that it is only called when the\npayload is bytes type.\nConfusingly it also handles other types of controls, but the payload\nparsing implementation is only valid for bytes.\n\nFix the code to count the non bytes controls and instead of storing a\npointer to sof_abi_hdr in sof_widget_data (which is only valid for bytes),\nstore the pointer to the data itself and add a new member to save the size\nof the data.\n\nIn case of non bytes controls we store the pointer to the chanv itself,\nwhich is just an array of values at the end.\n\nIn case of bytes control, drop the wrong cdata->data (wdata[i].pdata) check\nagainst NULL since it is incorrect and invalid in this context.\nThe data is pointing to the end of cdata struct, so it should never be\nnull.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c37b682e-2152-4720-a765-73bc485fa791.json b/objects/vulnerability/vulnerability--c37b682e-2152-4720-a765-73bc485fa791.json new file mode 100644 index 00000000000..11d8a2238a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--c37b682e-2152-4720-a765-73bc485fa791.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ae23cdb-2457-4844-b84e-73343d84b3cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c37b682e-2152-4720-a765-73bc485fa791", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.421976Z", + "modified": "2025-02-27T00:38:15.421976Z", + "name": "CVE-2022-49683", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3ff4373-7673-49ee-881e-7c692b544d39.json b/objects/vulnerability/vulnerability--c3ff4373-7673-49ee-881e-7c692b544d39.json new file mode 100644 index 00000000000..378ad51f2cb --- /dev/null +++ b/objects/vulnerability/vulnerability--c3ff4373-7673-49ee-881e-7c692b544d39.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0059c2d-d10f-4617-85ef-7616bd444436", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3ff4373-7673-49ee-881e-7c692b544d39", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.724771Z", + "modified": "2025-02-27T00:38:15.724771Z", + "name": "CVE-2022-49551", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: isp1760: Fix out-of-bounds array access\n\nRunning the driver through kasan gives an interesting splat:\n\n BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c\n Read of size 20 at addr f1db2e64 by task swapper/0/1\n (...)\n isp1760_register from isp1760_plat_probe+0x1d8/0x220\n (...)\n\nThis happens because the loop reading the regmap fields for the\ndifferent ISP1760 variants look like this:\n\n for (i = 0; i < HC_FIELD_MAX; i++) { ... }\n\nMeaning it expects the arrays to be at least HC_FIELD_MAX - 1 long.\n\nHowever the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],\nisp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are\ndynamically sized during compilation.\n\nFix this by putting an empty assignment to the [HC_FIELD_MAX]\nand [DC_FIELD_MAX] array member at the end of each array.\nThis will make the array one member longer than it needs to be,\nbut avoids the risk of overwriting whatever is inside\n[HC_FIELD_MAX - 1] and is simple and intuitive to read. Also\nadd comments explaining what is going on.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49551" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c44e1541-d249-4403-a8a0-94fc53e0bc66.json b/objects/vulnerability/vulnerability--c44e1541-d249-4403-a8a0-94fc53e0bc66.json new file mode 100644 index 00000000000..3964ef5a52f --- /dev/null +++ b/objects/vulnerability/vulnerability--c44e1541-d249-4403-a8a0-94fc53e0bc66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--932651d9-6dd8-4ccd-9681-21cd1759db57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c44e1541-d249-4403-a8a0-94fc53e0bc66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.387596Z", + "modified": "2025-02-27T00:38:15.387596Z", + "name": "CVE-2022-49307", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: synclink_gt: Fix null-pointer-dereference in slgt_clean()\n\nWhen the driver fails at alloc_hdlcdev(), and then we remove the driver\nmodule, we will get the following splat:\n\n[ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17]\n[ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0\n[ 25.077709] Call Trace:\n[ 25.077924] \n[ 25.078108] unregister_hdlc_device+0x16/0x30\n[ 25.078481] slgt_cleanup+0x157/0x9f0 [synclink_gt]\n\nFix this by checking whether the 'info->netdev' is a null pointer first.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49307" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5164ba9-41e7-4090-987a-93aa524820e9.json b/objects/vulnerability/vulnerability--c5164ba9-41e7-4090-987a-93aa524820e9.json new file mode 100644 index 00000000000..e53a6e2e4ee --- /dev/null +++ b/objects/vulnerability/vulnerability--c5164ba9-41e7-4090-987a-93aa524820e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ca88b2a-68f0-4658-b907-aa9a2f89bbdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5164ba9-41e7-4090-987a-93aa524820e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.366885Z", + "modified": "2025-02-27T00:38:15.366885Z", + "name": "CVE-2022-49058", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: potential buffer overflow in handling symlinks\n\nSmatch printed a warning:\n\tarch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:\n\t__memcpy() 'dctx->buf' too small (16 vs u32max)\n\nIt's caused because Smatch marks 'link_len' as untrusted since it comes\nfrom sscanf(). Add a check to ensure that 'link_len' is not larger than\nthe size of the 'link_str' buffer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5e10a8a-e63c-4ca2-bd54-51b75339e8ef.json b/objects/vulnerability/vulnerability--c5e10a8a-e63c-4ca2-bd54-51b75339e8ef.json new file mode 100644 index 00000000000..f1e8d3a058d --- /dev/null +++ b/objects/vulnerability/vulnerability--c5e10a8a-e63c-4ca2-bd54-51b75339e8ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5237ff8-c452-42dc-a16f-083996b73059", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5e10a8a-e63c-4ca2-bd54-51b75339e8ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.184146Z", + "modified": "2025-02-27T00:38:11.184146Z", + "name": "CVE-2021-47637", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix deadlock in concurrent rename whiteout and inode writeback\n\nFollowing hung tasks:\n[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132\n[ 77.028820] Call Trace:\n[ 77.029027] schedule+0x8c/0x1b0\n[ 77.029067] mutex_lock+0x50/0x60\n[ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs]\n[ 77.029117] __writeback_single_inode+0x43c/0x570\n[ 77.029128] writeback_sb_inodes+0x259/0x740\n[ 77.029148] wb_writeback+0x107/0x4d0\n[ 77.029163] wb_workfn+0x162/0x7b0\n\n[ 92.390442] task:aa state:D stack: 0 pid: 1506\n[ 92.390448] Call Trace:\n[ 92.390458] schedule+0x8c/0x1b0\n[ 92.390461] wb_wait_for_completion+0x82/0xd0\n[ 92.390469] __writeback_inodes_sb_nr+0xb2/0x110\n[ 92.390472] writeback_inodes_sb_nr+0x14/0x20\n[ 92.390476] ubifs_budget_space+0x705/0xdd0 [ubifs]\n[ 92.390503] do_rename.cold+0x7f/0x187 [ubifs]\n[ 92.390549] ubifs_rename+0x8b/0x180 [ubifs]\n[ 92.390571] vfs_rename+0xdb2/0x1170\n[ 92.390580] do_renameat2+0x554/0x770\n\n, are caused by concurrent rename whiteout and inode writeback processes:\n\trename_whiteout(Thread 1)\t wb_workfn(Thread2)\nubifs_rename\n do_rename\n lock_4_inodes (Hold ui_mutex)\n ubifs_budget_space\n make_free_space\n shrink_liability\n\t __writeback_inodes_sb_nr\n\t bdi_split_work_to_wbs (Queue new wb work)\n\t\t\t\t\t wb_do_writeback(wb work)\n\t\t\t\t\t\t__writeback_single_inode\n\t\t\t\t\t ubifs_write_inode\n\t\t\t\t\t LOCK(ui_mutex)\n\t\t\t\t\t\t\t ↑\n\t wb_wait_for_completion (Wait wb work) <-- deadlock!\n\nReproducer (Detail program in [Link]):\n 1. SYS_renameat2(\"/mp/dir/file\", \"/mp/dir/whiteout\", RENAME_WHITEOUT)\n 2. Consume out of space before kernel(mdelay) doing budget for whiteout\n\nFix it by doing whiteout space budget before locking ubifs inodes.\nBTW, it also fixes wrong goto tag 'out_release' in whiteout budget\nerror handling path(It should at least recover dir i_size and unlock\n4 ubifs inodes).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5f22169-bccd-4ddb-839b-c99394541ba8.json b/objects/vulnerability/vulnerability--c5f22169-bccd-4ddb-839b-c99394541ba8.json new file mode 100644 index 00000000000..9d84349ebd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5f22169-bccd-4ddb-839b-c99394541ba8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f818a11-cc93-40dd-8e83-1114c0d7f487", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5f22169-bccd-4ddb-839b-c99394541ba8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.280858Z", + "modified": "2025-02-27T00:38:15.280858Z", + "name": "CVE-2022-49510", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/omap: fix NULL but dereferenced coccicheck error\n\nFix the following coccicheck warning:\n./drivers/gpu/drm/omapdrm/omap_overlay.c:89:22-25: ERROR: r_ovl is NULL\nbut dereferenced.\n\nHere should be ovl->idx rather than r_ovl->idx.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c63b9e60-510e-41c2-9094-a5a5e0778b39.json b/objects/vulnerability/vulnerability--c63b9e60-510e-41c2-9094-a5a5e0778b39.json new file mode 100644 index 00000000000..21b3d66c89b --- /dev/null +++ b/objects/vulnerability/vulnerability--c63b9e60-510e-41c2-9094-a5a5e0778b39.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7f21bd4-6366-431f-805e-cfd43a145545", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c63b9e60-510e-41c2-9094-a5a5e0778b39", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.589727Z", + "modified": "2025-02-27T00:38:15.589727Z", + "name": "CVE-2022-49643", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix a potential integer overflow in ima_appraise_measurement\n\nWhen the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be\nnegative, which may cause the integer overflow problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8389b89-5daf-4cd3-949d-7ecb6a3ed1f2.json b/objects/vulnerability/vulnerability--c8389b89-5daf-4cd3-949d-7ecb6a3ed1f2.json new file mode 100644 index 00000000000..97c565ccf77 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8389b89-5daf-4cd3-949d-7ecb6a3ed1f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--626d9a9a-d923-464c-888f-24fab3788554", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8389b89-5daf-4cd3-949d-7ecb6a3ed1f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.409426Z", + "modified": "2025-02-27T00:38:15.409426Z", + "name": "CVE-2022-49102", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs: fix possible memory leak in MMU DR fini\n\nThis patch fixes what seems to be copy paste error.\n\nWe will have a memory leak if the host-resident shadow is NULL (which\nwill likely happen as the DR and HR are not dependent).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49102" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8459d68-8a91-4b85-96fc-792327fd33ca.json b/objects/vulnerability/vulnerability--c8459d68-8a91-4b85-96fc-792327fd33ca.json new file mode 100644 index 00000000000..ea2f3d00d16 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8459d68-8a91-4b85-96fc-792327fd33ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f0e8386-466d-4341-9a66-4e8bde6ac226", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8459d68-8a91-4b85-96fc-792327fd33ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.428778Z", + "modified": "2025-02-27T00:38:15.428778Z", + "name": "CVE-2022-49238", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: free peer for station when disconnect from AP for QCA6390/WCN6855\n\nCommit b4a0f54156ac (\"ath11k: move peer delete after vdev stop of station\nfor QCA6390 and WCN6855\") is to fix firmware crash by changing the WMI\ncommand sequence, but actually skip all the peer delete operation, then\nit lead commit 58595c9874c6 (\"ath11k: Fixing dangling pointer issue upon\npeer delete failure\") not take effect, and then happened a use-after-free\nwarning from KASAN. because the peer->sta is not set to NULL and then used\nlater.\n\nChange to only skip the WMI_PEER_DELETE_CMDID for QCA6390/WCN6855.\n\nlog of user-after-free:\n\n[ 534.888665] BUG: KASAN: use-after-free in ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888696] Read of size 8 at addr ffff8881396bb1b8 by task rtcwake/2860\n\n[ 534.888705] CPU: 4 PID: 2860 Comm: rtcwake Kdump: loaded Tainted: G W 5.15.0-wt-ath+ #523\n[ 534.888712] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\n[ 534.888716] Call Trace:\n[ 534.888720] \n[ 534.888726] dump_stack_lvl+0x57/0x7d\n[ 534.888736] print_address_description.constprop.0+0x1f/0x170\n[ 534.888745] ? ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888771] kasan_report.cold+0x83/0xdf\n[ 534.888783] ? ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888810] ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888840] ath11k_dp_rx_process_mon_status+0x529/0xa70 [ath11k]\n[ 534.888874] ? ath11k_dp_rx_mon_status_bufs_replenish+0x3f0/0x3f0 [ath11k]\n[ 534.888897] ? check_prev_add+0x20f0/0x20f0\n[ 534.888922] ? __lock_acquire+0xb72/0x1870\n[ 534.888937] ? find_held_lock+0x33/0x110\n[ 534.888954] ath11k_dp_rx_process_mon_rings+0x297/0x520 [ath11k]\n[ 534.888981] ? rcu_read_unlock+0x40/0x40\n[ 534.888990] ? ath11k_dp_rx_pdev_alloc+0xd90/0xd90 [ath11k]\n[ 534.889026] ath11k_dp_service_mon_ring+0x67/0xe0 [ath11k]\n[ 534.889053] ? ath11k_dp_rx_process_mon_rings+0x520/0x520 [ath11k]\n[ 534.889075] call_timer_fn+0x167/0x4a0\n[ 534.889084] ? add_timer_on+0x3b0/0x3b0\n[ 534.889103] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370\n[ 534.889117] __run_timers.part.0+0x539/0x8b0\n[ 534.889123] ? ath11k_dp_rx_process_mon_rings+0x520/0x520 [ath11k]\n[ 534.889157] ? call_timer_fn+0x4a0/0x4a0\n[ 534.889164] ? mark_lock_irq+0x1c30/0x1c30\n[ 534.889173] ? clockevents_program_event+0xdd/0x280\n[ 534.889189] ? mark_held_locks+0xa5/0xe0\n[ 534.889203] run_timer_softirq+0x97/0x180\n[ 534.889213] __do_softirq+0x276/0x86a\n[ 534.889230] __irq_exit_rcu+0x11c/0x180\n[ 534.889238] irq_exit_rcu+0x5/0x20\n[ 534.889244] sysvec_apic_timer_interrupt+0x8e/0xc0\n[ 534.889251] \n[ 534.889254] \n[ 534.889259] asm_sysvec_apic_timer_interrupt+0x12/0x20\n[ 534.889265] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70\n[ 534.889271] Code: 74 24 10 e8 ea c2 bf fd 48 89 ef e8 12 53 c0 fd 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 13 a7 b5 fd 65 8b 05 cc d9 9c 5e 85 c0 74 0a 5b 5d c3 e8 a0 ee\n[ 534.889276] RSP: 0018:ffffc90002e5f880 EFLAGS: 00000206\n[ 534.889284] RAX: 0000000000000006 RBX: 0000000000000200 RCX: ffffffff9f256f10\n[ 534.889289] RDX: 0000000000000000 RSI: ffffffffa1c6e420 RDI: 0000000000000001\n[ 534.889293] RBP: ffff8881095e6200 R08: 0000000000000001 R09: ffffffffa40d2b8f\n[ 534.889298] R10: fffffbfff481a571 R11: 0000000000000001 R12: ffff8881095e6e68\n[ 534.889302] R13: ffffc90002e5f908 R14: 0000000000000246 R15: 0000000000000000\n[ 534.889316] ? mark_lock+0xd0/0x14a0\n[ 534.889332] klist_next+0x1d4/0x450\n[ 534.889340] ? dpm_wait_for_subordinate+0x2d0/0x2d0\n[ 534.889350] device_for_each_child+0xa8/0x140\n[ 534.889360] ? device_remove_class_symlinks+0x1b0/0x1b0\n[ 534.889370] ? __lock_release+0x4bd/0x9f0\n[ 534.889378] ? dpm_suspend+0x26b/0x3f0\n[ 534.889390] dpm_wait_for_subordinate+\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c886c2b2-d6f2-4923-856c-2b1b32d8fec7.json b/objects/vulnerability/vulnerability--c886c2b2-d6f2-4923-856c-2b1b32d8fec7.json new file mode 100644 index 00000000000..39f417a044c --- /dev/null +++ b/objects/vulnerability/vulnerability--c886c2b2-d6f2-4923-856c-2b1b32d8fec7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--656ae006-b361-4864-831c-f20a09d189d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c886c2b2-d6f2-4923-856c-2b1b32d8fec7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.489017Z", + "modified": "2025-02-27T00:38:15.489017Z", + "name": "CVE-2022-49100", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_console: eliminate anonymous module_init & module_exit\n\nEliminate anonymous module_init() and module_exit(), which can lead to\nconfusion or ambiguity when reading System.map, crashes/oops/bugs,\nor an initcall_debug log.\n\nGive each of these init and exit functions unique driver-specific\nnames to eliminate the anonymous names.\n\nExample 1: (System.map)\n ffffffff832fc78c t init\n ffffffff832fc79e t init\n ffffffff832fc8f8 t init\n\nExample 2: (initcall_debug log)\n calling init+0x0/0x12 @ 1\n initcall init+0x0/0x12 returned 0 after 15 usecs\n calling init+0x0/0x60 @ 1\n initcall init+0x0/0x60 returned 0 after 2 usecs\n calling init+0x0/0x9a @ 1\n initcall init+0x0/0x9a returned 0 after 74 usecs", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49100" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8996f0a-e769-4ca7-b225-0c43b4bccb70.json b/objects/vulnerability/vulnerability--c8996f0a-e769-4ca7-b225-0c43b4bccb70.json new file mode 100644 index 00000000000..9d0b75a3ab6 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8996f0a-e769-4ca7-b225-0c43b4bccb70.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4406c02f-e2e8-44fe-80d6-6735969e1854", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8996f0a-e769-4ca7-b225-0c43b4bccb70", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.606783Z", + "modified": "2025-02-27T00:38:15.606783Z", + "name": "CVE-2022-49521", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()\n\nIf no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a\nreceived frame, the frame is dropped and resources are leaked.\n\nFix by returning resources when discarding an unhandled frame type. Update\nlpfc_fc_frame_check() handling of NOP basic link service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49521" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9834007-4856-4e0c-aa77-4dfedc130367.json b/objects/vulnerability/vulnerability--c9834007-4856-4e0c-aa77-4dfedc130367.json new file mode 100644 index 00000000000..b29f21d9bfb --- /dev/null +++ b/objects/vulnerability/vulnerability--c9834007-4856-4e0c-aa77-4dfedc130367.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4b73d9e-3b62-4730-9b75-92fca90d4661", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9834007-4856-4e0c-aa77-4dfedc130367", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.712472Z", + "modified": "2025-02-27T00:38:15.712472Z", + "name": "CVE-2022-49412", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Avoid merging queues with different parents\n\nIt can happen that the parent of a bfqq changes between the moment we\ndecide two queues are worth to merge (and set bic->stable_merge_bfqq)\nand the moment bfq_setup_merge() is called. This can happen e.g. because\nthe process submitted IO for a different cgroup and thus bfqq got\nreparented. It can even happen that the bfqq we are merging with has\nparent cgroup that is already offline and going to be destroyed in which\ncase the merge can lead to use-after-free issues such as:\n\nBUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50\nRead of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544\n\nCPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x46/0x5a\n print_address_description.constprop.0+0x1f/0x140\n ? __bfq_deactivate_entity+0x9cb/0xa50\n kasan_report.cold+0x7f/0x11b\n ? __bfq_deactivate_entity+0x9cb/0xa50\n __bfq_deactivate_entity+0x9cb/0xa50\n ? update_curr+0x32f/0x5d0\n bfq_deactivate_entity+0xa0/0x1d0\n bfq_del_bfqq_busy+0x28a/0x420\n ? resched_curr+0x116/0x1d0\n ? bfq_requeue_bfqq+0x70/0x70\n ? check_preempt_wakeup+0x52b/0xbc0\n __bfq_bfqq_expire+0x1a2/0x270\n bfq_bfqq_expire+0xd16/0x2160\n ? try_to_wake_up+0x4ee/0x1260\n ? bfq_end_wr_async_queues+0xe0/0xe0\n ? _raw_write_unlock_bh+0x60/0x60\n ? _raw_spin_lock_irq+0x81/0xe0\n bfq_idle_slice_timer+0x109/0x280\n ? bfq_dispatch_request+0x4870/0x4870\n __hrtimer_run_queues+0x37d/0x700\n ? enqueue_hrtimer+0x1b0/0x1b0\n ? kvm_clock_get_cycles+0xd/0x10\n ? ktime_get_update_offsets_now+0x6f/0x280\n hrtimer_interrupt+0x2c8/0x740\n\nFix the problem by checking that the parent of the two bfqqs we are\nmerging in bfq_setup_merge() is the same.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9874cd0-bc83-43f7-b018-7bffa4d6ef47.json b/objects/vulnerability/vulnerability--c9874cd0-bc83-43f7-b018-7bffa4d6ef47.json new file mode 100644 index 00000000000..424306936f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c9874cd0-bc83-43f7-b018-7bffa4d6ef47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28362e50-a569-4e16-8ca6-2af3cd406b8f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9874cd0-bc83-43f7-b018-7bffa4d6ef47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.495619Z", + "modified": "2025-02-27T00:38:15.495619Z", + "name": "CVE-2022-49559", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Drop WARNs that assert a triple fault never \"escapes\" from L2\n\nRemove WARNs that sanity check that KVM never lets a triple fault for L2\nescape and incorrectly end up in L1. In normal operation, the sanity\ncheck is perfectly valid, but it incorrectly assumes that it's impossible\nfor userspace to induce KVM_REQ_TRIPLE_FAULT without bouncing through\nKVM_RUN (which guarantees kvm_check_nested_state() will see and handle\nthe triple fault).\n\nThe WARN can currently be triggered if userspace injects a machine check\nwhile L2 is active and CR4.MCE=0. And a future fix to allow save/restore\nof KVM_REQ_TRIPLE_FAULT, e.g. so that a synthesized triple fault isn't\nlost on migration, will make it trivially easy for userspace to trigger\nthe WARN.\n\nClearing KVM_REQ_TRIPLE_FAULT when forcibly leaving guest mode is\ntempting, but wrong, especially if/when the request is saved/restored,\ne.g. if userspace restores events (including a triple fault) and then\nrestores nested state (which may forcibly leave guest mode). Ignoring\nthe fact that KVM doesn't currently provide the necessary APIs, it's\nuserspace's responsibility to manage pending events during save/restore.\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 1399 at arch/x86/kvm/vmx/nested.c:4522 nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel]\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 7 PID: 1399 Comm: state_test Not tainted 5.17.0-rc3+ #808\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel]\n Call Trace:\n \n vmx_leave_nested+0x30/0x40 [kvm_intel]\n vmx_set_nested_state+0xca/0x3e0 [kvm_intel]\n kvm_arch_vcpu_ioctl+0xf49/0x13e0 [kvm]\n kvm_vcpu_ioctl+0x4b9/0x660 [kvm]\n __x64_sys_ioctl+0x83/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \n ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49559" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca2a6123-7ffc-4e93-86a4-7433b2cc9497.json b/objects/vulnerability/vulnerability--ca2a6123-7ffc-4e93-86a4-7433b2cc9497.json new file mode 100644 index 00000000000..9abcf3de63f --- /dev/null +++ b/objects/vulnerability/vulnerability--ca2a6123-7ffc-4e93-86a4-7433b2cc9497.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9230ad0-93df-43e9-9889-6050be024461", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca2a6123-7ffc-4e93-86a4-7433b2cc9497", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.381679Z", + "modified": "2025-02-27T00:38:15.381679Z", + "name": "CVE-2022-49648", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Fix memory leak problem\n\nThis reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac.\n\nAs commit 46bbe5c671e0 (\"tracing: fix double free\") said, the\n\"double free\" problem reported by clang static analyzer is:\n > In parse_var_defs() if there is a problem allocating\n > var_defs.expr, the earlier var_defs.name is freed.\n > This free is duplicated by free_var_defs() which frees\n > the rest of the list.\n\nHowever, if there is a problem allocating N-th var_defs.expr:\n + in parse_var_defs(), the freed 'earlier var_defs.name' is\n actually the N-th var_defs.name;\n + then in free_var_defs(), the names from 0th to (N-1)-th are freed;\n\n IF ALLOCATING PROBLEM HAPPENED HERE!!! -+\n \\\n |\n 0th 1th (N-1)-th N-th V\n +-------------+-------------+-----+-------------+-----------\nvar_defs: | name | expr | name | expr | ... | name | expr | name | ///\n +-------------+-------------+-----+-------------+-----------\n\nThese two frees don't act on same name, so there was no \"double free\"\nproblem before. Conversely, after that commit, we get a \"memory leak\"\nproblem because the above \"N-th var_defs.name\" is not freed.\n\nIf enable CONFIG_DEBUG_KMEMLEAK and inject a fault at where the N-th\nvar_defs.expr allocated, then execute on shell like:\n $ echo 'hist:key=call_site:val=$v1,$v2:v1=bytes_req,v2=bytes_alloc' > \\\n/sys/kernel/debug/tracing/events/kmem/kmalloc/trigger\n\nThen kmemleak reports:\n unreferenced object 0xffff8fb100ef3518 (size 8):\n comm \"bash\", pid 196, jiffies 4295681690 (age 28.538s)\n hex dump (first 8 bytes):\n 76 31 00 00 b1 8f ff ff v1......\n backtrace:\n [<0000000038fe4895>] kstrdup+0x2d/0x60\n [<00000000c99c049a>] event_hist_trigger_parse+0x206f/0x20e0\n [<00000000ae70d2cc>] trigger_process_regex+0xc0/0x110\n [<0000000066737a4c>] event_trigger_write+0x75/0xd0\n [<000000007341e40c>] vfs_write+0xbb/0x2a0\n [<0000000087fde4c2>] ksys_write+0x59/0xd0\n [<00000000581e9cdf>] do_syscall_64+0x3a/0x80\n [<00000000cf3b065c>] entry_SYSCALL_64_after_hwframe+0x46/0xb0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49648" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cab27a1e-6fe2-4160-b0af-49fcb4ebf06e.json b/objects/vulnerability/vulnerability--cab27a1e-6fe2-4160-b0af-49fcb4ebf06e.json new file mode 100644 index 00000000000..bcb9e41480f --- /dev/null +++ b/objects/vulnerability/vulnerability--cab27a1e-6fe2-4160-b0af-49fcb4ebf06e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c99c4db-b556-4512-8c8e-2c2b077afb39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cab27a1e-6fe2-4160-b0af-49fcb4ebf06e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.619347Z", + "modified": "2025-02-27T00:38:07.619347Z", + "name": "CVE-2025-26698", + "description": "Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cac9a7bf-5ac8-400f-967b-3d24a7551b65.json b/objects/vulnerability/vulnerability--cac9a7bf-5ac8-400f-967b-3d24a7551b65.json new file mode 100644 index 00000000000..6005e82d87e --- /dev/null +++ b/objects/vulnerability/vulnerability--cac9a7bf-5ac8-400f-967b-3d24a7551b65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa673ab3-2105-4a59-be3f-966e223d57ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cac9a7bf-5ac8-400f-967b-3d24a7551b65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.285564Z", + "modified": "2025-02-27T00:38:15.285564Z", + "name": "CVE-2022-49502", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rga: fix possible memory leak in rga_probe\n\nrga->m2m_dev needs to be freed when rga_probe fails.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49502" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb0156fd-082c-482e-b662-7f8205d53c20.json b/objects/vulnerability/vulnerability--cb0156fd-082c-482e-b662-7f8205d53c20.json new file mode 100644 index 00000000000..a310df7b239 --- /dev/null +++ b/objects/vulnerability/vulnerability--cb0156fd-082c-482e-b662-7f8205d53c20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3bd21e9-3bd5-4722-8e4a-6470713964ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb0156fd-082c-482e-b662-7f8205d53c20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.328033Z", + "modified": "2025-02-27T00:38:15.328033Z", + "name": "CVE-2022-49240", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Fix error handling in mt8195_mt6359_rt1019_rt5682_dev_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49240" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbfac643-57ae-4256-b402-a5993e575d60.json b/objects/vulnerability/vulnerability--cbfac643-57ae-4256-b402-a5993e575d60.json new file mode 100644 index 00000000000..b6269f0cb68 --- /dev/null +++ b/objects/vulnerability/vulnerability--cbfac643-57ae-4256-b402-a5993e575d60.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5af7698-7074-4384-b817-0c24408749a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbfac643-57ae-4256-b402-a5993e575d60", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.320255Z", + "modified": "2025-02-27T00:38:15.320255Z", + "name": "CVE-2022-49411", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Make sure bfqg for which we are queueing requests is online\n\nBios queued into BFQ IO scheduler can be associated with a cgroup that\nwas already offlined. This may then cause insertion of this bfq_group\ninto a service tree. But this bfq_group will get freed as soon as last\nbio associated with it is completed leading to use after free issues for\nservice tree users. Fix the problem by making sure we always operate on\nonline bfq_group. If the bfq_group associated with the bio is not\nonline, we pick the first online parent.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49411" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc657c3e-d1bb-4a9c-baf8-80f8e0a33bf7.json b/objects/vulnerability/vulnerability--cc657c3e-d1bb-4a9c-baf8-80f8e0a33bf7.json new file mode 100644 index 00000000000..403e34e4851 --- /dev/null +++ b/objects/vulnerability/vulnerability--cc657c3e-d1bb-4a9c-baf8-80f8e0a33bf7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c9b1bc3-2dcf-4ced-8880-674ef7dd5fd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc657c3e-d1bb-4a9c-baf8-80f8e0a33bf7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.765146Z", + "modified": "2025-02-27T00:38:15.765146Z", + "name": "CVE-2022-49508", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: elan: Fix potential double free in elan_input_configured\n\n'input' is a managed resource allocated with devm_input_allocate_device(),\nso there is no need to call input_free_device() explicitly or\nthere will be a double free.\n\nAccording to the doc of devm_input_allocate_device():\n * Managed input devices do not need to be explicitly unregistered or\n * freed as it will be done automatically when owner device unbinds from\n * its driver (or binding fails).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd05dac9-e40c-4bb7-88cb-97d5e8bebfc9.json b/objects/vulnerability/vulnerability--cd05dac9-e40c-4bb7-88cb-97d5e8bebfc9.json new file mode 100644 index 00000000000..3423ec2ced7 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd05dac9-e40c-4bb7-88cb-97d5e8bebfc9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e98f2b4c-9d99-4975-af8c-67ce07ee348a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd05dac9-e40c-4bb7-88cb-97d5e8bebfc9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.60918Z", + "modified": "2025-02-27T00:38:01.60918Z", + "name": "CVE-2024-13560", + "description": "The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13560" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd9dab04-7af1-47c7-8c8a-6102508f5f81.json b/objects/vulnerability/vulnerability--cd9dab04-7af1-47c7-8c8a-6102508f5f81.json new file mode 100644 index 00000000000..ad053b4ac6c --- /dev/null +++ b/objects/vulnerability/vulnerability--cd9dab04-7af1-47c7-8c8a-6102508f5f81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3c2ad3c-5ce6-4232-a724-3eafe479b160", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd9dab04-7af1-47c7-8c8a-6102508f5f81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.723867Z", + "modified": "2025-02-27T00:38:15.723867Z", + "name": "CVE-2022-49185", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe\n\nThis node pointer is returned by of_parse_phandle() with refcount\nincremented in this function. Calling of_node_put() to avoid\nthe refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49185" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce53ee84-0921-4f0f-9da7-1b57c824542b.json b/objects/vulnerability/vulnerability--ce53ee84-0921-4f0f-9da7-1b57c824542b.json new file mode 100644 index 00000000000..f8770d0ea25 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce53ee84-0921-4f0f-9da7-1b57c824542b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e14e65d-11be-42e8-8d90-21b6e550a987", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce53ee84-0921-4f0f-9da7-1b57c824542b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.257823Z", + "modified": "2025-02-27T00:38:15.257823Z", + "name": "CVE-2022-49450", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix listen() setting the bar too high for the prealloc rings\n\nAF_RXRPC's listen() handler lets you set the backlog up to 32 (if you bump\nup the sysctl), but whilst the preallocation circular buffers have 32 slots\nin them, one of them has to be a dead slot because we're using CIRC_CNT().\n\nThis means that listen(rxrpc_sock, 32) will cause an oops when the socket\nis closed because rxrpc_service_prealloc_one() allocated one too many calls\nand rxrpc_discard_prealloc() won't then be able to get rid of them because\nit'll think the ring is empty. rxrpc_release_calls_on_socket() then tries\nto abort them, but oopses because call->peer isn't yet set.\n\nFix this by setting the maximum backlog to RXRPC_BACKLOG_MAX - 1 to match\nthe ring capacity.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000086\n ...\n RIP: 0010:rxrpc_send_abort_packet+0x73/0x240 [rxrpc]\n Call Trace:\n \n ? __wake_up_common_lock+0x7a/0x90\n ? rxrpc_notify_socket+0x8e/0x140 [rxrpc]\n ? rxrpc_abort_call+0x4c/0x60 [rxrpc]\n rxrpc_release_calls_on_socket+0x107/0x1a0 [rxrpc]\n rxrpc_release+0xc9/0x1c0 [rxrpc]\n __sock_release+0x37/0xa0\n sock_close+0x11/0x20\n __fput+0x89/0x240\n task_work_run+0x59/0x90\n do_exit+0x319/0xaa0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49450" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf071e52-ee8f-4d7b-b8f6-c059feb0e63a.json b/objects/vulnerability/vulnerability--cf071e52-ee8f-4d7b-b8f6-c059feb0e63a.json new file mode 100644 index 00000000000..0a963a39891 --- /dev/null +++ b/objects/vulnerability/vulnerability--cf071e52-ee8f-4d7b-b8f6-c059feb0e63a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--918293f7-b90e-4d96-82af-b903bd5e99cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf071e52-ee8f-4d7b-b8f6-c059feb0e63a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.701102Z", + "modified": "2025-02-27T00:38:15.701102Z", + "name": "CVE-2022-49134", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum: Guard against invalid local ports\n\nWhen processing events generated by the device's firmware, the driver\nprotects itself from events reported for non-existent local ports, but\nnot for the CPU port (local port 0), which exists, but does not have all\nthe fields as any local port.\n\nThis can result in a NULL pointer dereference when trying access\n'struct mlxsw_sp_port' fields which are not initialized for CPU port.\n\nCommit 63b08b1f6834 (\"mlxsw: spectrum: Protect driver from buggy firmware\")\nalready handled such issue by bailing early when processing a PUDE event\nreported for the CPU port.\n\nGeneralize the approach by moving the check to a common function and\nmaking use of it in all relevant places.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49134" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf542acc-bb0a-4ddf-b9bb-37e479170ef9.json b/objects/vulnerability/vulnerability--cf542acc-bb0a-4ddf-b9bb-37e479170ef9.json new file mode 100644 index 00000000000..3d4b0dfed89 --- /dev/null +++ b/objects/vulnerability/vulnerability--cf542acc-bb0a-4ddf-b9bb-37e479170ef9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--288b4853-f398-43cc-b2cf-852427704e40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf542acc-bb0a-4ddf-b9bb-37e479170ef9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.619991Z", + "modified": "2025-02-27T00:38:15.619991Z", + "name": "CVE-2022-49215", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race at socket teardown\n\nFix a race in the xsk socket teardown code that can lead to a NULL pointer\ndereference splat. The current xsk unbind code in xsk_unbind_dev() starts by\nsetting xs->state to XSK_UNBOUND, sets xs->dev to NULL and then waits for any\nNAPI processing to terminate using synchronize_net(). After that, the release\ncode starts to tear down the socket state and free allocated memory.\n\n BUG: kernel NULL pointer dereference, address: 00000000000000c0\n PGD 8000000932469067 P4D 8000000932469067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 25 PID: 69132 Comm: grpcpp_sync_ser Tainted: G I 5.16.0+ #2\n Hardware name: Dell Inc. PowerEdge R730/0599V5, BIOS 1.2.10 03/09/2015\n RIP: 0010:__xsk_sendmsg+0x2c/0x690\n [...]\n RSP: 0018:ffffa2348bd13d50 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000040 RCX: ffff8d5fc632d258\n RDX: 0000000000400000 RSI: ffffa2348bd13e10 RDI: ffff8d5fc5489800\n RBP: ffffa2348bd13db0 R08: 0000000000000000 R09: 00007ffffffff000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff8d5fc5489800\n R13: ffff8d5fcb0f5140 R14: ffff8d5fcb0f5140 R15: 0000000000000000\n FS: 00007f991cff9400(0000) GS:ffff8d6f1f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000c0 CR3: 0000000114888005 CR4: 00000000001706e0\n Call Trace:\n \n ? aa_sk_perm+0x43/0x1b0\n xsk_sendmsg+0xf0/0x110\n sock_sendmsg+0x65/0x70\n __sys_sendto+0x113/0x190\n ? debug_smp_processor_id+0x17/0x20\n ? fpregs_assert_state_consistent+0x23/0x50\n ? exit_to_user_mode_prepare+0xa5/0x1d0\n __x64_sys_sendto+0x29/0x30\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThere are two problems with the current code. First, setting xs->dev to NULL\nbefore waiting for all users to stop using the socket is not correct. The\nentry to the data plane functions xsk_poll(), xsk_sendmsg(), and xsk_recvmsg()\nare all guarded by a test that xs->state is in the state XSK_BOUND and if not,\nit returns right away. But one process might have passed this test but still\nhave not gotten to the point in which it uses xs->dev in the code. In this\ninterim, a second process executing xsk_unbind_dev() might have set xs->dev to\nNULL which will lead to a crash for the first process. The solution here is\njust to get rid of this NULL assignment since it is not used anymore. Before\ncommit 42fddcc7c64b (\"xsk: use state member for socket synchronization\"),\nxs->dev was the gatekeeper to admit processes into the data plane functions,\nbut it was replaced with the state variable xs->state in the aforementioned\ncommit.\n\nThe second problem is that synchronize_net() does not wait for any process in\nxsk_poll(), xsk_sendmsg(), or xsk_recvmsg() to complete, which means that the\nstate they rely on might be cleaned up prematurely. This can happen when the\nnotifier gets called (at driver unload for example) as it uses xsk_unbind_dev().\nSolve this by extending the RCU critical region from just the ndo_xsk_wakeup\nto the whole functions mentioned above, so that both the test of xs->state ==\nXSK_BOUND and the last use of any member of xs is covered by the RCU critical\nsection. This will guarantee that when synchronize_net() completes, there will\nbe no processes left executing xsk_poll(), xsk_sendmsg(), or xsk_recvmsg() and\nstate can be cleaned up safely. Note that we need to drop the RCU lock for the\nskb xmit path as it uses functions that might sleep. Due to this, we have to\nretest the xs->state after we grab the mutex that protects the skb xmit code\nfrom, among a number of things, an xsk_unbind_dev() being executed from the\nnotifier at the same time.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49215" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfcda330-74e1-4dff-b92b-0dc3d82c5e1c.json b/objects/vulnerability/vulnerability--cfcda330-74e1-4dff-b92b-0dc3d82c5e1c.json new file mode 100644 index 00000000000..5e124f76819 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfcda330-74e1-4dff-b92b-0dc3d82c5e1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27115b8b-427d-49b7-b3de-12d6cd28a8d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfcda330-74e1-4dff-b92b-0dc3d82c5e1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.497599Z", + "modified": "2025-02-27T00:38:15.497599Z", + "name": "CVE-2022-49184", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sparx5: switchdev: fix possible NULL pointer dereference\n\nAs the possible failure of the allocation, devm_kzalloc() may return NULL\npointer.\nTherefore, it should be better to check the 'db' in order to prevent\nthe dereference of NULL pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49184" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfeaa651-74ce-4d4f-970a-e3de5c363a1d.json b/objects/vulnerability/vulnerability--cfeaa651-74ce-4d4f-970a-e3de5c363a1d.json new file mode 100644 index 00000000000..42146adb003 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfeaa651-74ce-4d4f-970a-e3de5c363a1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82775903-042f-4195-8578-fbc7e490c228", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfeaa651-74ce-4d4f-970a-e3de5c363a1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.973245Z", + "modified": "2025-02-27T00:38:07.973245Z", + "name": "CVE-2025-20116", + "description": "A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20116" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfefbf53-8486-49f5-94cb-43abf93f310d.json b/objects/vulnerability/vulnerability--cfefbf53-8486-49f5-94cb-43abf93f310d.json new file mode 100644 index 00000000000..cadba5f3231 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfefbf53-8486-49f5-94cb-43abf93f310d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c99f9c8e-c747-49e7-a61e-fcdceb3e278c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfefbf53-8486-49f5-94cb-43abf93f310d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.720924Z", + "modified": "2025-02-27T00:38:15.720924Z", + "name": "CVE-2022-49387", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: rzg2l_wdt: Fix 32bit overflow issue\n\nThe value of timer_cycle_us can be 0 due to 32bit overflow.\nFor eg:- If we assign the counter value \"0xfff\" for computing\nmaxval.\n\nThis patch fixes this issue by appending ULL to 1024, so that\nit is promoted to 64bit.\n\nThis patch also fixes the warning message, 'watchdog: Invalid min and\nmax timeout values, resetting to 0!'.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d00d7e39-8047-443c-9685-c69a54fc131d.json b/objects/vulnerability/vulnerability--d00d7e39-8047-443c-9685-c69a54fc131d.json new file mode 100644 index 00000000000..d4f1f603463 --- /dev/null +++ b/objects/vulnerability/vulnerability--d00d7e39-8047-443c-9685-c69a54fc131d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--006fcb28-0f10-4d94-b262-5b74984e72d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d00d7e39-8047-443c-9685-c69a54fc131d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.614278Z", + "modified": "2025-02-27T00:38:15.614278Z", + "name": "CVE-2022-49199", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()\n\nThis code checks \"index\" for an upper bound but it does not check for\nnegatives. Change the type to unsigned to prevent underflows.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49199" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d09d6737-b09a-45fc-a63b-827298f06c1b.json b/objects/vulnerability/vulnerability--d09d6737-b09a-45fc-a63b-827298f06c1b.json new file mode 100644 index 00000000000..d1dd5e524f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--d09d6737-b09a-45fc-a63b-827298f06c1b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96a9a652-eb8e-4277-b1de-b760f4c8d210", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d09d6737-b09a-45fc-a63b-827298f06c1b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.729503Z", + "modified": "2025-02-27T00:38:15.729503Z", + "name": "CVE-2022-49273", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pl031: fix rtc features null pointer dereference\n\nWhen there is no interrupt line, rtc alarm feature is disabled.\n\nThe clearing of the alarm feature bit was being done prior to allocations\nof ldata->rtc device, resulting in a null pointer dereference.\n\nClear RTC_FEATURE_ALARM after the rtc device is allocated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49273" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1193930-c8b8-48ff-bdf1-325bb711c9ec.json b/objects/vulnerability/vulnerability--d1193930-c8b8-48ff-bdf1-325bb711c9ec.json new file mode 100644 index 00000000000..6dc7801c1a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d1193930-c8b8-48ff-bdf1-325bb711c9ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90d976e9-d010-4756-82f5-67c1766e0c84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1193930-c8b8-48ff-bdf1-325bb711c9ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.653035Z", + "modified": "2025-02-27T00:38:15.653035Z", + "name": "CVE-2022-49435", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()\n\nIt will cause null-ptr-deref when using 'res', if platform_get_resource()\nreturns NULL, so move using 'res' after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d17b5cdc-ab55-4a8d-8e06-73206c7ad7e0.json b/objects/vulnerability/vulnerability--d17b5cdc-ab55-4a8d-8e06-73206c7ad7e0.json new file mode 100644 index 00000000000..811043c7d95 --- /dev/null +++ b/objects/vulnerability/vulnerability--d17b5cdc-ab55-4a8d-8e06-73206c7ad7e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02d09fc8-5726-4ada-aa1e-7eb8702d4a79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d17b5cdc-ab55-4a8d-8e06-73206c7ad7e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.791346Z", + "modified": "2025-02-27T00:38:15.791346Z", + "name": "CVE-2022-49217", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix abort all task initialization\n\nIn pm80xx_send_abort_all(), the n_elem field of the ccb used is not\ninitialized to 0. This missing initialization sometimes lead to the task\ncompletion path seeing the ccb with a non-zero n_elem resulting in the\nexecution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(),\ncausing a crash such as:\n\n[ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280\n[ 197.700204] RSP: 0018:ffff889bbcf89c88 EFLAGS: 00010012\n[ 197.705485] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83d0bda0\n[ 197.712687] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff88810dffc0d0\n[ 197.719887] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8881c790098b\n[ 197.727089] R10: ffffed1038f20131 R11: 0000000000000001 R12: 0000000000000000\n[ 197.734296] R13: ffff88810dffc0d0 R14: 0000000000000010 R15: 0000000000000000\n[ 197.741493] FS: 0000000000000000(0000) GS:ffff889bbcf80000(0000) knlGS:0000000000000000\n[ 197.749659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 197.755459] CR2: 00007f16c1b42734 CR3: 0000000004814000 CR4: 0000000000350ee0\n[ 197.762656] Call Trace:\n[ 197.765127] \n[ 197.767162] pm8001_ccb_task_free+0x5f1/0x820 [pm80xx]\n[ 197.772364] ? do_raw_spin_unlock+0x54/0x220\n[ 197.776680] pm8001_mpi_task_abort_resp+0x2ce/0x4f0 [pm80xx]\n[ 197.782406] process_oq+0xe85/0x7890 [pm80xx]\n[ 197.786817] ? lock_acquire+0x194/0x490\n[ 197.790697] ? handle_irq_event+0x10e/0x1b0\n[ 197.794920] ? mpi_sata_completion+0x2d70/0x2d70 [pm80xx]\n[ 197.800378] ? __wake_up_bit+0x100/0x100\n[ 197.804340] ? lock_is_held_type+0x98/0x110\n[ 197.808565] pm80xx_chip_isr+0x94/0x130 [pm80xx]\n[ 197.813243] tasklet_action_common.constprop.0+0x24b/0x2f0\n[ 197.818785] __do_softirq+0x1b5/0x82d\n[ 197.822485] ? do_raw_spin_unlock+0x54/0x220\n[ 197.826799] __irq_exit_rcu+0x17e/0x1e0\n[ 197.830678] irq_exit_rcu+0xa/0x20\n[ 197.834114] common_interrupt+0x78/0x90\n[ 197.840051] \n[ 197.844236] \n[ 197.848397] asm_common_interrupt+0x1e/0x40\n\nAvoid this issue by always initializing the ccb n_elem field to 0 in\npm8001_send_abort_all(), pm8001_send_read_log() and\npm80xx_send_abort_all().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49217" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1eaad8e-e316-479e-bbee-fbd6f53b9f4d.json b/objects/vulnerability/vulnerability--d1eaad8e-e316-479e-bbee-fbd6f53b9f4d.json new file mode 100644 index 00000000000..6c75ee0a8de --- /dev/null +++ b/objects/vulnerability/vulnerability--d1eaad8e-e316-479e-bbee-fbd6f53b9f4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea1a3e40-4780-4e3a-bf0a-265c1c4db3d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1eaad8e-e316-479e-bbee-fbd6f53b9f4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.658751Z", + "modified": "2025-02-27T00:38:15.658751Z", + "name": "CVE-2022-49077", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)\n\nIf an mremap() syscall with old_size=0 ends up in move_page_tables(), it\nwill call invalidate_range_start()/invalidate_range_end() unnecessarily,\ni.e. with an empty range.\n\nThis causes a WARN in KVM's mmu_notifier. In the past, empty ranges\nhave been diagnosed to be off-by-one bugs, hence the WARNing. Given the\nlow (so far) number of unique reports, the benefits of detecting more\nbuggy callers seem to outweigh the cost of having to fix cases such as\nthis one, where userspace is doing something silly. In this particular\ncase, an early return from move_page_tables() is enough to fix the\nissue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49077" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d21073da-5b2a-4928-a97d-650e9410d3a8.json b/objects/vulnerability/vulnerability--d21073da-5b2a-4928-a97d-650e9410d3a8.json new file mode 100644 index 00000000000..c123484956a --- /dev/null +++ b/objects/vulnerability/vulnerability--d21073da-5b2a-4928-a97d-650e9410d3a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a319fa48-d388-4394-abc4-8508265fddd1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d21073da-5b2a-4928-a97d-650e9410d3a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.633443Z", + "modified": "2025-02-27T00:38:15.633443Z", + "name": "CVE-2022-49527", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: avoid null dereference in deinit\n\nIf venus_probe fails at pm_runtime_put_sync the error handling first\ncalls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets\ncore->ops to NULL, hfi_core_deinit cannot call the core_deinit function\nanymore.\n\nAvoid this null pointer derefence by skipping the call when necessary.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d215a55f-0bdf-4690-a86a-997dab723015.json b/objects/vulnerability/vulnerability--d215a55f-0bdf-4690-a86a-997dab723015.json new file mode 100644 index 00000000000..12219492c34 --- /dev/null +++ b/objects/vulnerability/vulnerability--d215a55f-0bdf-4690-a86a-997dab723015.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bad64f6a-91f4-4782-80c8-8dfc3b381600", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d215a55f-0bdf-4690-a86a-997dab723015", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.656829Z", + "modified": "2025-02-27T00:38:15.656829Z", + "name": "CVE-2022-49626", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix use after free when disabling sriov\n\nUse after free is detected by kfence when disabling sriov. What was read\nafter being freed was vf->pci_dev: it was freed from pci_disable_sriov\nand later read in efx_ef10_sriov_free_vf_vports, called from\nefx_ef10_sriov_free_vf_vswitching.\n\nSet the pointer to NULL at release time to not trying to read it later.\n\nReproducer and dmesg log (note that kfence doesn't detect it every time):\n$ echo 1 > /sys/class/net/enp65s0f0np0/device/sriov_numvfs\n$ echo 0 > /sys/class/net/enp65s0f0np0/device/sriov_numvfs\n\n BUG: KFENCE: use-after-free read in efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]\n\n Use-after-free read at 0x00000000ff3c1ba5 (in kfence-#224):\n efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]\n efx_ef10_pci_sriov_disable+0x38/0x70 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xfe/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n kfence-#224: 0x00000000edb8ef95-0x00000000671f5ce1, size=2792, cache=kmalloc-4k\n\n allocated by task 6771 on cpu 10 at 3137.860196s:\n pci_alloc_dev+0x21/0x60\n pci_iov_add_virtfn+0x2a2/0x320\n sriov_enable+0x212/0x3e0\n efx_ef10_sriov_configure+0x67/0x80 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xba/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n freed by task 6771 on cpu 12 at 3170.991309s:\n device_release+0x34/0x90\n kobject_cleanup+0x3a/0x130\n pci_iov_remove_virtfn+0xd9/0x120\n sriov_disable+0x30/0xe0\n efx_ef10_pci_sriov_disable+0x57/0x70 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xfe/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d29c8ec8-ae81-43bd-943e-00a752e7577b.json b/objects/vulnerability/vulnerability--d29c8ec8-ae81-43bd-943e-00a752e7577b.json new file mode 100644 index 00000000000..8b127649c89 --- /dev/null +++ b/objects/vulnerability/vulnerability--d29c8ec8-ae81-43bd-943e-00a752e7577b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49a81709-65e6-4cce-acc0-03d70052746a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d29c8ec8-ae81-43bd-943e-00a752e7577b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.455635Z", + "modified": "2025-02-27T00:38:15.455635Z", + "name": "CVE-2022-49242", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mxs: Fix error handling in mxs_sgtl5000_probe\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFor example, when codec_np is NULL, saif_np[0] and saif_np[1]\nare not NULL, it will cause leaks.\n\nof_node_put() will check if the node pointer is NULL, so we can\ncall it directly to release the refcount of regular pointers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49242" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d31b255f-66b3-4e60-b225-28cc42ff185b.json b/objects/vulnerability/vulnerability--d31b255f-66b3-4e60-b225-28cc42ff185b.json new file mode 100644 index 00000000000..0602c0913cc --- /dev/null +++ b/objects/vulnerability/vulnerability--d31b255f-66b3-4e60-b225-28cc42ff185b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3211cb69-a5c7-4a2a-9709-103dc2b73327", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d31b255f-66b3-4e60-b225-28cc42ff185b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.727523Z", + "modified": "2025-02-27T00:38:15.727523Z", + "name": "CVE-2022-49241", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49241" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d32e3059-4e2d-463f-867b-0432221b1eb8.json b/objects/vulnerability/vulnerability--d32e3059-4e2d-463f-867b-0432221b1eb8.json new file mode 100644 index 00000000000..8b67ef26e79 --- /dev/null +++ b/objects/vulnerability/vulnerability--d32e3059-4e2d-463f-867b-0432221b1eb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e7232c7-43a5-46b7-b0ab-5c8cc108d59f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d32e3059-4e2d-463f-867b-0432221b1eb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.262783Z", + "modified": "2025-02-27T00:38:15.262783Z", + "name": "CVE-2022-49424", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer dereference when printing dev_name\n\nWhen larbdev is NULL (in the case I hit, the node is incorrectly set\niommus = <&iommu NUM>), it will cause device_link_add() fail and\nkernel crashes when we try to print dev_name(larbdev).\n\nLet's fail the probe if a larbdev is NULL to avoid invalid inputs from\ndts.\n\nIt should work for normal correct setting and avoid the crash caused\nby my incorrect setting.\n\nError log:\n[ 18.189042][ T301] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n...\n[ 18.344519][ T301] pstate: a0400005 (NzCv daif +PAN -UAO)\n[ 18.345213][ T301] pc : mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu]\n[ 18.346050][ T301] lr : mtk_iommu_probe_device+0xd0/0x118 [mtk_iommu]\n[ 18.346884][ T301] sp : ffffffc00a5635e0\n[ 18.347392][ T301] x29: ffffffc00a5635e0 x28: ffffffd44a46c1d8\n[ 18.348156][ T301] x27: ffffff80c39a8000 x26: ffffffd44a80cc38\n[ 18.348917][ T301] x25: 0000000000000000 x24: ffffffd44a80cc38\n[ 18.349677][ T301] x23: ffffffd44e4da4c6 x22: ffffffd44a80cc38\n[ 18.350438][ T301] x21: ffffff80cecd1880 x20: 0000000000000000\n[ 18.351198][ T301] x19: ffffff80c439f010 x18: ffffffc00a50d0c0\n[ 18.351959][ T301] x17: ffffffffffffffff x16: 0000000000000004\n[ 18.352719][ T301] x15: 0000000000000004 x14: ffffffd44eb5d420\n[ 18.353480][ T301] x13: 0000000000000ad2 x12: 0000000000000003\n[ 18.354241][ T301] x11: 00000000fffffad2 x10: c0000000fffffad2\n[ 18.355003][ T301] x9 : a0d288d8d7142d00 x8 : a0d288d8d7142d00\n[ 18.355763][ T301] x7 : ffffffd44c2bc640 x6 : 0000000000000000\n[ 18.356524][ T301] x5 : 0000000000000080 x4 : 0000000000000001\n[ 18.357284][ T301] x3 : 0000000000000000 x2 : 0000000000000005\n[ 18.358045][ T301] x1 : 0000000000000000 x0 : 0000000000000000\n[ 18.360208][ T301] Hardware name: MT6873 (DT)\n[ 18.360771][ T301] Call trace:\n[ 18.361168][ T301] dump_backtrace+0xf8/0x1f0\n[ 18.361737][ T301] dump_stack_lvl+0xa8/0x11c\n[ 18.362305][ T301] dump_stack+0x1c/0x2c\n[ 18.362816][ T301] mrdump_common_die+0x184/0x40c [mrdump]\n[ 18.363575][ T301] ipanic_die+0x24/0x38 [mrdump]\n[ 18.364230][ T301] atomic_notifier_call_chain+0x128/0x2b8\n[ 18.364937][ T301] die+0x16c/0x568\n[ 18.365394][ T301] __do_kernel_fault+0x1e8/0x214\n[ 18.365402][ T301] do_page_fault+0xb8/0x678\n[ 18.366934][ T301] do_translation_fault+0x48/0x64\n[ 18.368645][ T301] do_mem_abort+0x68/0x148\n[ 18.368652][ T301] el1_abort+0x40/0x64\n[ 18.368660][ T301] el1h_64_sync_handler+0x54/0x88\n[ 18.368668][ T301] el1h_64_sync+0x68/0x6c\n[ 18.368673][ T301] mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu]\n...", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49424" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3af6246-4e85-413f-a9a6-3ff08db528c6.json b/objects/vulnerability/vulnerability--d3af6246-4e85-413f-a9a6-3ff08db528c6.json new file mode 100644 index 00000000000..e61a4bc83c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3af6246-4e85-413f-a9a6-3ff08db528c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4b74475-3169-4822-a97f-48f9336e920d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3af6246-4e85-413f-a9a6-3ff08db528c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.764113Z", + "modified": "2025-02-27T00:38:15.764113Z", + "name": "CVE-2022-49317", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid infinite loop to flush node pages\n\nxfstests/generic/475 can give EIO all the time which give an infinite loop\nto flush node page like below. Let's avoid it.\n\n[16418.518551] Call Trace:\n[16418.518553] ? dm_submit_bio+0x48/0x400\n[16418.518574] ? submit_bio_checks+0x1ac/0x5a0\n[16418.525207] __submit_bio+0x1a9/0x230\n[16418.525210] ? kmem_cache_alloc+0x29e/0x3c0\n[16418.525223] submit_bio_noacct+0xa8/0x2b0\n[16418.525226] submit_bio+0x4d/0x130\n[16418.525238] __submit_bio+0x49/0x310 [f2fs]\n[16418.525339] ? bio_add_page+0x6a/0x90\n[16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs]\n[16418.525365] read_node_page+0x125/0x1b0 [f2fs]\n[16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs]\n[16418.525409] __get_node_page+0x2f/0x60 [f2fs]\n[16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs]\n[16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30\n[16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40\n[16418.525467] ? __xa_set_mark+0x57/0x70\n[16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]\n[16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs]\n[16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90\n[16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs]\n[16418.525545] ? blk_flush_plug_list+0x47/0x100\n[16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs]\n[16418.525569] do_writepages+0xd5/0x210\n[16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0\n[16418.525655] filemap_fdatawrite+0x50/0x70\n[16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]\n[16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs]\n[16418.525699] ? ttwu_do_wakeup+0x1c/0x160\n[16418.525709] ? ttwu_do_activate+0x6d/0xd0\n[16418.525711] ? __wait_for_common+0x11d/0x150\n[16418.525715] kill_f2fs_super+0xca/0x100 [f2fs]\n[16418.525733] deactivate_locked_super+0x3b/0xb0\n[16418.525739] deactivate_super+0x40/0x50\n[16418.525741] cleanup_mnt+0x139/0x190\n[16418.525747] __cleanup_mnt+0x12/0x20\n[16418.525749] task_work_run+0x6d/0xa0\n[16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0\n[16418.525771] syscall_exit_to_user_mode+0x27/0x50\n[16418.525774] do_syscall_64+0x48/0xc0\n[16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49317" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3b61b59-0ec9-4c3a-bce5-07dc9d1233c1.json b/objects/vulnerability/vulnerability--d3b61b59-0ec9-4c3a-bce5-07dc9d1233c1.json new file mode 100644 index 00000000000..75fe4e10224 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3b61b59-0ec9-4c3a-bce5-07dc9d1233c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--17f8bc7e-cab8-4c3b-9747-a6ea487afa88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3b61b59-0ec9-4c3a-bce5-07dc9d1233c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.023426Z", + "modified": "2025-02-27T00:38:03.023426Z", + "name": "CVE-2024-53427", + "description": "jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53427" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4bf6f14-314f-4001-b543-faf3c8d3032b.json b/objects/vulnerability/vulnerability--d4bf6f14-314f-4001-b543-faf3c8d3032b.json new file mode 100644 index 00000000000..bce4887823f --- /dev/null +++ b/objects/vulnerability/vulnerability--d4bf6f14-314f-4001-b543-faf3c8d3032b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31269b4e-b351-4622-aa71-76ec1c67186f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4bf6f14-314f-4001-b543-faf3c8d3032b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.533726Z", + "modified": "2025-02-27T00:38:15.533726Z", + "name": "CVE-2022-49678", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\n\nIn brcmstb_init_sram, it pass dn to of_address_to_resource(),\nof_address_to_resource() will call of_find_device_by_node() to take\nreference, so we should release the reference returned by\nof_find_matching_node().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5d9a4fc-193d-47b4-afc3-e9e9b2abc1b3.json b/objects/vulnerability/vulnerability--d5d9a4fc-193d-47b4-afc3-e9e9b2abc1b3.json new file mode 100644 index 00000000000..0c2b3d454c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d5d9a4fc-193d-47b4-afc3-e9e9b2abc1b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42bd52f7-25a4-4943-8f39-04ebef6a6ef1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5d9a4fc-193d-47b4-afc3-e9e9b2abc1b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.644396Z", + "modified": "2025-02-27T00:38:01.644396Z", + "name": "CVE-2024-13669", + "description": "The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d64e2031-70cb-4dfe-927c-84be78b90fe7.json b/objects/vulnerability/vulnerability--d64e2031-70cb-4dfe-927c-84be78b90fe7.json new file mode 100644 index 00000000000..b0613d65625 --- /dev/null +++ b/objects/vulnerability/vulnerability--d64e2031-70cb-4dfe-927c-84be78b90fe7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6325b645-851f-4f67-98b9-77f208aaa2bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d64e2031-70cb-4dfe-927c-84be78b90fe7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.580885Z", + "modified": "2025-02-27T00:38:01.580885Z", + "name": "CVE-2024-13571", + "description": "The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d652d633-f3d2-4dff-ad60-e9fa8d2dc296.json b/objects/vulnerability/vulnerability--d652d633-f3d2-4dff-ad60-e9fa8d2dc296.json new file mode 100644 index 00000000000..f73d4baf496 --- /dev/null +++ b/objects/vulnerability/vulnerability--d652d633-f3d2-4dff-ad60-e9fa8d2dc296.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bcb9dcac-a738-4a9f-b7e7-91bae335d59f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d652d633-f3d2-4dff-ad60-e9fa8d2dc296", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.742554Z", + "modified": "2025-02-27T00:38:15.742554Z", + "name": "CVE-2022-49628", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix leaks in probe\n\nThese two error paths should clean up before returning.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49628" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d77809ef-1a6d-494f-95ea-c5a859668c75.json b/objects/vulnerability/vulnerability--d77809ef-1a6d-494f-95ea-c5a859668c75.json new file mode 100644 index 00000000000..90600a0d274 --- /dev/null +++ b/objects/vulnerability/vulnerability--d77809ef-1a6d-494f-95ea-c5a859668c75.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1d8b464-1a2e-4578-878c-92562f5f5a86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d77809ef-1a6d-494f-95ea-c5a859668c75", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.398825Z", + "modified": "2025-02-27T00:38:15.398825Z", + "name": "CVE-2022-49176", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: fix use-after-free in bfq_dispatch_request\n\nKASAN reports a use-after-free report when doing normal scsi-mq test\n\n[69832.239032] ==================================================================\n[69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0\n[69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155\n[69832.244656]\n[69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8\n[69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[69832.249069] Workqueue: kblockd blk_mq_run_work_fn\n[69832.250022] Call Trace:\n[69832.250541] dump_stack+0x9b/0xce\n[69832.251232] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.252243] print_address_description.constprop.6+0x3e/0x60\n[69832.253381] ? __cpuidle_text_end+0x5/0x5\n[69832.254211] ? vprintk_func+0x6b/0x120\n[69832.254994] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.255952] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.256914] kasan_report.cold.9+0x22/0x3a\n[69832.257753] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.258755] check_memory_region+0x1c1/0x1e0\n[69832.260248] bfq_dispatch_request+0x1045/0x44b0\n[69832.261181] ? bfq_bfqq_expire+0x2440/0x2440\n[69832.262032] ? blk_mq_delay_run_hw_queues+0xf9/0x170\n[69832.263022] __blk_mq_do_dispatch_sched+0x52f/0x830\n[69832.264011] ? blk_mq_sched_request_inserted+0x100/0x100\n[69832.265101] __blk_mq_sched_dispatch_requests+0x398/0x4f0\n[69832.266206] ? blk_mq_do_dispatch_ctx+0x570/0x570\n[69832.267147] ? __switch_to+0x5f4/0xee0\n[69832.267898] blk_mq_sched_dispatch_requests+0xdf/0x140\n[69832.268946] __blk_mq_run_hw_queue+0xc0/0x270\n[69832.269840] blk_mq_run_work_fn+0x51/0x60\n[69832.278170] process_one_work+0x6d4/0xfe0\n[69832.278984] worker_thread+0x91/0xc80\n[69832.279726] ? __kthread_parkme+0xb0/0x110\n[69832.280554] ? process_one_work+0xfe0/0xfe0\n[69832.281414] kthread+0x32d/0x3f0\n[69832.282082] ? kthread_park+0x170/0x170\n[69832.282849] ret_from_fork+0x1f/0x30\n[69832.283573]\n[69832.283886] Allocated by task 7725:\n[69832.284599] kasan_save_stack+0x19/0x40\n[69832.285385] __kasan_kmalloc.constprop.2+0xc1/0xd0\n[69832.286350] kmem_cache_alloc_node+0x13f/0x460\n[69832.287237] bfq_get_queue+0x3d4/0x1140\n[69832.287993] bfq_get_bfqq_handle_split+0x103/0x510\n[69832.289015] bfq_init_rq+0x337/0x2d50\n[69832.289749] bfq_insert_requests+0x304/0x4e10\n[69832.290634] blk_mq_sched_insert_requests+0x13e/0x390\n[69832.291629] blk_mq_flush_plug_list+0x4b4/0x760\n[69832.292538] blk_flush_plug_list+0x2c5/0x480\n[69832.293392] io_schedule_prepare+0xb2/0xd0\n[69832.294209] io_schedule_timeout+0x13/0x80\n[69832.295014] wait_for_common_io.constprop.1+0x13c/0x270\n[69832.296137] submit_bio_wait+0x103/0x1a0\n[69832.296932] blkdev_issue_discard+0xe6/0x160\n[69832.297794] blk_ioctl_discard+0x219/0x290\n[69832.298614] blkdev_common_ioctl+0x50a/0x1750\n[69832.304715] blkdev_ioctl+0x470/0x600\n[69832.305474] block_ioctl+0xde/0x120\n[69832.306232] vfs_ioctl+0x6c/0xc0\n[69832.306877] __se_sys_ioctl+0x90/0xa0\n[69832.307629] do_syscall_64+0x2d/0x40\n[69832.308362] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[69832.309382]\n[69832.309701] Freed by task 155:\n[69832.310328] kasan_save_stack+0x19/0x40\n[69832.311121] kasan_set_track+0x1c/0x30\n[69832.311868] kasan_set_free_info+0x1b/0x30\n[69832.312699] __kasan_slab_free+0x111/0x160\n[69832.313524] kmem_cache_free+0x94/0x460\n[69832.314367] bfq_put_queue+0x582/0x940\n[69832.315112] __bfq_bfqd_reset_in_service+0x166/0x1d0\n[69832.317275] bfq_bfqq_expire+0xb27/0x2440\n[69832.318084] bfq_dispatch_request+0x697/0x44b0\n[69832.318991] __blk_mq_do_dispatch_sched+0x52f/0x830\n[69832.319984] __blk_mq_sched_dispatch_requests+0x398/0x4f0\n[69832.321087] blk_mq_sched_dispatch_requests+0xdf/0x140\n[69832.322225] __blk_mq_run_hw_queue+0xc0/0x270\n[69832.323114] blk_mq_run_work_fn+0x51/0x6\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49176" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7d4b2d3-1aa1-413a-bd25-5a24c56ba67b.json b/objects/vulnerability/vulnerability--d7d4b2d3-1aa1-413a-bd25-5a24c56ba67b.json new file mode 100644 index 00000000000..dedd15fca1d --- /dev/null +++ b/objects/vulnerability/vulnerability--d7d4b2d3-1aa1-413a-bd25-5a24c56ba67b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4dc53525-793f-4ca2-8ac5-ac5d9171284c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7d4b2d3-1aa1-413a-bd25-5a24c56ba67b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.408444Z", + "modified": "2025-02-27T00:38:15.408444Z", + "name": "CVE-2022-49170", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on curseg->alloc_type\n\nAs Wenqing Liu reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215657\n\n- Overview\nUBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operate a corrupted image\n\n- Reproduce\ntested on kernel 5.17-rc4, 5.17-rc6\n\n1. mkdir test_crash\n2. cd test_crash\n3. unzip tmp2.zip\n4. mkdir mnt\n5. ./single_test.sh f2fs 2\n\n- Kernel dump\n[ 46.434454] loop0: detected capacity change from 0 to 131072\n[ 46.529839] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2d9\n[ 46.738319] ================================================================================\n[ 46.738412] UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2\n[ 46.738475] index 231 is out of range for type 'unsigned int [2]'\n[ 46.738539] CPU: 2 PID: 939 Comm: umount Not tainted 5.17.0-rc6 #1\n[ 46.738547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n[ 46.738551] Call Trace:\n[ 46.738556] \n[ 46.738563] dump_stack_lvl+0x47/0x5c\n[ 46.738581] ubsan_epilogue+0x5/0x50\n[ 46.738592] __ubsan_handle_out_of_bounds+0x68/0x80\n[ 46.738604] f2fs_allocate_data_block+0xdff/0xe60 [f2fs]\n[ 46.738819] do_write_page+0xef/0x210 [f2fs]\n[ 46.738934] f2fs_do_write_node_page+0x3f/0x80 [f2fs]\n[ 46.739038] __write_node_page+0x2b7/0x920 [f2fs]\n[ 46.739162] f2fs_sync_node_pages+0x943/0xb00 [f2fs]\n[ 46.739293] f2fs_write_checkpoint+0x7bb/0x1030 [f2fs]\n[ 46.739405] kill_f2fs_super+0x125/0x150 [f2fs]\n[ 46.739507] deactivate_locked_super+0x60/0xc0\n[ 46.739517] deactivate_super+0x70/0xb0\n[ 46.739524] cleanup_mnt+0x11a/0x200\n[ 46.739532] __cleanup_mnt+0x16/0x20\n[ 46.739538] task_work_run+0x67/0xa0\n[ 46.739547] exit_to_user_mode_prepare+0x18c/0x1a0\n[ 46.739559] syscall_exit_to_user_mode+0x26/0x40\n[ 46.739568] do_syscall_64+0x46/0xb0\n[ 46.739584] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is we missed to do sanity check on curseg->alloc_type,\nresult in out-of-bound accessing on sbi->block_count[] array, fix it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49170" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7e4a186-4fc8-47ae-9bab-34bfedca2432.json b/objects/vulnerability/vulnerability--d7e4a186-4fc8-47ae-9bab-34bfedca2432.json new file mode 100644 index 00000000000..954474a3d6b --- /dev/null +++ b/objects/vulnerability/vulnerability--d7e4a186-4fc8-47ae-9bab-34bfedca2432.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cec55eb-7983-4a0d-8561-4f4af56ce650", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7e4a186-4fc8-47ae-9bab-34bfedca2432", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.580049Z", + "modified": "2025-02-27T00:38:15.580049Z", + "name": "CVE-2022-49371", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix deadlock in __device_attach\n\nIn __device_attach function, The lock holding logic is as follows:\n...\n__device_attach\ndevice_lock(dev) // get lock dev\n async_schedule_dev(__device_attach_async_helper, dev); // func\n async_schedule_node\n async_schedule_node_domain(func)\n entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);\n\t/* when fail or work limit, sync to execute func, but\n\t __device_attach_async_helper will get lock dev as\n\t well, which will lead to A-A deadlock. */\n\tif (!entry || atomic_read(&entry_count) > MAX_WORK) {\n\t func;\n\telse\n\t queue_work_node(node, system_unbound_wq, &entry->work)\n device_unlock(dev)\n\nAs shown above, when it is allowed to do async probes, because of\nout of memory or work limit, async work is not allowed, to do\nsync execute instead. it will lead to A-A deadlock because of\n__device_attach_async_helper getting lock dev.\n\nTo fix the deadlock, move the async_schedule_dev outside device_lock,\nas we can see, in async_schedule_node_domain, the parameter of\nqueue_work_node is system_unbound_wq, so it can accept concurrent\noperations. which will also not change the code logic, and will\nnot lead to deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8171ddc-bd3d-4d5e-b7c3-2f101a0bbf4e.json b/objects/vulnerability/vulnerability--d8171ddc-bd3d-4d5e-b7c3-2f101a0bbf4e.json new file mode 100644 index 00000000000..e9dd0771611 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8171ddc-bd3d-4d5e-b7c3-2f101a0bbf4e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d691b80-a9b9-4801-9941-4ab0777ebcff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8171ddc-bd3d-4d5e-b7c3-2f101a0bbf4e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.690706Z", + "modified": "2025-02-27T00:38:15.690706Z", + "name": "CVE-2022-49514", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe\n\nCall of_node_put(platform_node) to avoid refcount leak in\nthe error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d841dedd-42ad-4380-a0a0-09818ee503b6.json b/objects/vulnerability/vulnerability--d841dedd-42ad-4380-a0a0-09818ee503b6.json new file mode 100644 index 00000000000..e6ee45579f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--d841dedd-42ad-4380-a0a0-09818ee503b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c32d1f0f-ae69-4e53-8ee4-14d70d806d8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d841dedd-42ad-4380-a0a0-09818ee503b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.507792Z", + "modified": "2025-02-27T00:38:15.507792Z", + "name": "CVE-2022-49609", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npower/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe\n\nof_find_matching_node_and_match() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49609" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8a8caa7-3a35-4978-83e7-9a8c37a403f8.json b/objects/vulnerability/vulnerability--d8a8caa7-3a35-4978-83e7-9a8c37a403f8.json new file mode 100644 index 00000000000..1440aed91d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8a8caa7-3a35-4978-83e7-9a8c37a403f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--285c1d45-3fba-474e-b0d5-f1f23612d5cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8a8caa7-3a35-4978-83e7-9a8c37a403f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.566928Z", + "modified": "2025-02-27T00:38:15.566928Z", + "name": "CVE-2022-49211", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: cdmm: Fix refcount leak in mips_cdmm_phys_base\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8f210fe-3037-4eaa-a77b-d0eeae221e6c.json b/objects/vulnerability/vulnerability--d8f210fe-3037-4eaa-a77b-d0eeae221e6c.json new file mode 100644 index 00000000000..012f40c1b59 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8f210fe-3037-4eaa-a77b-d0eeae221e6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21daef2d-4a99-4a07-9c60-673f138863ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8f210fe-3037-4eaa-a77b-d0eeae221e6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.678481Z", + "modified": "2025-02-27T00:38:07.678481Z", + "name": "CVE-2025-1517", + "description": "The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d99d702b-a717-4141-9291-62185e74dab5.json b/objects/vulnerability/vulnerability--d99d702b-a717-4141-9291-62185e74dab5.json new file mode 100644 index 00000000000..9ccbcba5e9e --- /dev/null +++ b/objects/vulnerability/vulnerability--d99d702b-a717-4141-9291-62185e74dab5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c90593e-4807-4e6f-a90c-a7513cedbdb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d99d702b-a717-4141-9291-62185e74dab5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.59741Z", + "modified": "2025-02-27T00:38:15.59741Z", + "name": "CVE-2022-49144", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix memory leak of uid in files registration\n\nWhen there are no files for __io_sqe_files_scm() to process in the\nrange, it'll free everything and return. However, it forgets to put uid.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49144" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da58a124-9dcd-4b22-95f5-2e8a48e7e094.json b/objects/vulnerability/vulnerability--da58a124-9dcd-4b22-95f5-2e8a48e7e094.json new file mode 100644 index 00000000000..fb7677b767a --- /dev/null +++ b/objects/vulnerability/vulnerability--da58a124-9dcd-4b22-95f5-2e8a48e7e094.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9ee3c3d-9c06-4d17-b905-e73eee397eb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da58a124-9dcd-4b22-95f5-2e8a48e7e094", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.662315Z", + "modified": "2025-02-27T00:38:03.662315Z", + "name": "CVE-2024-10563", + "description": "The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10563" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da89075b-66b5-425a-9472-4bb6663f3ede.json b/objects/vulnerability/vulnerability--da89075b-66b5-425a-9472-4bb6663f3ede.json new file mode 100644 index 00000000000..49e84c10466 --- /dev/null +++ b/objects/vulnerability/vulnerability--da89075b-66b5-425a-9472-4bb6663f3ede.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f8376511-9482-4b4e-9abc-68ffe72cf38b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da89075b-66b5-425a-9472-4bb6663f3ede", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.441477Z", + "modified": "2025-02-27T00:38:15.441477Z", + "name": "CVE-2022-49673", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix KASAN warning in raid5_add_disks\n\nThere's a KASAN warning in raid5_add_disk when running the LVM testsuite.\nThe warning happens in the test\nlvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning\nby verifying that rdev->saved_raid_disk is within limits.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49673" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbb33136-a100-4c68-a1da-5a90ce0a5b99.json b/objects/vulnerability/vulnerability--dbb33136-a100-4c68-a1da-5a90ce0a5b99.json new file mode 100644 index 00000000000..bfa3c72533d --- /dev/null +++ b/objects/vulnerability/vulnerability--dbb33136-a100-4c68-a1da-5a90ce0a5b99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ae5927b-7713-45f1-964c-3abd6a856a64", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbb33136-a100-4c68-a1da-5a90ce0a5b99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.650256Z", + "modified": "2025-02-27T00:38:15.650256Z", + "name": "CVE-2022-49262", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: octeontx2 - remove CONFIG_DM_CRYPT check\n\nNo issues were found while using the driver with dm-crypt enabled. So\nCONFIG_DM_CRYPT check in the driver can be removed.\n\nThis also fixes the NULL pointer dereference in driver release if\nCONFIG_DM_CRYPT is enabled.\n\n...\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n...\nCall trace:\n crypto_unregister_alg+0x68/0xfc\n crypto_unregister_skciphers+0x44/0x60\n otx2_cpt_crypto_exit+0x100/0x1a0\n otx2_cptvf_remove+0xf8/0x200\n pci_device_remove+0x3c/0xd4\n __device_release_driver+0x188/0x234\n device_release_driver+0x2c/0x4c\n...", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49262" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc10e91b-c283-4325-aba6-d114ed6b815c.json b/objects/vulnerability/vulnerability--dc10e91b-c283-4325-aba6-d114ed6b815c.json new file mode 100644 index 00000000000..6f14ca040b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc10e91b-c283-4325-aba6-d114ed6b815c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5788beb-b3af-4985-9ede-5c4de4bb3a9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc10e91b-c283-4325-aba6-d114ed6b815c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.718039Z", + "modified": "2025-02-27T00:38:15.718039Z", + "name": "CVE-2022-49304", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: tty: serial: Fix deadlock in sa1100_set_termios()\n\nThere is a deadlock in sa1100_set_termios(), which is shown\nbelow:\n\n (Thread 1) | (Thread 2)\n | sa1100_enable_ms()\nsa1100_set_termios() | mod_timer()\n spin_lock_irqsave() //(1) | (wait a time)\n ... | sa1100_timeout()\n del_timer_sync() | spin_lock_irqsave() //(2)\n (wait timer to stop) | ...\n\nWe hold sport->port.lock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need sport->port.lock in position (2) of thread 2. As a result,\nsa1100_set_termios() will block forever.\n\nThis patch moves del_timer_sync() before spin_lock_irqsave()\nin order to prevent the deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49304" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc6c572d-638c-49e0-9627-7c95e1f2d0e6.json b/objects/vulnerability/vulnerability--dc6c572d-638c-49e0-9627-7c95e1f2d0e6.json new file mode 100644 index 00000000000..4e3988d23f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc6c572d-638c-49e0-9627-7c95e1f2d0e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--baceb4fb-a1fb-473e-8afb-2139d17da0e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc6c572d-638c-49e0-9627-7c95e1f2d0e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.492808Z", + "modified": "2025-02-27T00:38:15.492808Z", + "name": "CVE-2022-49313", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: usb: host: Fix deadlock in oxu_bus_suspend()\n\nThere is a deadlock in oxu_bus_suspend(), which is shown below:\n\n (Thread 1) | (Thread 2)\n | timer_action()\noxu_bus_suspend() | mod_timer()\n spin_lock_irq() //(1) | (wait a time)\n ... | oxu_watchdog()\n del_timer_sync() | spin_lock_irq() //(2)\n (wait timer to stop) | ...\n\nWe hold oxu->lock in position (1) of thread 1, and use\ndel_timer_sync() to wait timer to stop, but timer handler\nalso need oxu->lock in position (2) of thread 2. As a result,\noxu_bus_suspend() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_irq(), which could let timer handler to obtain\nthe needed lock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49313" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc6c7fc8-dd96-40b5-9b55-ebdf62c93591.json b/objects/vulnerability/vulnerability--dc6c7fc8-dd96-40b5-9b55-ebdf62c93591.json new file mode 100644 index 00000000000..bd6ac85f9e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc6c7fc8-dd96-40b5-9b55-ebdf62c93591.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a761bafc-e3aa-4987-aff7-150286e078f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc6c7fc8-dd96-40b5-9b55-ebdf62c93591", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.331889Z", + "modified": "2025-02-27T00:38:15.331889Z", + "name": "CVE-2022-49652", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\n\nAdd missing of_node_put() in to fix this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc9a271f-d158-4462-8f0a-23e10928bb7c.json b/objects/vulnerability/vulnerability--dc9a271f-d158-4462-8f0a-23e10928bb7c.json new file mode 100644 index 00000000000..54f75908fdd --- /dev/null +++ b/objects/vulnerability/vulnerability--dc9a271f-d158-4462-8f0a-23e10928bb7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddfd5b11-c5a1-497f-8373-bf8bbf458edb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc9a271f-d158-4462-8f0a-23e10928bb7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.399786Z", + "modified": "2025-02-27T00:38:15.399786Z", + "name": "CVE-2022-49658", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals\n\nKuee reported a corner case where the tnum becomes constant after the call\nto __reg_bound_offset(), but the register's bounds are not, that is, its\nmin bounds are still not equal to the register's max bounds.\n\nThis in turn allows to leak pointers through turning a pointer register as\nis into an unknown scalar via adjust_ptr_min_max_vals().\n\nBefore:\n\n func#0 @0\n 0: R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))\n 0: (b7) r0 = 1 ; R0_w=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0))\n 1: (b7) r3 = 0 ; R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0))\n 2: (87) r3 = -r3 ; R3_w=scalar()\n 3: (87) r3 = -r3 ; R3_w=scalar()\n 4: (47) r3 |= 32767 ; R3_w=scalar(smin=-9223372036854743041,umin=32767,var_off=(0x7fff; 0xffffffffffff8000),s32_min=-2147450881)\n 5: (75) if r3 s>= 0x0 goto pc+1 ; R3_w=scalar(umin=9223372036854808575,var_off=(0x8000000000007fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)\n 6: (95) exit\n\n from 5 to 7: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))\n 7: (d5) if r3 s<= 0x8000 goto pc+1 ; R3=scalar(umin=32769,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)\n 8: (95) exit\n\n from 7 to 9: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=32768,var_off=(0x7fff; 0x8000)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))\n 9: (07) r3 += -32767 ; R3_w=scalar(imm=0,umax=1,var_off=(0x0; 0x0)) <--- [*]\n 10: (95) exit\n\nWhat can be seen here is that R3=scalar(umin=32767,umax=32768,var_off=(0x7fff;\n0x8000)) after the operation R3 += -32767 results in a 'malformed' constant, that\nis, R3_w=scalar(imm=0,umax=1,var_off=(0x0; 0x0)). Intersecting with var_off has\nnot been done at that point via __update_reg_bounds(), which would have improved\nthe umax to be equal to umin.\n\nRefactor the tnum <> min/max bounds information flow into a reg_bounds_sync()\nhelper and use it consistently everywhere. After the fix, bounds have been\ncorrected to R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0)) and thus the register\nis regarded as a 'proper' constant scalar of 0.\n\nAfter:\n\n func#0 @0\n 0: R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))\n 0: (b7) r0 = 1 ; R0_w=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0))\n 1: (b7) r3 = 0 ; R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0))\n 2: (87) r3 = -r3 ; R3_w=scalar()\n 3: (87) r3 = -r3 ; R3_w=scalar()\n 4: (47) r3 |= 32767 ; R3_w=scalar(smin=-9223372036854743041,umin=32767,var_off=(0x7fff; 0xffffffffffff8000),s32_min=-2147450881)\n 5: (75) if r3 s>= 0x0 goto pc+1 ; R3_w=scalar(umin=9223372036854808575,var_off=(0x8000000000007fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)\n 6: (95) exit\n\n from 5 to 7: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))\n 7: (d5) if r3 s<= 0x8000 goto pc+1 ; R3=scalar(umin=32769,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)\n 8: (95) exit\n\n from 7 to 9: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=32768,var_off=(0x7fff; 0x8000)) R10=fp(off=0\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd1b51c1-6171-49c0-ac00-16fe139f9a2c.json b/objects/vulnerability/vulnerability--dd1b51c1-6171-49c0-ac00-16fe139f9a2c.json new file mode 100644 index 00000000000..64fc37f1e7c --- /dev/null +++ b/objects/vulnerability/vulnerability--dd1b51c1-6171-49c0-ac00-16fe139f9a2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3daa10ec-8120-4155-9f3c-7ee0fd22812d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd1b51c1-6171-49c0-ac00-16fe139f9a2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.509912Z", + "modified": "2025-02-27T00:38:15.509912Z", + "name": "CVE-2022-49164", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/tm: Fix more userspace r13 corruption\n\nCommit cf13435b730a (\"powerpc/tm: Fix userspace r13 corruption\") fixes a\nproblem in treclaim where a SLB miss can occur on the\nthread_struct->ckpt_regs while SCRATCH0 is live with the saved user r13\nvalue, clobbering it with the kernel r13 and ultimately resulting in\nkernel r13 being stored in ckpt_regs.\n\nThere is an equivalent problem in trechkpt where the user r13 value is\nloaded into r13 from chkpt_regs to be recheckpointed, but a SLB miss\ncould occur on ckpt_regs accesses after that, which will result in r13\nbeing clobbered with a kernel value and that will get recheckpointed and\nthen restored to user registers.\n\nThe same memory page is accessed right before this critical window where\na SLB miss could cause corruption, so hitting the bug requires the SLB\nentry be removed within a small window of instructions, which is\npossible if a SLB related MCE hits there. PAPR also permits the\nhypervisor to discard this SLB entry (because slb_shadow->persistent is\nonly set to SLB_NUM_BOLTED) although it's not known whether any\nimplementations would do this (KVM does not). So this is an extremely\nunlikely bug, only found by inspection.\n\nFix this by also storing user r13 in a temporary location on the kernel\nstack and don't change the r13 register from kernel r13 until the RI=0\ncritical section that does not fault.\n\nThe SCRATCH0 change is not strictly part of the fix, it's only used in\nthe RI=0 section so it does not have the same problem as the previous\nSCRATCH0 bug.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49164" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd92f817-dd16-4015-ad18-c3077e8ff948.json b/objects/vulnerability/vulnerability--dd92f817-dd16-4015-ad18-c3077e8ff948.json new file mode 100644 index 00000000000..32e40cb3e61 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd92f817-dd16-4015-ad18-c3077e8ff948.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee8eeeed-7371-49e7-9c8e-3fdf55ef816c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd92f817-dd16-4015-ad18-c3077e8ff948", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.702092Z", + "modified": "2025-02-27T00:38:15.702092Z", + "name": "CVE-2022-49523", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: disable spectral scan during spectral deinit\n\nWhen ath11k modules are removed using rmmod with spectral scan enabled,\ncrash is observed. Different crash trace is observed for each crash.\n\nSend spectral scan disable WMI command to firmware before cleaning\nthe spectral dbring in the spectral_deinit API to avoid this crash.\n\ncall trace from one of the crash observed:\n[ 1252.880802] Unable to handle kernel NULL pointer dereference at virtual address 00000008\n[ 1252.882722] pgd = 0f42e886\n[ 1252.890955] [00000008] *pgd=00000000\n[ 1252.893478] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[ 1253.093035] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.89 #0\n[ 1253.115261] Hardware name: Generic DT based system\n[ 1253.121149] PC is at ath11k_spectral_process_data+0x434/0x574 [ath11k]\n[ 1253.125940] LR is at 0x88e31017\n[ 1253.132448] pc : [<7f9387b8>] lr : [<88e31017>] psr: a0000193\n[ 1253.135488] sp : 80d01bc8 ip : 00000001 fp : 970e0000\n[ 1253.141737] r10: 88e31000 r9 : 970ec000 r8 : 00000080\n[ 1253.146946] r7 : 94734040 r6 : a0000113 r5 : 00000057 r4 : 00000000\n[ 1253.152159] r3 : e18cb694 r2 : 00000217 r1 : 1df1f000 r0 : 00000001\n[ 1253.158755] Flags: NzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user\n[ 1253.165266] Control: 10c0383d Table: 5e71006a DAC: 00000055\n[ 1253.172472] Process swapper/0 (pid: 0, stack limit = 0x60870141)\n[ 1253.458055] [<7f9387b8>] (ath11k_spectral_process_data [ath11k]) from [<7f917fdc>] (ath11k_dbring_buffer_release_event+0x214/0x2e4 [ath11k])\n[ 1253.466139] [<7f917fdc>] (ath11k_dbring_buffer_release_event [ath11k]) from [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx+0x1840/0x29cc [ath11k])\n[ 1253.478807] [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx [ath11k]) from [<7f8fe868>] (ath11k_htc_rx_completion_handler+0x180/0x4e0 [ath11k])\n[ 1253.490699] [<7f8fe868>] (ath11k_htc_rx_completion_handler [ath11k]) from [<7f91308c>] (ath11k_ce_per_engine_service+0x2c4/0x3b4 [ath11k])\n[ 1253.502386] [<7f91308c>] (ath11k_ce_per_engine_service [ath11k]) from [<7f9a4198>] (ath11k_pci_ce_tasklet+0x28/0x80 [ath11k_pci])\n[ 1253.514811] [<7f9a4198>] (ath11k_pci_ce_tasklet [ath11k_pci]) from [<8032227c>] (tasklet_action_common.constprop.2+0x64/0xe8)\n[ 1253.526476] [<8032227c>] (tasklet_action_common.constprop.2) from [<803021e8>] (__do_softirq+0x130/0x2d0)\n[ 1253.537756] [<803021e8>] (__do_softirq) from [<80322610>] (irq_exit+0xcc/0xe8)\n[ 1253.547304] [<80322610>] (irq_exit) from [<8036a4a4>] (__handle_domain_irq+0x60/0xb4)\n[ 1253.554428] [<8036a4a4>] (__handle_domain_irq) from [<805eb348>] (gic_handle_irq+0x4c/0x90)\n[ 1253.562321] [<805eb348>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)\n\nTested-on: QCN6122 hw1.0 AHB WLAN.HK.2.6.0.1-00851-QCAHKSWPL_SILICONZ-1", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49523" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd9af812-db4b-4d32-98b5-2a6fc87089f5.json b/objects/vulnerability/vulnerability--dd9af812-db4b-4d32-98b5-2a6fc87089f5.json new file mode 100644 index 00000000000..5fa391f3edb --- /dev/null +++ b/objects/vulnerability/vulnerability--dd9af812-db4b-4d32-98b5-2a6fc87089f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c525af06-6e8c-49e5-8c3c-39df4eccef16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd9af812-db4b-4d32-98b5-2a6fc87089f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.669064Z", + "modified": "2025-02-27T00:38:15.669064Z", + "name": "CVE-2022-49489", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume\n\nBUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3\n\nCall trace:\n dpu_vbif_init_memtypes+0x40/0xb8\n dpu_runtime_resume+0xcc/0x1c0\n pm_generic_runtime_resume+0x30/0x44\n __genpd_runtime_resume+0x68/0x7c\n genpd_runtime_resume+0x134/0x258\n __rpm_callback+0x98/0x138\n rpm_callback+0x30/0x88\n rpm_resume+0x36c/0x49c\n __pm_runtime_resume+0x80/0xb0\n dpu_core_irq_uninstall+0x30/0xb0\n dpu_irq_uninstall+0x18/0x24\n msm_drm_uninit+0xd8/0x16c\n\nPatchwork: https://patchwork.freedesktop.org/patch/483255/\n[DB: fixed Fixes tag]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49489" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ddc63236-09d1-4bc4-a068-464e8c723b93.json b/objects/vulnerability/vulnerability--ddc63236-09d1-4bc4-a068-464e8c723b93.json new file mode 100644 index 00000000000..b0ec891c2e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--ddc63236-09d1-4bc4-a068-464e8c723b93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9eda1c5f-fe6d-416a-a241-403a3d0d0c16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ddc63236-09d1-4bc4-a068-464e8c723b93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.762432Z", + "modified": "2025-02-27T00:38:07.762432Z", + "name": "CVE-2025-20119", + "description": "A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20119" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de9b5917-9908-4c83-b837-d797d8ed82d9.json b/objects/vulnerability/vulnerability--de9b5917-9908-4c83-b837-d797d8ed82d9.json new file mode 100644 index 00000000000..4db2db9350c --- /dev/null +++ b/objects/vulnerability/vulnerability--de9b5917-9908-4c83-b837-d797d8ed82d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ebd8bac3-f2a3-4ec2-bf15-74d0a43b4bc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de9b5917-9908-4c83-b837-d797d8ed82d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.771591Z", + "modified": "2025-02-27T00:38:15.771591Z", + "name": "CVE-2022-49145", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Avoid out of bounds access when parsing _CPC data\n\nIf the NumEntries field in the _CPC return package is less than 2, do\nnot attempt to access the \"Revision\" element of that package, because\nit may not be present then.\n\nBugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49145" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df629866-56c9-4911-90c3-8ff387131a34.json b/objects/vulnerability/vulnerability--df629866-56c9-4911-90c3-8ff387131a34.json new file mode 100644 index 00000000000..1e1156fd176 --- /dev/null +++ b/objects/vulnerability/vulnerability--df629866-56c9-4911-90c3-8ff387131a34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2046d0d1-428f-4b33-b576-db82ef7b4270", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df629866-56c9-4911-90c3-8ff387131a34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.450924Z", + "modified": "2025-02-27T00:38:15.450924Z", + "name": "CVE-2022-49483", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit\n\nIf edp modeset init is failed due to panel being not ready and\nprobe defers during drm bind, avoid clearing irqs and dereference\nhw_intr when hw_intr is null.\n\nBUG: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n\nCall trace:\n dpu_core_irq_uninstall+0x50/0xb0\n dpu_irq_uninstall+0x18/0x24\n msm_drm_uninit+0xd8/0x16c\n msm_drm_bind+0x580/0x5fc\n try_to_bring_up_master+0x168/0x1c0\n __component_add+0xb4/0x178\n component_add+0x1c/0x28\n dp_display_probe+0x38c/0x400\n platform_probe+0xb0/0xd0\n really_probe+0xcc/0x2c8\n __driver_probe_device+0xbc/0xe8\n driver_probe_device+0x48/0xf0\n __device_attach_driver+0xa0/0xc8\n bus_for_each_drv+0x8c/0xd8\n __device_attach+0xc4/0x150\n device_initial_probe+0x1c/0x28\n\nChanges in V2:\n- Update commit message and coreect fixes tag.\n\nPatchwork: https://patchwork.freedesktop.org/patch/484430/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df755be6-739b-4740-a17b-ae7e9ec587d9.json b/objects/vulnerability/vulnerability--df755be6-739b-4740-a17b-ae7e9ec587d9.json new file mode 100644 index 00000000000..9a368c774c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--df755be6-739b-4740-a17b-ae7e9ec587d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06931954-f9bb-46c0-b3f8-7a06d7c0ac87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df755be6-739b-4740-a17b-ae7e9ec587d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.31736Z", + "modified": "2025-02-27T00:38:15.31736Z", + "name": "CVE-2022-49478", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init\n\nSyzbot reported that -1 is used as array index. The problem was in\nmissing validation check.\n\nhdw->unit_number is initialized with -1 and then if init table walk fails\nthis value remains unchanged. Since code blindly uses this member for\narray indexing adding sanity check is the easiest fix for that.\n\nhdw->workpoll initialization moved upper to prevent warning in\n__flush_work.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49478" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df84c15d-c85f-41fb-b4a6-2e85d2b090c2.json b/objects/vulnerability/vulnerability--df84c15d-c85f-41fb-b4a6-2e85d2b090c2.json new file mode 100644 index 00000000000..37da4e51337 --- /dev/null +++ b/objects/vulnerability/vulnerability--df84c15d-c85f-41fb-b4a6-2e85d2b090c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4160c11-fb8e-4786-9930-b2747a55e232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df84c15d-c85f-41fb-b4a6-2e85d2b090c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.350304Z", + "modified": "2025-02-27T00:38:15.350304Z", + "name": "CVE-2022-49085", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: Fix five use after free bugs in get_initial_state\n\nIn get_initial_state, it calls notify_initial_state_done(skb,..) if\ncb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),\nthe skb will be freed by nlmsg_free(skb).\nThen get_initial_state will goto out and the freed skb will be used by\nreturn value skb->len, which is a uaf bug.\n\nWhat's worse, the same problem goes even further: skb can also be\nfreed in the notify_*_state_change -> notify_*_state calls below.\nThus 4 additional uaf bugs happened.\n\nMy patch lets the problem callee functions: notify_initial_state_done\nand notify_*_state_change return an error code if errors happen.\nSo that the error codes could be propagated and the uaf bugs can be avoid.\n\nv2 reports a compilation warning. This v3 fixed this warning and built\nsuccessfully in my local environment with no additional warnings.\nv2: https://lore.kernel.org/patchwork/patch/1435218/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49085" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e14208c8-4b18-4f09-b12e-8d6b98902084.json b/objects/vulnerability/vulnerability--e14208c8-4b18-4f09-b12e-8d6b98902084.json new file mode 100644 index 00000000000..6f3704a4dde --- /dev/null +++ b/objects/vulnerability/vulnerability--e14208c8-4b18-4f09-b12e-8d6b98902084.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74784db0-2f29-4c5e-9dd8-343d8b4fd1d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e14208c8-4b18-4f09-b12e-8d6b98902084", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.72002Z", + "modified": "2025-02-27T00:38:15.72002Z", + "name": "CVE-2022-49376", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: Fix potential NULL pointer dereference\n\nIf sd_probe() sees an early error before sdkp->device is initialized,\nsd_zbc_release_disk() is called. This causes a NULL pointer dereference\nwhen sd_is_zoned() is called inside that function. Avoid this by removing\nthe call to sd_zbc_release_disk() in sd_probe() error path.\n\nThis change is safe and does not result in zone information memory leakage\nbecause the zone information for a zoned disk is allocated only when\nsd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set,\nresulting in sd_disk_release() being called when needed to cleanup a disk\nzone information using sd_zbc_release_disk().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49376" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1ded156-0974-4d2d-a3d2-7b87f0b66001.json b/objects/vulnerability/vulnerability--e1ded156-0974-4d2d-a3d2-7b87f0b66001.json new file mode 100644 index 00000000000..8112f66b04a --- /dev/null +++ b/objects/vulnerability/vulnerability--e1ded156-0974-4d2d-a3d2-7b87f0b66001.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f58e38c-219b-4715-82dd-4e69acd3e518", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1ded156-0974-4d2d-a3d2-7b87f0b66001", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.260865Z", + "modified": "2025-02-27T00:38:15.260865Z", + "name": "CVE-2022-49369", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\namt: fix possible memory leak in amt_rcv()\n\nIf an amt receives packets and it finds socket.\nIf it can't find a socket, it should free a received skb.\nBut it doesn't.\nSo, a memory leak would possibly occur.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1f9471e-6551-40d0-8cd0-5ad6b81da171.json b/objects/vulnerability/vulnerability--e1f9471e-6551-40d0-8cd0-5ad6b81da171.json new file mode 100644 index 00000000000..84933fc0b3c --- /dev/null +++ b/objects/vulnerability/vulnerability--e1f9471e-6551-40d0-8cd0-5ad6b81da171.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd0c87a9-5382-4ea0-b097-d1b368fd3b99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1f9471e-6551-40d0-8cd0-5ad6b81da171", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.466086Z", + "modified": "2025-02-27T00:38:15.466086Z", + "name": "CVE-2022-49396", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp: fix reset-controller leak on probe errors\n\nMake sure to release the lane reset controller in case of a late probe\nerror (e.g. probe deferral).\n\nNote that due to the reset controller being defined in devicetree in\n\"lane\" child nodes, devm_reset_control_get_exclusive() cannot be used\ndirectly.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49396" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e205d8c2-9894-4abe-8a73-cc48d5eeb8a2.json b/objects/vulnerability/vulnerability--e205d8c2-9894-4abe-8a73-cc48d5eeb8a2.json new file mode 100644 index 00000000000..f9b1ad78c38 --- /dev/null +++ b/objects/vulnerability/vulnerability--e205d8c2-9894-4abe-8a73-cc48d5eeb8a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55c79831-1f4d-4077-8cfd-a1bcc8a0c3cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e205d8c2-9894-4abe-8a73-cc48d5eeb8a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.443337Z", + "modified": "2025-02-27T00:38:15.443337Z", + "name": "CVE-2022-49068", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: release correct delalloc amount in direct IO write path\n\nRunning generic/406 causes the following WARNING in btrfs_destroy_inode()\nwhich tells there are outstanding extents left.\n\nIn btrfs_get_blocks_direct_write(), we reserve a temporary outstanding\nextents with btrfs_delalloc_reserve_metadata() (or indirectly from\nbtrfs_delalloc_reserve_space(()). We then release the outstanding extents\nwith btrfs_delalloc_release_extents(). However, the \"len\" can be modified\nin the COW case, which releases fewer outstanding extents than expected.\n\nFix it by calling btrfs_delalloc_release_extents() for the original length.\n\nTo reproduce the warning, the filesystem should be 1 GiB. It's\ntriggering a short-write, due to not being able to allocate a large\nextent and instead allocating a smaller one.\n\n WARNING: CPU: 0 PID: 757 at fs/btrfs/inode.c:8848 btrfs_destroy_inode+0x1e6/0x210 [btrfs]\n Modules linked in: btrfs blake2b_generic xor lzo_compress\n lzo_decompress raid6_pq zstd zstd_decompress zstd_compress xxhash zram\n zsmalloc\n CPU: 0 PID: 757 Comm: umount Not tainted 5.17.0-rc8+ #101\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014\n RIP: 0010:btrfs_destroy_inode+0x1e6/0x210 [btrfs]\n RSP: 0018:ffffc9000327bda8 EFLAGS: 00010206\n RAX: 0000000000000000 RBX: ffff888100548b78 RCX: 0000000000000000\n RDX: 0000000000026900 RSI: 0000000000000000 RDI: ffff888100548b78\n RBP: ffff888100548940 R08: 0000000000000000 R09: ffff88810b48aba8\n R10: 0000000000000001 R11: ffff8881004eb240 R12: ffff88810b48a800\n R13: ffff88810b48ec08 R14: ffff88810b48ed00 R15: ffff888100490c68\n FS: 00007f8549ea0b80(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f854a09e733 CR3: 000000010a2e9003 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n destroy_inode+0x33/0x70\n dispose_list+0x43/0x60\n evict_inodes+0x161/0x1b0\n generic_shutdown_super+0x2d/0x110\n kill_anon_super+0xf/0x20\n btrfs_kill_super+0xd/0x20 [btrfs]\n deactivate_locked_super+0x27/0x90\n cleanup_mnt+0x12c/0x180\n task_work_run+0x54/0x80\n exit_to_user_mode_prepare+0x152/0x160\n syscall_exit_to_user_mode+0x12/0x30\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f854a000fb7", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e20deba1-16f2-49ba-b92b-b607e1a3a2c6.json b/objects/vulnerability/vulnerability--e20deba1-16f2-49ba-b92b-b607e1a3a2c6.json new file mode 100644 index 00000000000..92904a19ae2 --- /dev/null +++ b/objects/vulnerability/vulnerability--e20deba1-16f2-49ba-b92b-b607e1a3a2c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--88d84ac0-3398-4f27-b95a-4f1d57f1a54c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e20deba1-16f2-49ba-b92b-b607e1a3a2c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.56883Z", + "modified": "2025-02-27T00:38:15.56883Z", + "name": "CVE-2022-49612", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: core: Fix boundary conditions in interpolation\n\nThe functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple\nhandle boundary conditions incorrectly.\nThe change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283\n(\"power: supply: core: Use library interpolation\").\nThere are two issues: First, the lines \"high = i - 1\" and \"high = i\" in ocv2cap\nhave the wrong order compared to temp2resist. As a consequence, ocv2cap\nsets high=-1 if ocv>table[0].ocv, which causes an out-of-bounds read.\nSecond, the logic of temp2resist is also not correct.\nConsider the case table[] = {{20, 100}, {10, 80}, {0, 60}}.\nFor temp=5, we expect a resistance of 70% by interpolation.\nHowever, temp2resist sets high=low=2 and returns 60.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e325c8ad-522b-46aa-ac97-87b39b7eb4f8.json b/objects/vulnerability/vulnerability--e325c8ad-522b-46aa-ac97-87b39b7eb4f8.json new file mode 100644 index 00000000000..2f74a521198 --- /dev/null +++ b/objects/vulnerability/vulnerability--e325c8ad-522b-46aa-ac97-87b39b7eb4f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7979b2fc-45b6-4301-ba33-d9eaaf2a8752", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e325c8ad-522b-46aa-ac97-87b39b7eb4f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.579075Z", + "modified": "2025-02-27T00:38:01.579075Z", + "name": "CVE-2024-13628", + "description": "The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13628" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3f8bff0-99e4-45e9-8eb3-678a4375579a.json b/objects/vulnerability/vulnerability--e3f8bff0-99e4-45e9-8eb3-678a4375579a.json new file mode 100644 index 00000000000..27dd9361ba6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e3f8bff0-99e4-45e9-8eb3-678a4375579a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4baddaeb-e51b-44e8-ae2a-a87863ae6c78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3f8bff0-99e4-45e9-8eb3-678a4375579a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.281847Z", + "modified": "2025-02-27T00:38:15.281847Z", + "name": "CVE-2022-49183", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ct: fix ref leak when switching zones\n\nWhen switching zones or network namespaces without doing a ct clear in\nbetween, it is now leaking a reference to the old ct entry. That's\nbecause tcf_ct_skb_nfct_cached() returns false and\ntcf_ct_flow_table_lookup() may simply overwrite it.\n\nThe fix is to, as the ct entry is not reusable, free it already at\ntcf_ct_skb_nfct_cached().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49183" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e44bfd82-0f57-4fff-875c-80e1ad60e699.json b/objects/vulnerability/vulnerability--e44bfd82-0f57-4fff-875c-80e1ad60e699.json new file mode 100644 index 00000000000..660d3045bbf --- /dev/null +++ b/objects/vulnerability/vulnerability--e44bfd82-0f57-4fff-875c-80e1ad60e699.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed474d33-aea7-45c7-8451-fbcafd5460f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e44bfd82-0f57-4fff-875c-80e1ad60e699", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.729712Z", + "modified": "2025-02-27T00:38:07.729712Z", + "name": "CVE-2025-25825", + "description": "A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25825" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e480ccca-b741-4fc0-8d08-8ec77b895555.json b/objects/vulnerability/vulnerability--e480ccca-b741-4fc0-8d08-8ec77b895555.json new file mode 100644 index 00000000000..cb3b71571b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e480ccca-b741-4fc0-8d08-8ec77b895555.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b4dabc9-5400-41f8-9e71-4aead588bc6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e480ccca-b741-4fc0-8d08-8ec77b895555", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.411301Z", + "modified": "2025-02-27T00:38:15.411301Z", + "name": "CVE-2022-49606", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix sleep from invalid context BUG\n\nTaking the qos_mutex to process RoCEv2 QP's on netdev events causes a\nkernel splat.\n\nFix this by removing the handling for RoCEv2 in\nirdma_cm_teardown_connections that uses the mutex. This handling is only\nneeded for iWARP to avoid having connections established while the link is\ndown or having connections remain functional after the IP address is\nremoved.\n\n BUG: sleeping function called from invalid context at kernel/locking/mutex.\n Call Trace:\n kernel: dump_stack+0x66/0x90\n kernel: ___might_sleep.cold.92+0x8d/0x9a\n kernel: mutex_lock+0x1c/0x40\n kernel: irdma_cm_teardown_connections+0x28e/0x4d0 [irdma]\n kernel: ? check_preempt_curr+0x7a/0x90\n kernel: ? select_idle_sibling+0x22/0x3c0\n kernel: ? select_task_rq_fair+0x94c/0xc90\n kernel: ? irdma_exec_cqp_cmd+0xc27/0x17c0 [irdma]\n kernel: ? __wake_up_common+0x7a/0x190\n kernel: irdma_if_notify+0x3cc/0x450 [irdma]\n kernel: ? sched_clock_cpu+0xc/0xb0\n kernel: irdma_inet6addr_event+0xc6/0x150 [irdma]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e493984e-e0cf-47e5-84da-01b608227925.json b/objects/vulnerability/vulnerability--e493984e-e0cf-47e5-84da-01b608227925.json new file mode 100644 index 00000000000..807b3739ab2 --- /dev/null +++ b/objects/vulnerability/vulnerability--e493984e-e0cf-47e5-84da-01b608227925.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d00f8981-0ee9-4d3a-98db-81eed0699d31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e493984e-e0cf-47e5-84da-01b608227925", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.513571Z", + "modified": "2025-02-27T00:38:15.513571Z", + "name": "CVE-2022-49103", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()\n\n[You don't often get email from xiongx18@fudan.edu.cn. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]\n\nThe reference counting issue happens in two error paths in the\nfunction _nfs42_proc_copy_notify(). In both error paths, the function\nsimply returns the error code and forgets to balance the refcount of\nobject `ctx`, bumped by get_nfs_open_context() earlier, which may\ncause refcount leaks.\n\nFix it by balancing refcount of the `ctx` object before the function\nreturns in both error paths.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4b5fdb3-db5d-49a8-8167-ed05c351c1d7.json b/objects/vulnerability/vulnerability--e4b5fdb3-db5d-49a8-8167-ed05c351c1d7.json new file mode 100644 index 00000000000..ad3a644412c --- /dev/null +++ b/objects/vulnerability/vulnerability--e4b5fdb3-db5d-49a8-8167-ed05c351c1d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d07121ef-5b3f-4c23-a250-3049415ab2e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4b5fdb3-db5d-49a8-8167-ed05c351c1d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.67113Z", + "modified": "2025-02-27T00:38:15.67113Z", + "name": "CVE-2022-49284", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: syscfg: Fix memleak on registration failure in cscfg_create_device\n\ndevice_register() calls device_initialize(),\naccording to doc of device_initialize:\n\n Use put_device() to give up your reference instead of freeing\n * @dev directly once you have called this function.\n\nTo prevent potential memleak, use put_device() for error handling.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49284" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e55553ae-8c47-48e9-a83d-430c18daf1c0.json b/objects/vulnerability/vulnerability--e55553ae-8c47-48e9-a83d-430c18daf1c0.json new file mode 100644 index 00000000000..fc0290afaf9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e55553ae-8c47-48e9-a83d-430c18daf1c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc5de5f2-6037-4a76-a2de-ffb00c7ae84c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e55553ae-8c47-48e9-a83d-430c18daf1c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.376834Z", + "modified": "2025-02-27T00:38:15.376834Z", + "name": "CVE-2022-49157", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix premature hw access after PCI error\n\nAfter a recoverable PCI error has been detected and recovered, qla driver\nneeds to check to see if the error condition still persist and/or wait\nfor the OS to give the resume signal.\n\nSep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440\nqla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx]\nSep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60\n[qla2xxx]\nSep 8 22:26:03 localhost kernel: Call Trace:\nSep 8 22:26:03 localhost kernel: ? qla27xx_walk_template+0xb1/0x1b0 [qla2xxx]\nSep 8 22:26:03 localhost kernel: ? qla27xx_execute_fwdt_template+0x12a/0x160\n[qla2xxx]\nSep 8 22:26:03 localhost kernel: ? qla27xx_fwdump+0xa0/0x1c0 [qla2xxx]\nSep 8 22:26:03 localhost kernel: ? qla2xxx_pci_mmio_enabled+0xfb/0x120\n[qla2xxx]\nSep 8 22:26:03 localhost kernel: ? report_mmio_enabled+0x44/0x80\nSep 8 22:26:03 localhost kernel: ? report_slot_reset+0x80/0x80\nSep 8 22:26:03 localhost kernel: ? pci_walk_bus+0x70/0x90\nSep 8 22:26:03 localhost kernel: ? aer_dev_correctable_show+0xc0/0xc0\nSep 8 22:26:03 localhost kernel: ? pcie_do_recovery+0x1bb/0x240\nSep 8 22:26:03 localhost kernel: ? aer_recover_work_func+0xaa/0xd0\nSep 8 22:26:03 localhost kernel: ? process_one_work+0x1a7/0x360\n..\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-8041:22: detected PCI\ndisconnect.\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22:\nqla27xx_fwdt_entry_t262: dump ram MB failed. Area 5h start 198013h end 198013h\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: Unable to\ncapture FW dump\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-1015:22: cmd=0x0,\nwaited 5221 msecs\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-680d:22: mmio\nenabled returning.\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-d04c:22: MBX\nCommand timeout for cmd 0, iocontrol=ffffffff jiffies=10140f2e5\nmb[0-3]=[0xffff 0xffff 0xffff 0xffff]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49157" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e58fd032-0f8a-4a38-a924-07dd6f5d476d.json b/objects/vulnerability/vulnerability--e58fd032-0f8a-4a38-a924-07dd6f5d476d.json new file mode 100644 index 00000000000..054117fba48 --- /dev/null +++ b/objects/vulnerability/vulnerability--e58fd032-0f8a-4a38-a924-07dd6f5d476d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ecbf5542-4d06-4651-8b85-1ece75c5abfd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e58fd032-0f8a-4a38-a924-07dd6f5d476d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.491769Z", + "modified": "2025-02-27T00:38:15.491769Z", + "name": "CVE-2022-49179", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don't move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203] dump_backtrace+0x0/0x310\n[ 2073.019206] show_stack+0x28/0x38\n[ 2073.019210] dump_stack+0xec/0x15c\n[ 2073.019216] print_address_description+0x68/0x2d0\n[ 2073.019220] kasan_report+0x238/0x2f0\n[ 2073.019224] __asan_store8+0x88/0xb0\n[ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233] bfq_put_async_queues+0xbc/0x208\n[ 2073.019236] bfq_pd_offline+0x178/0x238\n[ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244] bfq_exit_queue+0x128/0x178\n[ 2073.019249] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252] elevator_exit+0xc8/0xd0\n[ 2073.019256] blk_exit_queue+0x50/0x88\n[ 2073.019259] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274] null_exit+0x90/0x114 [null_blk]\n[ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282] el0_svc_common+0xc8/0x320\n[ 2073.019287] el0_svc_handler+0xf8/0x160\n[ 2073.019290] el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301] kasan_kmalloc+0xe0/0x190\n[ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308] bfq_pd_alloc+0x54/0x118\n[ 2073.019313] blkcg_activate_policy+0x250/0x460\n[ 2073.019317] bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321] bfq_init_queue+0x6d0/0x948\n[ 2073.019325] blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330] elevator_switch_mq+0x88/0x170\n[ 2073.019334] elevator_switch+0x140/0x270\n[ 2073.019338] elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342] queue_attr_store+0x90/0xe0\n[ 2073.019348] sysfs_kf_write+0xa8/0xe8\n[ 2073.019351] kernfs_fop_write+0x1f8/0x378\n[ 2073.019359] __vfs_write+0xe0/0x360\n[ 2073.019363] vfs_write+0xf0/0x270\n[ 2073.019367] ksys_write+0xdc/0x1b8\n[ 2073.019371] __arm64_sys_write+0x50/0x60\n[ 2073.019375] el0_svc_common+0xc8/0x320\n[ 2073.019380] el0_svc_handler+0xf8/0x160\n[ 2073.019383] el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391] __kasan_slab_free+0x120/0x228\n[ 2073.019394] kasan_slab_free+0x10/0x18\n[ 2073.019397] kfree+0x94/0x368\n[ 2073.019400] bfqg_put+0x64/0xb0\n[ 2073.019404] bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408] bfq_put_queue+0x220/0x228\n[ 2073.019413] __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416] bfq_put_async_queues+0xbc/0x208\n[ 2073.019420] bfq_pd_offline+0x178/0x238\n[ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429] bfq_exit_queue+0x128/0x178\n[ 2073.019433] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437] elevator_exit+0xc8/0xd0\n[ 2073.019440] blk_exit_queue+0x50/0x88\n[ 2073.019443] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459] null_exit+0x90/0x114 [null_blk]\n[ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467] el0_svc_common+0xc8/0x320\n[ 2073.019471] el0_svc_handler+0xf8/0x160\n[ 2073.019474] el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49179" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6b9005a-07b8-44d0-8fa2-240bb1386ae5.json b/objects/vulnerability/vulnerability--e6b9005a-07b8-44d0-8fa2-240bb1386ae5.json new file mode 100644 index 00000000000..84874bfc9fe --- /dev/null +++ b/objects/vulnerability/vulnerability--e6b9005a-07b8-44d0-8fa2-240bb1386ae5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9324fe83-88f6-4b6f-9bd3-d32b36629548", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6b9005a-07b8-44d0-8fa2-240bb1386ae5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.719636Z", + "modified": "2025-02-27T00:38:07.719636Z", + "name": "CVE-2025-25802", + "description": "SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6e9c591-7bbf-4b5c-a172-8d086f68457d.json b/objects/vulnerability/vulnerability--e6e9c591-7bbf-4b5c-a172-8d086f68457d.json new file mode 100644 index 00000000000..d99a551adf2 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6e9c591-7bbf-4b5c-a172-8d086f68457d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc92e2fa-4beb-4f64-abac-bf93c33676d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6e9c591-7bbf-4b5c-a172-8d086f68457d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.55087Z", + "modified": "2025-02-27T00:38:15.55087Z", + "name": "CVE-2022-49051", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: Fix out-of-bounds accesses in RX fixup\n\naqc111_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds,\n causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n endianness flip to corrupt data used by a cloned SKB that has already\n been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n causing out-of-bounds heap data to be considered part of the SKB's\n data.\n\nFound doing variant analysis. Tested it with another driver (ax88179_178a), since\nI don't have a aqc111 device to test it, but the code looks very similar.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49051" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7277a49-0a02-4524-b540-8e51489ac798.json b/objects/vulnerability/vulnerability--e7277a49-0a02-4524-b540-8e51489ac798.json new file mode 100644 index 00000000000..53714a81f5e --- /dev/null +++ b/objects/vulnerability/vulnerability--e7277a49-0a02-4524-b540-8e51489ac798.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dee1a8d8-2846-4cb9-b3be-ac68c48fe30e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7277a49-0a02-4524-b540-8e51489ac798", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.677539Z", + "modified": "2025-02-27T00:38:15.677539Z", + "name": "CVE-2022-49139", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix null ptr deref on hci_sync_conn_complete_evt\n\nThis event is just specified for SCO and eSCO link types.\nOn the reception of a HCI_Synchronous_Connection_Complete for a BDADDR\nof an existing LE connection, LE link type and a status that triggers the\nsecond case of the packet processing a NULL pointer dereference happens,\nas conn->link is NULL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7e1e25e-ec24-43e8-afa9-950f753fd8ae.json b/objects/vulnerability/vulnerability--e7e1e25e-ec24-43e8-afa9-950f753fd8ae.json new file mode 100644 index 00000000000..630beb5579a --- /dev/null +++ b/objects/vulnerability/vulnerability--e7e1e25e-ec24-43e8-afa9-950f753fd8ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--139bfab6-79ed-4b37-aed0-48b7e472206b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7e1e25e-ec24-43e8-afa9-950f753fd8ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.588832Z", + "modified": "2025-02-27T00:38:15.588832Z", + "name": "CVE-2022-49216", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix reference leak in tegra_dsi_ganged_probe\n\nThe reference taken by 'of_find_device_by_node()' must be released when\nnot needed anymore. Add put_device() call to fix this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49216" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e803cdd3-9c32-483d-9269-23e0f9f4d6a6.json b/objects/vulnerability/vulnerability--e803cdd3-9c32-483d-9269-23e0f9f4d6a6.json new file mode 100644 index 00000000000..ff6f7c93dcf --- /dev/null +++ b/objects/vulnerability/vulnerability--e803cdd3-9c32-483d-9269-23e0f9f4d6a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6dc4c74-6d19-4a6d-aaa1-100146e19d81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e803cdd3-9c32-483d-9269-23e0f9f4d6a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.768907Z", + "modified": "2025-02-27T00:38:15.768907Z", + "name": "CVE-2022-49414", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race condition between ext4_write and ext4_convert_inline_data\n\nHulk Robot reported a BUG_ON:\n ==================================================================\n EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0,\n block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters\n kernel BUG at fs/ext4/ext4_jbd2.c:53!\n invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+ #1\n RIP: 0010:ext4_put_nojournal fs/ext4/ext4_jbd2.c:53 [inline]\n RIP: 0010:__ext4_journal_stop+0x10e/0x110 fs/ext4/ext4_jbd2.c:116\n [...]\n Call Trace:\n ext4_write_inline_data_end+0x59a/0x730 fs/ext4/inline.c:795\n generic_perform_write+0x279/0x3c0 mm/filemap.c:3344\n ext4_buffered_write_iter+0x2e3/0x3d0 fs/ext4/file.c:270\n ext4_file_write_iter+0x30a/0x11c0 fs/ext4/file.c:520\n do_iter_readv_writev+0x339/0x3c0 fs/read_write.c:732\n do_iter_write+0x107/0x430 fs/read_write.c:861\n vfs_writev fs/read_write.c:934 [inline]\n do_pwritev+0x1e5/0x380 fs/read_write.c:1031\n [...]\n ==================================================================\n\nAbove issue may happen as follows:\n cpu1 cpu2\n__________________________|__________________________\ndo_pwritev\n vfs_writev\n do_iter_write\n ext4_file_write_iter\n ext4_buffered_write_iter\n generic_perform_write\n ext4_da_write_begin\n vfs_fallocate\n ext4_fallocate\n ext4_convert_inline_data\n ext4_convert_inline_data_nolock\n ext4_destroy_inline_data_nolock\n clear EXT4_STATE_MAY_INLINE_DATA\n ext4_map_blocks\n ext4_ext_map_blocks\n ext4_mb_new_blocks\n ext4_mb_regular_allocator\n ext4_mb_good_group_nolock\n ext4_mb_init_group\n ext4_mb_init_cache\n ext4_mb_generate_buddy --> error\n ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)\n ext4_restore_inline_data\n set EXT4_STATE_MAY_INLINE_DATA\n ext4_block_write_begin\n ext4_da_write_end\n ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)\n ext4_write_inline_data_end\n handle=NULL\n ext4_journal_stop(handle)\n __ext4_journal_stop\n ext4_put_nojournal(handle)\n ref_cnt = (unsigned long)handle\n BUG_ON(ref_cnt == 0) ---> BUG_ON\n\nThe lock held by ext4_convert_inline_data is xattr_sem, but the lock\nheld by generic_perform_write is i_rwsem. Therefore, the two locks can\nbe concurrent.\n\nTo solve above issue, we add inode_lock() for ext4_convert_inline_data().\nAt the same time, move ext4_convert_inline_data() in front of\next4_punch_hole(), remove similar handling from ext4_punch_hole().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49414" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8498a89-99cc-4135-8d72-6286580170ef.json b/objects/vulnerability/vulnerability--e8498a89-99cc-4135-8d72-6286580170ef.json new file mode 100644 index 00000000000..8a8ee900846 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8498a89-99cc-4135-8d72-6286580170ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e42258ec-bf88-4dab-ac26-6b9bb40c6354", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8498a89-99cc-4135-8d72-6286580170ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.642937Z", + "modified": "2025-02-27T00:38:01.642937Z", + "name": "CVE-2024-13631", + "description": "The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8f1a596-e234-4414-874a-91e6a4a00752.json b/objects/vulnerability/vulnerability--e8f1a596-e234-4414-874a-91e6a4a00752.json new file mode 100644 index 00000000000..833241a168d --- /dev/null +++ b/objects/vulnerability/vulnerability--e8f1a596-e234-4414-874a-91e6a4a00752.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b67cc6b7-b349-4334-8e8b-ec391fc2512d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8f1a596-e234-4414-874a-91e6a4a00752", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.583996Z", + "modified": "2025-02-27T00:38:15.583996Z", + "name": "CVE-2022-49063", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: arfs: fix use-after-free when freeing @rx_cpu_rmap\n\nThe CI testing bots triggered the following splat:\n\n[ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80\n[ 718.206349] Read of size 4 at addr ffff8881bd127e00 by task sh/20834\n[ 718.212852] CPU: 28 PID: 20834 Comm: sh Kdump: loaded Tainted: G S W IOE 5.17.0-rc8_nextqueue-devqueue-02643-g23f3121aca93 #1\n[ 718.219695] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0012.070720200218 07/07/2020\n[ 718.223418] Call Trace:\n[ 718.227139]\n[ 718.230783] dump_stack_lvl+0x33/0x42\n[ 718.234431] print_address_description.constprop.9+0x21/0x170\n[ 718.238177] ? free_irq_cpu_rmap+0x53/0x80\n[ 718.241885] ? free_irq_cpu_rmap+0x53/0x80\n[ 718.245539] kasan_report.cold.18+0x7f/0x11b\n[ 718.249197] ? free_irq_cpu_rmap+0x53/0x80\n[ 718.252852] free_irq_cpu_rmap+0x53/0x80\n[ 718.256471] ice_free_cpu_rx_rmap.part.11+0x37/0x50 [ice]\n[ 718.260174] ice_remove_arfs+0x5f/0x70 [ice]\n[ 718.263810] ice_rebuild_arfs+0x3b/0x70 [ice]\n[ 718.267419] ice_rebuild+0x39c/0xb60 [ice]\n[ 718.270974] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[ 718.274472] ? ice_init_phy_user_cfg+0x360/0x360 [ice]\n[ 718.278033] ? delay_tsc+0x4a/0xb0\n[ 718.281513] ? preempt_count_sub+0x14/0xc0\n[ 718.284984] ? delay_tsc+0x8f/0xb0\n[ 718.288463] ice_do_reset+0x92/0xf0 [ice]\n[ 718.292014] ice_pci_err_resume+0x91/0xf0 [ice]\n[ 718.295561] pci_reset_function+0x53/0x80\n<...>\n[ 718.393035] Allocated by task 690:\n[ 718.433497] Freed by task 20834:\n[ 718.495688] Last potentially related work creation:\n[ 718.568966] The buggy address belongs to the object at ffff8881bd127e00\n which belongs to the cache kmalloc-96 of size 96\n[ 718.574085] The buggy address is located 0 bytes inside of\n 96-byte region [ffff8881bd127e00, ffff8881bd127e60)\n[ 718.579265] The buggy address belongs to the page:\n[ 718.598905] Memory state around the buggy address:\n[ 718.601809] ffff8881bd127d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n[ 718.604796] ffff8881bd127d80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc\n[ 718.607794] >ffff8881bd127e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n[ 718.610811] ^\n[ 718.613819] ffff8881bd127e80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc\n[ 718.617107] ffff8881bd127f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n\nThis is due to that free_irq_cpu_rmap() is always being called\n*after* (devm_)free_irq() and thus it tries to work with IRQ descs\nalready freed. For example, on device reset the driver frees the\nrmap right before allocating a new one (the splat above).\nMake rmap creation and freeing function symmetrical with\n{request,free}_irq() calls i.e. do that on ifup/ifdown instead\nof device probe/remove/resume. These operations can be performed\nindependently from the actual device aRFS configuration.\nAlso, make sure ice_vsi_free_irq() clears IRQ affinity notifiers\nonly when aRFS is disabled -- otherwise, CPU rmap sets and clears\nits own and they must not be touched manually.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49063" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9a36af0-f448-4699-9144-84f633f0e00a.json b/objects/vulnerability/vulnerability--e9a36af0-f448-4699-9144-84f633f0e00a.json new file mode 100644 index 00000000000..a4eb6a4c474 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9a36af0-f448-4699-9144-84f633f0e00a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a60c0f86-5d68-4ebc-a317-9dd5cec2647b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9a36af0-f448-4699-9144-84f633f0e00a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.322369Z", + "modified": "2025-02-27T00:38:15.322369Z", + "name": "CVE-2022-49552", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix combination of jit blinding and pointers to bpf subprogs.\n\nThe combination of jit blinding and pointers to bpf subprogs causes:\n[ 36.989548] BUG: unable to handle page fault for address: 0000000100000001\n[ 36.990342] #PF: supervisor instruction fetch in kernel mode\n[ 36.990968] #PF: error_code(0x0010) - not-present page\n[ 36.994859] RIP: 0010:0x100000001\n[ 36.995209] Code: Unable to access opcode bytes at RIP 0xffffffd7.\n[ 37.004091] Call Trace:\n[ 37.004351] \n[ 37.004576] ? bpf_loop+0x4d/0x70\n[ 37.004932] ? bpf_prog_3899083f75e4c5de_F+0xe3/0x13b\n\nThe jit blinding logic didn't recognize that ld_imm64 with an address\nof bpf subprogram is a special instruction and proceeded to randomize it.\nBy itself it wouldn't have been an issue, but jit_subprogs() logic\nrelies on two step process to JIT all subprogs and then JIT them\nagain when addresses of all subprogs are known.\nBlinding process in the first JIT phase caused second JIT to miss\nadjustment of special ld_imm64.\n\nFix this issue by ignoring special ld_imm64 instructions that don't have\nuser controlled constants and shouldn't be blinded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49552" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9bac383-9b09-4fab-8847-f31da112883b.json b/objects/vulnerability/vulnerability--e9bac383-9b09-4fab-8847-f31da112883b.json new file mode 100644 index 00000000000..56e6171789a --- /dev/null +++ b/objects/vulnerability/vulnerability--e9bac383-9b09-4fab-8847-f31da112883b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--290736ca-4248-44ab-b0e5-f02c012b301e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9bac383-9b09-4fab-8847-f31da112883b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.61519Z", + "modified": "2025-02-27T00:38:15.61519Z", + "name": "CVE-2022-49162", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: sm712fb: Fix crash in smtcfb_write()\n\nWhen the sm712fb driver writes three bytes to the framebuffer, the\ndriver will crash:\n\n BUG: unable to handle page fault for address: ffffc90001ffffff\n RIP: 0010:smtcfb_write+0x454/0x5b0\n Call Trace:\n vfs_write+0x291/0xd60\n ? do_sys_openat2+0x27d/0x350\n ? __fget_light+0x54/0x340\n ksys_write+0xce/0x190\n do_syscall_64+0x43/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFix it by removing the open-coded endianness fixup-code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9e4cf2e-b30f-416f-b334-cc1c9fb98b78.json b/objects/vulnerability/vulnerability--e9e4cf2e-b30f-416f-b334-cc1c9fb98b78.json new file mode 100644 index 00000000000..2b269f46dd9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9e4cf2e-b30f-416f-b334-cc1c9fb98b78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cf5e7c5-252b-40d0-8356-975ea7ab5714", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9e4cf2e-b30f-416f-b334-cc1c9fb98b78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.444291Z", + "modified": "2025-02-27T00:38:15.444291Z", + "name": "CVE-2022-49045", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Test for \"silence\" field in struct \"pcm_format_data\"\n\nSyzbot reports \"KASAN: null-ptr-deref Write in\nsnd_pcm_format_set_silence\".[1]\n\nIt is due to missing validation of the \"silence\" field of struct\n\"pcm_format_data\" in \"pcm_formats\" array.\n\nAdd a test for valid \"pat\" and, if it is not so, return -EINVAL.\n\n[1] https://lore.kernel.org/lkml/000000000000d188ef05dc2c7279@google.com/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49045" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea5b5f0a-984a-435e-8c02-0c2dd7ff47db.json b/objects/vulnerability/vulnerability--ea5b5f0a-984a-435e-8c02-0c2dd7ff47db.json new file mode 100644 index 00000000000..b1ca4762d3d --- /dev/null +++ b/objects/vulnerability/vulnerability--ea5b5f0a-984a-435e-8c02-0c2dd7ff47db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ede4d46d-06c8-44c4-933e-22554bb25b02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea5b5f0a-984a-435e-8c02-0c2dd7ff47db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.321394Z", + "modified": "2025-02-27T00:38:15.321394Z", + "name": "CVE-2022-49635", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/selftests: fix subtraction overflow bug\n\nOn some machines hole_end can be small enough to cause subtraction\noverflow. On the other side (addr + 2 * min_alignment) can overflow\nin case of mock tests. This patch should handle both cases.\n\n(cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea774d78-87bf-4794-97c0-091362059a7f.json b/objects/vulnerability/vulnerability--ea774d78-87bf-4794-97c0-091362059a7f.json new file mode 100644 index 00000000000..c2de11dbcf5 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea774d78-87bf-4794-97c0-091362059a7f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c66ea263-1ad7-4645-aef1-20e4d7606829", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea774d78-87bf-4794-97c0-091362059a7f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.641946Z", + "modified": "2025-02-27T00:38:15.641946Z", + "name": "CVE-2022-49661", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_open/close(): fix memory leak\n\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn't\nactually free them. As a result, this may be leaking DMA memory that's\nbeen used by the driver.\n\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\n\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\").", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49661" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea7fcf63-e01f-4119-8a8e-da9e4564aea4.json b/objects/vulnerability/vulnerability--ea7fcf63-e01f-4119-8a8e-da9e4564aea4.json new file mode 100644 index 00000000000..4d99f6e3a81 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea7fcf63-e01f-4119-8a8e-da9e4564aea4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10f5e236-ce4f-4d21-8c6b-3118cbf224d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea7fcf63-e01f-4119-8a8e-da9e4564aea4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.348433Z", + "modified": "2025-02-27T00:38:15.348433Z", + "name": "CVE-2022-49224", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add():\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49224" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eac6d124-9d6c-4cbb-9887-c8bc367f1a95.json b/objects/vulnerability/vulnerability--eac6d124-9d6c-4cbb-9887-c8bc367f1a95.json new file mode 100644 index 00000000000..b5e77e80350 --- /dev/null +++ b/objects/vulnerability/vulnerability--eac6d124-9d6c-4cbb-9887-c8bc367f1a95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10fdd7d6-cb8f-41a6-8519-34b3eb4ee421", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eac6d124-9d6c-4cbb-9887-c8bc367f1a95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.300071Z", + "modified": "2025-02-27T00:38:15.300071Z", + "name": "CVE-2022-49562", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits\n\nUse the recently introduced __try_cmpxchg_user() to update guest PTE A/D\nbits instead of mapping the PTE into kernel address space. The VM_PFNMAP\npath is broken as it assumes that vm_pgoff is the base pfn of the mapped\nVMA range, which is conceptually wrong as vm_pgoff is the offset relative\nto the file and has nothing to do with the pfn. The horrific hack worked\nfor the original use case (backing guest memory with /dev/mem), but leads\nto accessing \"random\" pfns for pretty much any other VM_PFNMAP case.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49562" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb406e08-39a2-4f4c-af7b-21fa6312df6a.json b/objects/vulnerability/vulnerability--eb406e08-39a2-4f4c-af7b-21fa6312df6a.json new file mode 100644 index 00000000000..01e0b050085 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb406e08-39a2-4f4c-af7b-21fa6312df6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f431dad-e349-4e51-a2c5-1c32a90910f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb406e08-39a2-4f4c-af7b-21fa6312df6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.675734Z", + "modified": "2025-02-27T00:38:15.675734Z", + "name": "CVE-2022-49288", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent prealloc proc writes\n\nWe have no protection against concurrent PCM buffer preallocation\nchanges via proc files, and it may potentially lead to UAF or some\nweird problem. This patch applies the PCM open_mutex to the proc\nwrite operation for avoiding the racy proc writes and the PCM stream\nopen (and further operations).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49288" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb5e6278-79af-4420-a5fc-38d9dc36d0ab.json b/objects/vulnerability/vulnerability--eb5e6278-79af-4420-a5fc-38d9dc36d0ab.json new file mode 100644 index 00000000000..1b0ca1690c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb5e6278-79af-4420-a5fc-38d9dc36d0ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--046ef47b-ba04-48fc-8e65-c84b11545aa0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb5e6278-79af-4420-a5fc-38d9dc36d0ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.254001Z", + "modified": "2025-02-27T00:38:15.254001Z", + "name": "CVE-2022-49395", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Fix out-of-bounds read in LDT setup\n\nsyscall_stub_data() expects the data_count parameter to be the number of\nlongs, not bytes.\n\n ==================================================================\n BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0\n Read of size 128 at addr 000000006411f6f0 by task swapper/1\n\n CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18\n Call Trace:\n show_stack.cold+0x166/0x2a7\n __dump_stack+0x3a/0x43\n dump_stack_lvl+0x1f/0x27\n print_report.cold+0xdb/0xf81\n kasan_report+0x119/0x1f0\n kasan_check_range+0x3a3/0x440\n memcpy+0x52/0x140\n syscall_stub_data+0x70/0xe0\n write_ldt_entry+0xac/0x190\n init_new_ldt+0x515/0x960\n init_new_context+0x2c4/0x4d0\n mm_init.constprop.0+0x5ed/0x760\n mm_alloc+0x118/0x170\n 0x60033f48\n do_one_initcall+0x1d7/0x860\n 0x60003e7b\n kernel_init+0x6e/0x3d4\n new_thread_handler+0x1e7/0x2c0\n\n The buggy address belongs to stack of task swapper/1\n and is located at offset 64 in frame:\n init_new_ldt+0x0/0x960\n\n This frame has 2 objects:\n [32, 40) 'addr'\n [64, 80) 'desc'\n ==================================================================", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49395" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb5f97f6-6bd3-457c-9e55-4db257b68e79.json b/objects/vulnerability/vulnerability--eb5f97f6-6bd3-457c-9e55-4db257b68e79.json new file mode 100644 index 00000000000..40aed5c3d9c --- /dev/null +++ b/objects/vulnerability/vulnerability--eb5f97f6-6bd3-457c-9e55-4db257b68e79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--868aa77e-d94b-4cfd-865b-b997ac9aba21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb5f97f6-6bd3-457c-9e55-4db257b68e79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.256849Z", + "modified": "2025-02-27T00:38:15.256849Z", + "name": "CVE-2022-49662", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix lockdep splat in in6_dump_addrs()\n\nAs reported by syzbot, we should not use rcu_dereference()\nwhen rcu_read_lock() is not held.\n\nWARNING: suspicious RCU usage\n5.19.0-rc2-syzkaller #0 Not tainted\n\nnet/ipv6/addrconf.c:5175 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by syz-executor326/3617:\n #0: ffffffff8d5848e8 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0xae/0xc20 net/netlink/af_netlink.c:2223\n\nstack backtrace:\nCPU: 0 PID: 3617 Comm: syz-executor326 Not tainted 5.19.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n in6_dump_addrs+0x12d1/0x1790 net/ipv6/addrconf.c:5175\n inet6_dump_addr+0x9c1/0xb50 net/ipv6/addrconf.c:5300\n netlink_dump+0x541/0xc20 net/netlink/af_netlink.c:2275\n __netlink_dump_start+0x647/0x900 net/netlink/af_netlink.c:2380\n netlink_dump_start include/linux/netlink.h:245 [inline]\n rtnetlink_rcv_msg+0x73e/0xc90 net/core/rtnetlink.c:6046\n netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:734\n ____sys_sendmsg+0x6eb/0x810 net/socket.c:2492\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2546\n __sys_sendmsg net/socket.c:2575 [inline]\n __do_sys_sendmsg net/socket.c:2584 [inline]\n __se_sys_sendmsg net/socket.c:2582 [inline]\n __x64_sys_sendmsg+0x132/0x220 net/socket.c:2582\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb90b59f-5b17-49be-ba60-3cd474f871b7.json b/objects/vulnerability/vulnerability--eb90b59f-5b17-49be-ba60-3cd474f871b7.json new file mode 100644 index 00000000000..95264b643c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb90b59f-5b17-49be-ba60-3cd474f871b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c4ee9ff-16f9-4321-9db9-fb6a32643107", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb90b59f-5b17-49be-ba60-3cd474f871b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.717125Z", + "modified": "2025-02-27T00:38:15.717125Z", + "name": "CVE-2022-49289", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nuaccess: fix integer overflow on access_ok()\n\nThree architectures check the end of a user access against the\naddress limit without taking a possible overflow into account.\nPassing a negative length or another overflow in here returns\nsuccess when it should not.\n\nUse the most common correct implementation here, which optimizes\nfor a constant 'size' argument, and turns the common case into a\nsingle comparison.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49289" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec4df01b-319c-4566-a4e3-5d4592573cb8.json b/objects/vulnerability/vulnerability--ec4df01b-319c-4566-a4e3-5d4592573cb8.json new file mode 100644 index 00000000000..589226ef6f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--ec4df01b-319c-4566-a4e3-5d4592573cb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19709158-4c5f-4d38-a017-7296cd4d0057", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec4df01b-319c-4566-a4e3-5d4592573cb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.695378Z", + "modified": "2025-02-27T00:38:15.695378Z", + "name": "CVE-2022-49210", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: pgalloc: fix memory leak caused by pgd_free()\n\npgd page is freed by generic implementation pgd_free() since commit\nf9cb654cb550 (\"asm-generic: pgalloc: provide generic pgd_free()\"),\nhowever, there are scenarios that the system uses more than one page as\nthe pgd table, in such cases the generic implementation pgd_free() won't\nbe applicable anymore. For example, when PAGE_SIZE_4KB is enabled and\nMIPS_VA_BITS_48 is not enabled in a 64bit system, the macro \"PGD_ORDER\"\nwill be set as \"1\", which will cause allocating two pages as the pgd\ntable. Well, at the same time, the generic implementation pgd_free()\njust free one pgd page, which will result in the memory leak.\n\nThe memory leak can be easily detected by executing shell command:\n\"while true; do ls > /dev/null; grep MemFree /proc/meminfo; done\"", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ece30890-e747-4a74-a52d-3454701278c1.json b/objects/vulnerability/vulnerability--ece30890-e747-4a74-a52d-3454701278c1.json new file mode 100644 index 00000000000..1b72315ae0d --- /dev/null +++ b/objects/vulnerability/vulnerability--ece30890-e747-4a74-a52d-3454701278c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--549a9e61-2b8a-4773-8cdb-87c984d541c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ece30890-e747-4a74-a52d-3454701278c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.64286Z", + "modified": "2025-02-27T00:38:15.64286Z", + "name": "CVE-2022-49646", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix queue selection for mesh/OCB interfaces\n\nWhen using iTXQ, the code assumes that there is only one vif queue for\nbroadcast packets, using the BE queue. Allowing non-BE queue marking\nviolates that assumption and txq->ac == skb_queue_mapping is no longer\nguaranteed. This can cause issues with queue handling in the driver and\nalso causes issues with the recent ATF change, resulting in an AQL\nunderflow warning.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed377c62-c7de-48eb-9832-17190fbb0647.json b/objects/vulnerability/vulnerability--ed377c62-c7de-48eb-9832-17190fbb0647.json new file mode 100644 index 00000000000..96e1fe90245 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed377c62-c7de-48eb-9832-17190fbb0647.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6d9eab6-6c17-4ce9-87c1-013de979b4d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed377c62-c7de-48eb-9832-17190fbb0647", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.295156Z", + "modified": "2025-02-27T00:38:15.295156Z", + "name": "CVE-2022-49391", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mtk_scp: Fix a potential double free\n\n'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need\nto free it explicitly in the remove function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49391" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edc36f5e-b5ba-456a-bc32-02de36102e5b.json b/objects/vulnerability/vulnerability--edc36f5e-b5ba-456a-bc32-02de36102e5b.json new file mode 100644 index 00000000000..84317a73013 --- /dev/null +++ b/objects/vulnerability/vulnerability--edc36f5e-b5ba-456a-bc32-02de36102e5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a5f30c2-ce14-4eba-9e76-c7b292822f96", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edc36f5e-b5ba-456a-bc32-02de36102e5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.676615Z", + "modified": "2025-02-27T00:38:15.676615Z", + "name": "CVE-2022-49154", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: fix panic on out-of-bounds guest IRQ\n\nAs guest_irq is coming from KVM_IRQFD API call, it may trigger\ncrash in svm_update_pi_irte() due to out-of-bounds:\n\ncrash> bt\nPID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: \"vcpu8\"\n #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397\n #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d\n #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d\n #3 [ffffb1ba6707fb70] oops_end at ffffffff85623c0d\n #4 [ffffb1ba6707fb90] no_context at ffffffff856692c9\n #5 [ffffb1ba6707fbf8] exc_page_fault at ffffffff85f95b51\n #6 [ffffb1ba6707fc50] asm_exc_page_fault at ffffffff86000ace\n [exception RIP: svm_update_pi_irte+227]\n RIP: ffffffffc0761b53 RSP: ffffb1ba6707fd08 RFLAGS: 00010086\n RAX: ffffb1ba6707fd78 RBX: ffffb1ba66d91000 RCX: 0000000000000001\n RDX: 00003c803f63f1c0 RSI: 000000000000019a RDI: ffffb1ba66db2ab8\n RBP: 000000000000019a R8: 0000000000000040 R9: ffff94ca41b82200\n R10: ffffffffffffffcf R11: 0000000000000001 R12: 0000000000000001\n R13: 0000000000000001 R14: ffffffffffffffcf R15: 000000000000005f\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #7 [ffffb1ba6707fdb8] kvm_irq_routing_update at ffffffffc09f19a1 [kvm]\n #8 [ffffb1ba6707fde0] kvm_set_irq_routing at ffffffffc09f2133 [kvm]\n #9 [ffffb1ba6707fe18] kvm_vm_ioctl at ffffffffc09ef544 [kvm]\n RIP: 00007f143c36488b RSP: 00007f143a4e04b8 RFLAGS: 00000246\n RAX: ffffffffffffffda RBX: 00007f05780041d0 RCX: 00007f143c36488b\n RDX: 00007f05780041d0 RSI: 000000004008ae6a RDI: 0000000000000020\n RBP: 00000000000004e8 R8: 0000000000000008 R9: 00007f05780041e0\n R10: 00007f0578004560 R11: 0000000000000246 R12: 00000000000004e0\n R13: 000000000000001a R14: 00007f1424001c60 R15: 00007f0578003bc0\n ORIG_RAX: 0000000000000010 CS: 0033 SS: 002b\n\nVmx have been fix this in commit 3a8b0677fc61 (KVM: VMX: Do not BUG() on\nout-of-bounds guest IRQ), so we can just copy source from that to fix\nthis.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49154" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef3b40cd-a261-4ecf-a9a0-2e73009413d4.json b/objects/vulnerability/vulnerability--ef3b40cd-a261-4ecf-a9a0-2e73009413d4.json new file mode 100644 index 00000000000..90d695fa35c --- /dev/null +++ b/objects/vulnerability/vulnerability--ef3b40cd-a261-4ecf-a9a0-2e73009413d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--354e5ca4-f1fe-4d07-b778-bed193a6ac96", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef3b40cd-a261-4ecf-a9a0-2e73009413d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.700812Z", + "modified": "2025-02-27T00:38:07.700812Z", + "name": "CVE-2025-25799", + "description": "SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef42782a-1e77-43e2-a981-79fe490c8532.json b/objects/vulnerability/vulnerability--ef42782a-1e77-43e2-a981-79fe490c8532.json new file mode 100644 index 00000000000..7557491910e --- /dev/null +++ b/objects/vulnerability/vulnerability--ef42782a-1e77-43e2-a981-79fe490c8532.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--040e4351-08e6-4994-bf65-25a15928dac4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef42782a-1e77-43e2-a981-79fe490c8532", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.512664Z", + "modified": "2025-02-27T00:38:15.512664Z", + "name": "CVE-2022-49167", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not double complete bio on errors during compressed reads\n\nI hit some weird panics while fixing up the error handling from\nbtrfs_lookup_bio_sums(). Turns out the compression path will complete\nthe bio we use if we set up any of the compression bios and then return\nan error, and then btrfs_submit_data_bio() will also call bio_endio() on\nthe bio.\n\nFix this by making btrfs_submit_compressed_read() responsible for\ncalling bio_endio() on the bio if there are any errors. Currently it\nwas only doing it if we created the compression bios, otherwise it was\ndepending on btrfs_submit_data_bio() to do the right thing. This\ncreates the above problem, so fix up btrfs_submit_compressed_read() to\nalways call bio_endio() in case of an error, and then simply return from\nbtrfs_submit_data_bio() if we had to call\nbtrfs_submit_compressed_read().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49167" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef634315-bc87-4836-b7e3-8c881e9a3e33.json b/objects/vulnerability/vulnerability--ef634315-bc87-4836-b7e3-8c881e9a3e33.json new file mode 100644 index 00000000000..5724affe4ea --- /dev/null +++ b/objects/vulnerability/vulnerability--ef634315-bc87-4836-b7e3-8c881e9a3e33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6598b600-76b1-43eb-a8bf-5edf992ef8ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef634315-bc87-4836-b7e3-8c881e9a3e33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:04.113227Z", + "modified": "2025-02-27T00:38:04.113227Z", + "name": "CVE-2024-50687", + "description": "SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50687" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef7f4c90-4361-4bd6-aaf7-a0e6da8a8007.json b/objects/vulnerability/vulnerability--ef7f4c90-4361-4bd6-aaf7-a0e6da8a8007.json new file mode 100644 index 00000000000..6e730b14c64 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef7f4c90-4361-4bd6-aaf7-a0e6da8a8007.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28cd2504-a2a0-4ae8-8823-fcd25d16f4d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef7f4c90-4361-4bd6-aaf7-a0e6da8a8007", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.48805Z", + "modified": "2025-02-27T00:38:15.48805Z", + "name": "CVE-2022-49311", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()\n\nThere is a deadlock in rtw_joinbss_event_prehandle(), which is shown\nbelow:\n\n (Thread 1) | (Thread 2)\n | _set_timer()\nrtw_joinbss_event_prehandle()| mod_timer()\n spin_lock_bh() //(1) | (wait a time)\n ... | _rtw_join_timeout_handler()\n del_timer_sync() | spin_lock_bh() //(2)\n (wait timer to stop) | ...\n\nWe hold pmlmepriv->lock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need pmlmepriv->lock in position (2) of thread 2.\nAs a result, rtw_joinbss_event_prehandle() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_bh(), which could let timer handler to obtain\nthe needed lock. What`s more, we change spin_lock_bh() to\nspin_lock_irq() in _rtw_join_timeout_handler() in order to\nprevent deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49311" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef84de36-b734-4efc-b121-b34511717499.json b/objects/vulnerability/vulnerability--ef84de36-b734-4efc-b121-b34511717499.json new file mode 100644 index 00000000000..a95cadd2b74 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef84de36-b734-4efc-b121-b34511717499.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3882ba2-0374-414c-af65-282a36b25109", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef84de36-b734-4efc-b121-b34511717499", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.666341Z", + "modified": "2025-02-27T00:38:15.666341Z", + "name": "CVE-2022-49535", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI\n\nIf lpfc_issue_els_flogi() fails and returns non-zero status, the node\nreference count is decremented to trigger the release of the nodelist\nstructure. However, if there is a prior registration or dev-loss-evt work\npending, the node may be released prematurely. When dev-loss-evt\ncompletes, the released node is referenced causing a use-after-free null\npointer dereference.\n\nSimilarly, when processing non-zero ELS PLOGI completion status in\nlpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport\nregistration before triggering node removal. If dev-loss-evt work is\npending, the node may be released prematurely and a subsequent call to\nlpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.\n\nAdd test for pending dev-loss before decrementing the node reference count\nfor FLOGI, PLOGI, PRLI, and ADISC handling.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49535" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--efed3f4d-dec4-4be0-beb0-f256e713e47a.json b/objects/vulnerability/vulnerability--efed3f4d-dec4-4be0-beb0-f256e713e47a.json new file mode 100644 index 00000000000..31752f9b859 --- /dev/null +++ b/objects/vulnerability/vulnerability--efed3f4d-dec4-4be0-beb0-f256e713e47a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c73b73e9-c0c1-49d1-88c4-090bed8af88a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--efed3f4d-dec4-4be0-beb0-f256e713e47a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.688915Z", + "modified": "2025-02-27T00:38:15.688915Z", + "name": "CVE-2022-49057", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: null_blk: end timed out poll request\n\nWhen poll request is timed out, it is removed from the poll list,\nbut not completed, so the request is leaked, and never get chance\nto complete.\n\nFix the issue by ending it in timeout handler.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f02fcc3b-eb65-4d5e-a5f7-cc4cc8ebfc5e.json b/objects/vulnerability/vulnerability--f02fcc3b-eb65-4d5e-a5f7-cc4cc8ebfc5e.json new file mode 100644 index 00000000000..afd085e7f21 --- /dev/null +++ b/objects/vulnerability/vulnerability--f02fcc3b-eb65-4d5e-a5f7-cc4cc8ebfc5e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e787835-a48f-4383-862f-be15bb68301b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f02fcc3b-eb65-4d5e-a5f7-cc4cc8ebfc5e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.475792Z", + "modified": "2025-02-27T00:38:15.475792Z", + "name": "CVE-2022-49672", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: unlink NAPI from device on destruction\n\nSyzbot found a race between tun file and device destruction.\nNAPIs live in struct tun_file which can get destroyed before\nthe netdev so we have to del them explicitly. The current\ncode is missing deleting the NAPI if the queue was detached\nfirst.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49672" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f09b26c9-4eae-4467-be0f-b814493b85f7.json b/objects/vulnerability/vulnerability--f09b26c9-4eae-4467-be0f-b814493b85f7.json new file mode 100644 index 00000000000..fd7ebd30e24 --- /dev/null +++ b/objects/vulnerability/vulnerability--f09b26c9-4eae-4467-be0f-b814493b85f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73432c74-8e03-41db-9b4e-35e30e00a597", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f09b26c9-4eae-4467-be0f-b814493b85f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.479477Z", + "modified": "2025-02-27T00:38:15.479477Z", + "name": "CVE-2022-49158", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix warning message due to adisc being flushed\n\nFix warning message due to adisc being flushed. Linux kernel triggered a\nwarning message where a different error code type is not matching up with\nthe expected type. Add additional translation of one error code type to\nanother.\n\nWARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498\nqla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]\nCPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1\n..\nGPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000\nNIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]\nLR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx]\nCall Trace:\n[c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable)\n[c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx]\n[c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx]\n[c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx]\n[c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx]\n[c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120\n[c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0\n[c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100\n[c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40\n[c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130\n[c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [\nc00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180\n[c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60\n[c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20]\n[c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290\n[c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0\n[c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330\n[c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130\n[c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0\n[c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49158" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0c33ca4-97cd-4458-8e5b-a27275b54759.json b/objects/vulnerability/vulnerability--f0c33ca4-97cd-4458-8e5b-a27275b54759.json new file mode 100644 index 00000000000..5198aa253a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0c33ca4-97cd-4458-8e5b-a27275b54759.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d1fadeb-2f4b-4e01-94d7-9885e00309a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0c33ca4-97cd-4458-8e5b-a27275b54759", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.777107Z", + "modified": "2025-02-27T00:38:15.777107Z", + "name": "CVE-2022-49378", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix considering that all channels have TX queues\n\nNormally, all channels have RX and TX queues, but this is not true if\nmodparam efx_separate_tx_channels=1 is used. In that cases, some\nchannels only have RX queues and others only TX queues (or more\npreciselly, they have them allocated, but not initialized).\n\nFix efx_channel_has_tx_queues to return the correct value for this case\ntoo.\n\nMessages shown at probe time before the fix:\n sfc 0000:03:00.0 ens6f0np0: MC command 0x82 inlen 544 failed rc=-22 (raw=0) arg=0\n ------------[ cut here ]------------\n netdevice: ens6f0np0: failed to initialise TXQ -1\n WARNING: CPU: 1 PID: 626 at drivers/net/ethernet/sfc/ef10.c:2393 efx_ef10_tx_init+0x201/0x300 [sfc]\n [...] stripped\n RIP: 0010:efx_ef10_tx_init+0x201/0x300 [sfc]\n [...] stripped\n Call Trace:\n efx_init_tx_queue+0xaa/0xf0 [sfc]\n efx_start_channels+0x49/0x120 [sfc]\n efx_start_all+0x1f8/0x430 [sfc]\n efx_net_open+0x5a/0xe0 [sfc]\n __dev_open+0xd0/0x190\n __dev_change_flags+0x1b3/0x220\n dev_change_flags+0x21/0x60\n [...] stripped\n\nMessages shown at remove time before the fix:\n sfc 0000:03:00.0 ens6f0np0: failed to flush 10 queues\n sfc 0000:03:00.0 ens6f0np0: failed to flush queues", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49378" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f15e6891-ef49-47d0-8413-32827fb59e9d.json b/objects/vulnerability/vulnerability--f15e6891-ef49-47d0-8413-32827fb59e9d.json new file mode 100644 index 00000000000..51d005d28a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--f15e6891-ef49-47d0-8413-32827fb59e9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b85c66d7-81e9-420a-9fac-495edcae5749", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f15e6891-ef49-47d0-8413-32827fb59e9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.426827Z", + "modified": "2025-02-27T00:38:15.426827Z", + "name": "CVE-2022-49374", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: check attribute length for bearer name\n\nsyzbot reported uninit-value:\n=====================================================\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]\nBUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725\n string_nocheck lib/vsprintf.c:644 [inline]\n string+0x4f9/0x6f0 lib/vsprintf.c:725\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\n vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283\n vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50\n _printk+0x18d/0x1cf kernel/printk/printk.c:2293\n tipc_enable_bearer net/tipc/bearer.c:371 [inline]\n __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033\n tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042\n genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\n\n- Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.\n- Do not use 'illegal name' in printing message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49374" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1908e90-ffc5-44a5-b873-3380528448ed.json b/objects/vulnerability/vulnerability--f1908e90-ffc5-44a5-b873-3380528448ed.json new file mode 100644 index 00000000000..376f0353873 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1908e90-ffc5-44a5-b873-3380528448ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a91203e9-b813-492f-99eb-8ddfea834d73", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1908e90-ffc5-44a5-b873-3380528448ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.59254Z", + "modified": "2025-02-27T00:38:15.59254Z", + "name": "CVE-2022-49254", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()\n\nIn cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to\nctx->active_fmt and there is a dereference of it after that, which could\nlead to NULL pointer dereference on failure of devm_kzalloc().\n\nFix this bug by adding a NULL check of ctx->active_fmt.\n\nThis bug was found by a static analyzer.\n\nBuilds with 'make allyesconfig' show no new warnings, and our static\nanalyzer no longer warns about this code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f23e6f8a-38c6-4bf1-8ab7-6a20b3ab8787.json b/objects/vulnerability/vulnerability--f23e6f8a-38c6-4bf1-8ab7-6a20b3ab8787.json new file mode 100644 index 00000000000..987758ed307 --- /dev/null +++ b/objects/vulnerability/vulnerability--f23e6f8a-38c6-4bf1-8ab7-6a20b3ab8787.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9278794-ffb7-44c7-8f14-89b02cfc0396", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f23e6f8a-38c6-4bf1-8ab7-6a20b3ab8787", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.724659Z", + "modified": "2025-02-27T00:38:07.724659Z", + "name": "CVE-2025-25800", + "description": "SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f247fc6d-7018-475d-96c1-493774a71e0c.json b/objects/vulnerability/vulnerability--f247fc6d-7018-475d-96c1-493774a71e0c.json new file mode 100644 index 00000000000..5990af5e91b --- /dev/null +++ b/objects/vulnerability/vulnerability--f247fc6d-7018-475d-96c1-493774a71e0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b7c4893-e8e1-40a8-a14f-418659e5c825", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f247fc6d-7018-475d-96c1-493774a71e0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.735994Z", + "modified": "2025-02-27T00:38:15.735994Z", + "name": "CVE-2022-49449", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()\n\nIt will cause null-ptr-deref when using 'res', if platform_get_resource()\nreturns NULL, so move using 'res' after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49449" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f28cf192-20da-4d0c-97b7-f9b0510fd3a4.json b/objects/vulnerability/vulnerability--f28cf192-20da-4d0c-97b7-f9b0510fd3a4.json new file mode 100644 index 00000000000..1312bcaae10 --- /dev/null +++ b/objects/vulnerability/vulnerability--f28cf192-20da-4d0c-97b7-f9b0510fd3a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e03617b-89db-448d-98e6-610d3c33adf8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f28cf192-20da-4d0c-97b7-f9b0510fd3a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.698395Z", + "modified": "2025-02-27T00:38:15.698395Z", + "name": "CVE-2022-49497", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: remove two BUG() from skb_checksum_help()\n\nI have a syzbot report that managed to get a crash in skb_checksum_help()\n\nIf syzbot can trigger these BUG(), it makes sense to replace\nthem with more friendly WARN_ON_ONCE() since skb_checksum_help()\ncan instead return an error code.\n\nNote that syzbot will still crash there, until real bug is fixed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3cc3831-70de-4845-9edb-4845fa15e885.json b/objects/vulnerability/vulnerability--f3cc3831-70de-4845-9edb-4845fa15e885.json new file mode 100644 index 00000000000..0f79c3bf875 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3cc3831-70de-4845-9edb-4845fa15e885.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a83ba65-2594-41f7-99a0-ebe3e8b2084a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3cc3831-70de-4845-9edb-4845fa15e885", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.682316Z", + "modified": "2025-02-27T00:38:07.682316Z", + "name": "CVE-2025-1249", + "description": "Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1249" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f448fb1d-a97a-4618-956b-fd9cce4f9af7.json b/objects/vulnerability/vulnerability--f448fb1d-a97a-4618-956b-fd9cce4f9af7.json new file mode 100644 index 00000000000..bb44600d7e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--f448fb1d-a97a-4618-956b-fd9cce4f9af7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--959970d9-eff0-4f56-8c87-e3a66d0b77e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f448fb1d-a97a-4618-956b-fd9cce4f9af7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.857224Z", + "modified": "2025-02-27T00:38:01.857224Z", + "name": "CVE-2024-52925", + "description": "In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f490020a-73dd-4f3c-8c4e-fdc1c4088b40.json b/objects/vulnerability/vulnerability--f490020a-73dd-4f3c-8c4e-fdc1c4088b40.json new file mode 100644 index 00000000000..6f8158b1aef --- /dev/null +++ b/objects/vulnerability/vulnerability--f490020a-73dd-4f3c-8c4e-fdc1c4088b40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58f71988-ba63-4b63-b320-da3d94fb1c42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f490020a-73dd-4f3c-8c4e-fdc1c4088b40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.3979Z", + "modified": "2025-02-27T00:38:15.3979Z", + "name": "CVE-2022-49480", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe\n\nof_find_device_by_node() takes reference, we should use put_device()\nto release it. when devm_kzalloc() fails, it doesn't have a\nput_device(), it will cause refcount leak.\nAdd missing put_device() to fix this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4e5e375-baa7-4e3b-b736-9d63665c3f38.json b/objects/vulnerability/vulnerability--f4e5e375-baa7-4e3b-b736-9d63665c3f38.json new file mode 100644 index 00000000000..fa7c1b3b142 --- /dev/null +++ b/objects/vulnerability/vulnerability--f4e5e375-baa7-4e3b-b736-9d63665c3f38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2ad77f0-9c1e-4e39-8469-c8b9c0d1946e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4e5e375-baa7-4e3b-b736-9d63665c3f38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.422883Z", + "modified": "2025-02-27T00:38:15.422883Z", + "name": "CVE-2022-49156", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix scheduling while atomic\n\nThe driver makes a call into midlayer (fc_remote_port_delete) which can put\nthe thread to sleep. The thread that originates the call is in interrupt\ncontext. The combination of the two trigger a crash. Schedule the call in\nnon-interrupt context where it is more safe.\n\nkernel: BUG: scheduling while atomic: swapper/7/0/0x00010000\nkernel: Call Trace:\nkernel: \nkernel: dump_stack+0x66/0x81\nkernel: __schedule_bug.cold.90+0x5/0x1d\nkernel: __schedule+0x7af/0x960\nkernel: schedule+0x28/0x80\nkernel: schedule_timeout+0x26d/0x3b0\nkernel: wait_for_completion+0xb4/0x140\nkernel: ? wake_up_q+0x70/0x70\nkernel: __wait_rcu_gp+0x12c/0x160\nkernel: ? sdev_evt_alloc+0xc0/0x180 [scsi_mod]\nkernel: synchronize_sched+0x6c/0x80\nkernel: ? call_rcu_bh+0x20/0x20\nkernel: ? __bpf_trace_rcu_invoke_callback+0x10/0x10\nkernel: sdev_evt_alloc+0xfd/0x180 [scsi_mod]\nkernel: starget_for_each_device+0x85/0xb0 [scsi_mod]\nkernel: ? scsi_init_io+0x360/0x3d0 [scsi_mod]\nkernel: scsi_init_io+0x388/0x3d0 [scsi_mod]\nkernel: device_for_each_child+0x54/0x90\nkernel: fc_remote_port_delete+0x70/0xe0 [scsi_transport_fc]\nkernel: qla2x00_schedule_rport_del+0x62/0xf0 [qla2xxx]\nkernel: qla2x00_mark_device_lost+0x9c/0xd0 [qla2xxx]\nkernel: qla24xx_handle_plogi_done_event+0x55f/0x570 [qla2xxx]\nkernel: qla2x00_async_login_sp_done+0xd2/0x100 [qla2xxx]\nkernel: qla24xx_logio_entry+0x13a/0x3c0 [qla2xxx]\nkernel: qla24xx_process_response_queue+0x306/0x400 [qla2xxx]\nkernel: qla24xx_msix_rsp_q+0x3f/0xb0 [qla2xxx]\nkernel: __handle_irq_event_percpu+0x40/0x180\nkernel: handle_irq_event_percpu+0x30/0x80\nkernel: handle_irq_event+0x36/0x60", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49156" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f56f187a-3347-4a0d-878b-5ed8c5faa649.json b/objects/vulnerability/vulnerability--f56f187a-3347-4a0d-878b-5ed8c5faa649.json new file mode 100644 index 00000000000..df422c2b9b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--f56f187a-3347-4a0d-878b-5ed8c5faa649.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--144c05b9-7026-4f90-9c0f-5a8d52e8d8b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f56f187a-3347-4a0d-878b-5ed8c5faa649", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.49086Z", + "modified": "2025-02-27T00:38:15.49086Z", + "name": "CVE-2022-49422", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix the error handling path in idxd_cdev_register()\n\nIf a call to alloc_chrdev_region() fails, the already allocated resources\nare leaking.\n\nAdd the needed error handling path to fix the leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49422" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5c292db-be00-4ef9-aed0-379b1083fa66.json b/objects/vulnerability/vulnerability--f5c292db-be00-4ef9-aed0-379b1083fa66.json new file mode 100644 index 00000000000..ca19372750b --- /dev/null +++ b/objects/vulnerability/vulnerability--f5c292db-be00-4ef9-aed0-379b1083fa66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d23fb01-bde5-4437-856e-599d13b93755", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5c292db-be00-4ef9-aed0-379b1083fa66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.648405Z", + "modified": "2025-02-27T00:38:15.648405Z", + "name": "CVE-2022-49292", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe've got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc(). Although we\napply the restrictions to input parameters, it's based only on the\nhw_params of the underlying PCM device. Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers. First off, it adds the limit of 1MB as the\nupper bound for period bytes. This must be large enough for all use\ncases, and we really don't want to handle a larger temporary buffer\nthan this size. The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f62e9db6-17a5-459b-bdf7-1005018f0633.json b/objects/vulnerability/vulnerability--f62e9db6-17a5-459b-bdf7-1005018f0633.json new file mode 100644 index 00000000000..c2190edc768 --- /dev/null +++ b/objects/vulnerability/vulnerability--f62e9db6-17a5-459b-bdf7-1005018f0633.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a96634b5-f155-4955-bf88-1f4c8554c52e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f62e9db6-17a5-459b-bdf7-1005018f0633", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.506862Z", + "modified": "2025-02-27T00:38:15.506862Z", + "name": "CVE-2022-49654", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: qca8k: reset cpu port on MTU change\n\nIt was discovered that the Documentation lacks of a fundamental detail\non how to correctly change the MAX_FRAME_SIZE of the switch.\n\nIn fact if the MAX_FRAME_SIZE is changed while the cpu port is on, the\nswitch panics and cease to send any packet. This cause the mgmt ethernet\nsystem to not receive any packet (the slow fallback still works) and\nmakes the device not reachable. To recover from this a switch reset is\nrequired.\n\nTo correctly handle this, turn off the cpu ports before changing the\nMAX_FRAME_SIZE and turn on again after the value is applied.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6c7c8dd-fc7b-4ba6-bdc4-f3941f15f5f4.json b/objects/vulnerability/vulnerability--f6c7c8dd-fc7b-4ba6-bdc4-f3941f15f5f4.json new file mode 100644 index 00000000000..367d9f7bf86 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6c7c8dd-fc7b-4ba6-bdc4-f3941f15f5f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c20bb2b0-9cc3-47ac-abc4-242980a4f1f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6c7c8dd-fc7b-4ba6-bdc4-f3941f15f5f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.510836Z", + "modified": "2025-02-27T00:38:15.510836Z", + "name": "CVE-2022-49618", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()\n\npdesc could be null but still dereference pdesc->name and it will lead to\na null pointer access. So we move a null check before dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f72440b2-1116-4fd8-abe0-33dd1e024610.json b/objects/vulnerability/vulnerability--f72440b2-1116-4fd8-abe0-33dd1e024610.json new file mode 100644 index 00000000000..0dbe4f3730c --- /dev/null +++ b/objects/vulnerability/vulnerability--f72440b2-1116-4fd8-abe0-33dd1e024610.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d472b07-69b2-40f3-afb9-47fd3662b07f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f72440b2-1116-4fd8-abe0-33dd1e024610", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.309787Z", + "modified": "2025-02-27T00:38:15.309787Z", + "name": "CVE-2022-49280", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: prevent underflow in nfssvc_decode_writeargs()\n\nSmatch complains:\n\n\tfs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs()\n\twarn: no lower bound on 'args->len'\n\nChange the type to unsigned to prevent this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f75eba06-7e46-411d-b0a1-5322e3ae3711.json b/objects/vulnerability/vulnerability--f75eba06-7e46-411d-b0a1-5322e3ae3711.json new file mode 100644 index 00000000000..da15ae8d36a --- /dev/null +++ b/objects/vulnerability/vulnerability--f75eba06-7e46-411d-b0a1-5322e3ae3711.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec866b76-aa67-4088-b750-e3c937188993", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f75eba06-7e46-411d-b0a1-5322e3ae3711", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.494329Z", + "modified": "2025-02-27T00:38:07.494329Z", + "name": "CVE-2025-0236", + "description": "Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8081745-8a4b-4976-bad6-27f19588d008.json b/objects/vulnerability/vulnerability--f8081745-8a4b-4976-bad6-27f19588d008.json new file mode 100644 index 00000000000..1faa82beb17 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8081745-8a4b-4976-bad6-27f19588d008.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dd438b8-ff9d-4d5e-b988-d429ce02bca8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8081745-8a4b-4976-bad6-27f19588d008", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.344626Z", + "modified": "2025-02-27T00:38:15.344626Z", + "name": "CVE-2022-49541", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential double free during failed mount\n\nRHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8457212-6f52-4ae0-b186-21a6e4d637f4.json b/objects/vulnerability/vulnerability--f8457212-6f52-4ae0-b186-21a6e4d637f4.json new file mode 100644 index 00000000000..b6f6810e289 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8457212-6f52-4ae0-b186-21a6e4d637f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4c542e5-9429-4df9-9081-93f0dfc061bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8457212-6f52-4ae0-b186-21a6e4d637f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.756527Z", + "modified": "2025-02-27T00:38:15.756527Z", + "name": "CVE-2022-49632", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.\n\nWhile reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed\nconcurrently. Thus, we need to add READ_ONCE() to its reader.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49632" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8759067-9add-4db8-ae17-af46672dfa23.json b/objects/vulnerability/vulnerability--f8759067-9add-4db8-ae17-af46672dfa23.json new file mode 100644 index 00000000000..e0d965f4ea5 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8759067-9add-4db8-ae17-af46672dfa23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--381fba51-6223-43b6-926f-5bb77821a87d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8759067-9add-4db8-ae17-af46672dfa23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:03.675091Z", + "modified": "2025-02-27T00:38:03.675091Z", + "name": "CVE-2024-10152", + "description": "The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10152" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9285a48-43e0-4d5f-bd3a-637a4796e638.json b/objects/vulnerability/vulnerability--f9285a48-43e0-4d5f-bd3a-637a4796e638.json new file mode 100644 index 00000000000..5c9df264ce4 --- /dev/null +++ b/objects/vulnerability/vulnerability--f9285a48-43e0-4d5f-bd3a-637a4796e638.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aba0852c-10bf-4fae-80d8-287cf2235787", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9285a48-43e0-4d5f-bd3a-637a4796e638", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.367901Z", + "modified": "2025-02-27T00:38:15.367901Z", + "name": "CVE-2022-49274", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix crash when mount with quota enabled\n\nThere is a reported crash when mounting ocfs2 with quota enabled.\n\n RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]\n Call Trace:\n ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]\n dquot_load_quota_sb+0x216/0x470\n dquot_load_quota_inode+0x85/0x100\n ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2]\n ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2]\n mount_bdev+0x185/0x1b0\n legacy_get_tree+0x27/0x40\n vfs_get_tree+0x25/0xb0\n path_mount+0x465/0xac0\n __x64_sys_mount+0x103/0x140\n\nIt is caused by when initializing dqi_gqlock, the corresponding dqi_type\nand dqi_sb are not properly initialized.\n\nThis issue is introduced by commit 6c85c2c72819, which wants to avoid\naccessing uninitialized variables in error cases. So make global quota\ninfo properly initialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49274" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9e927f2-944d-4a23-859d-509f45f587b1.json b/objects/vulnerability/vulnerability--f9e927f2-944d-4a23-859d-509f45f587b1.json new file mode 100644 index 00000000000..d72be439b5d --- /dev/null +++ b/objects/vulnerability/vulnerability--f9e927f2-944d-4a23-859d-509f45f587b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--475e7355-fddd-46da-8902-c0a353f344f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9e927f2-944d-4a23-859d-509f45f587b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.476712Z", + "modified": "2025-02-27T00:38:15.476712Z", + "name": "CVE-2022-49329", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: Fix NULL pointer dereference on sysfs access\n\nThe control device has no drvdata. So we will get a\nNULL pointer dereference when accessing control\ndevice's msg_timeout attribute via sysfs:\n\n[ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271)\n[ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094)\n[ 132.870215][ T3644] sysfs_kf_seq_show (fs/sysfs/file.c:59)\n[ 132.871164][ T3644] ? device_remove_bin_file (drivers/base/core.c:2088)\n[ 132.872082][ T3644] kernfs_seq_show (fs/kernfs/file.c:164)\n[ 132.872838][ T3644] seq_read_iter (fs/seq_file.c:230)\n[ 132.873578][ T3644] ? __vmalloc_area_node (mm/vmalloc.c:3041)\n[ 132.874532][ T3644] kernfs_fop_read_iter (fs/kernfs/file.c:238)\n[ 132.875513][ T3644] __kernel_read (fs/read_write.c:440 (discriminator 1))\n[ 132.876319][ T3644] kernel_read (fs/read_write.c:459)\n[ 132.877129][ T3644] kernel_read_file (fs/kernel_read_file.c:94)\n[ 132.877978][ T3644] kernel_read_file_from_fd (include/linux/file.h:45 fs/kernel_read_file.c:186)\n[ 132.879019][ T3644] __do_sys_finit_module (kernel/module.c:4207)\n[ 132.879930][ T3644] __ia32_sys_finit_module (kernel/module.c:4189)\n[ 132.880930][ T3644] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132)\n[ 132.881847][ T3644] entry_INT80_compat (arch/x86/entry/entry_64_compat.S:419)\n\nTo fix it, don't create the unneeded attribute for\ncontrol device anymore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa0271f3-c2b5-4861-b67a-030edc0328a8.json b/objects/vulnerability/vulnerability--fa0271f3-c2b5-4861-b67a-030edc0328a8.json new file mode 100644 index 00000000000..4c57f58a462 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa0271f3-c2b5-4861-b67a-030edc0328a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5f65196-0b1e-4144-ac32-95c8d3662a56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa0271f3-c2b5-4861-b67a-030edc0328a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.410358Z", + "modified": "2025-02-27T00:38:15.410358Z", + "name": "CVE-2022-49456", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix missed rcu protection\n\nWhen removing the rcu_read_lock in bond_ethtool_get_ts_info() as\ndiscussed [1], I didn't notice it could be called via setsockopt,\nwhich doesn't hold rcu lock, as syzbot pointed:\n\n stack backtrace:\n CPU: 0 PID: 3599 Comm: syz-executor317 Not tainted 5.18.0-rc5-syzkaller-01392-g01f4685797a5 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n Call Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n bond_option_active_slave_get_rcu include/net/bonding.h:353 [inline]\n bond_ethtool_get_ts_info+0x32c/0x3a0 drivers/net/bonding/bond_main.c:5595\n __ethtool_get_ts_info+0x173/0x240 net/ethtool/common.c:554\n ethtool_get_phc_vclocks+0x99/0x110 net/ethtool/common.c:568\n sock_timestamping_bind_phc net/core/sock.c:869 [inline]\n sock_set_timestamping+0x3a3/0x7e0 net/core/sock.c:916\n sock_setsockopt+0x543/0x2ec0 net/core/sock.c:1221\n __sys_setsockopt+0x55e/0x6a0 net/socket.c:2223\n __do_sys_setsockopt net/socket.c:2238 [inline]\n __se_sys_setsockopt net/socket.c:2235 [inline]\n __x64_sys_setsockopt+0xba/0x150 net/socket.c:2235\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f8902c8eb39\n\nFix it by adding rcu_read_lock and take a ref on the real_dev.\nSince dev_hold() and dev_put() can take NULL these days, we can\nskip checking if real_dev exist.\n\n[1] https://lore.kernel.org/netdev/27565.1642742439@famine/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49456" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa1ecd9a-5f17-4d23-bf23-a15982008d14.json b/objects/vulnerability/vulnerability--fa1ecd9a-5f17-4d23-bf23-a15982008d14.json new file mode 100644 index 00000000000..39e13bce338 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa1ecd9a-5f17-4d23-bf23-a15982008d14.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7b14a3b-16cd-4093-9723-0e694ab994c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa1ecd9a-5f17-4d23-bf23-a15982008d14", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.749033Z", + "modified": "2025-02-27T00:38:15.749033Z", + "name": "CVE-2022-49270", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix use-after-free in dm_cleanup_zoned_dev()\n\ndm_cleanup_zoned_dev() uses queue, so it must be called\nbefore blk_cleanup_disk() starts its killing:\n\nblk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()->\n->...RCU...->blk_free_queue_rcu()->kmem_cache_free()\n\nOtherwise, RCU callback may be executed first and\ndm_cleanup_zoned_dev() will touch free'd memory:\n\n BUG: KASAN: use-after-free in dm_cleanup_zoned_dev+0x33/0xd0\n Read of size 8 at addr ffff88805ac6e430 by task dmsetup/681\n\n CPU: 4 PID: 681 Comm: dmsetup Not tainted 5.17.0-rc2+ #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x57/0x7d\n print_address_description.constprop.0+0x1f/0x150\n ? dm_cleanup_zoned_dev+0x33/0xd0\n kasan_report.cold+0x7f/0x11b\n ? dm_cleanup_zoned_dev+0x33/0xd0\n dm_cleanup_zoned_dev+0x33/0xd0\n __dm_destroy+0x26a/0x400\n ? dm_blk_ioctl+0x230/0x230\n ? up_write+0xd8/0x270\n dev_remove+0x156/0x1d0\n ctl_ioctl+0x269/0x530\n ? table_clear+0x140/0x140\n ? lock_release+0xb2/0x750\n ? remove_all+0x40/0x40\n ? rcu_read_lock_sched_held+0x12/0x70\n ? lock_downgrade+0x3c0/0x3c0\n ? rcu_read_lock_sched_held+0x12/0x70\n dm_ctl_ioctl+0xa/0x10\n __x64_sys_ioctl+0xb9/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fb6dfa95c27", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49270" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa99718b-e4d3-4fd9-968e-eebdbf9bda0e.json b/objects/vulnerability/vulnerability--fa99718b-e4d3-4fd9-968e-eebdbf9bda0e.json new file mode 100644 index 00000000000..43012a3fd49 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa99718b-e4d3-4fd9-968e-eebdbf9bda0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d47d7a2-cd51-4385-a4c3-52f0fa1e56ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa99718b-e4d3-4fd9-968e-eebdbf9bda0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:07.764373Z", + "modified": "2025-02-27T00:38:07.764373Z", + "name": "CVE-2025-20117", + "description": "A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--faa62d39-d59b-4531-ab72-96256ab58e74.json b/objects/vulnerability/vulnerability--faa62d39-d59b-4531-ab72-96256ab58e74.json new file mode 100644 index 00000000000..5ed78a8d251 --- /dev/null +++ b/objects/vulnerability/vulnerability--faa62d39-d59b-4531-ab72-96256ab58e74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0580977b-bb85-405f-b16a-add46fb52676", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--faa62d39-d59b-4531-ab72-96256ab58e74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:11.19379Z", + "modified": "2025-02-27T00:38:11.19379Z", + "name": "CVE-2021-47643", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ir_toy: free before error exiting\n\nFix leak in error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fab78481-4899-4d00-abdf-aeb96f47464d.json b/objects/vulnerability/vulnerability--fab78481-4899-4d00-abdf-aeb96f47464d.json new file mode 100644 index 00000000000..4832a9018bb --- /dev/null +++ b/objects/vulnerability/vulnerability--fab78481-4899-4d00-abdf-aeb96f47464d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8919a0ec-d790-4534-9c13-e7a048b014bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fab78481-4899-4d00-abdf-aeb96f47464d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:01.614567Z", + "modified": "2025-02-27T00:38:01.614567Z", + "name": "CVE-2024-13678", + "description": "The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--facf984a-23d7-46a3-b66a-6b15fc779ac0.json b/objects/vulnerability/vulnerability--facf984a-23d7-46a3-b66a-6b15fc779ac0.json new file mode 100644 index 00000000000..506067b6a89 --- /dev/null +++ b/objects/vulnerability/vulnerability--facf984a-23d7-46a3-b66a-6b15fc779ac0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e6120a5-5894-4f02-a508-42f765cb0470", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--facf984a-23d7-46a3-b66a-6b15fc779ac0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.687996Z", + "modified": "2025-02-27T00:38:15.687996Z", + "name": "CVE-2022-49336", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem\n\nWhen the mapping is already reaped the unmap must be a no-op, as we\nwould otherwise try to remove the mapping twice, corrupting the involved\ndata structures.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fae06743-2738-4098-82dc-c9eb3f24a673.json b/objects/vulnerability/vulnerability--fae06743-2738-4098-82dc-c9eb3f24a673.json new file mode 100644 index 00000000000..ba3f176fbbe --- /dev/null +++ b/objects/vulnerability/vulnerability--fae06743-2738-4098-82dc-c9eb3f24a673.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--004c2b59-1a7f-4f91-ae50-74666290d759", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fae06743-2738-4098-82dc-c9eb3f24a673", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.545013Z", + "modified": "2025-02-27T00:38:15.545013Z", + "name": "CVE-2022-49172", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix non-access data TLB cache flush faults\n\nWhen a page is not present, we get non-access data TLB faults from\nthe fdc and fic instructions in flush_user_dcache_range_asm and\nflush_user_icache_range_asm. When these occur, the cache line is\nnot invalidated and potentially we get memory corruption. The\nproblem was hidden by the nullification of the flush instructions.\n\nThese faults also affect performance. With pa8800/pa8900 processors,\nthere will be 32 faults per 4 KB page since the cache line is 128\nbytes. There will be more faults with earlier processors.\n\nThe problem is fixed by using flush_cache_pages(). It does the flush\nusing a tmp alias mapping.\n\nThe flush_cache_pages() call in flush_cache_range() flushed too\nlarge a range.\n\nV2: Remove unnecessary preempt_disable() and preempt_enable() calls.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--faf4f0d6-09ae-4590-a41d-5de5d50b6b89.json b/objects/vulnerability/vulnerability--faf4f0d6-09ae-4590-a41d-5de5d50b6b89.json new file mode 100644 index 00000000000..3e846ef6491 --- /dev/null +++ b/objects/vulnerability/vulnerability--faf4f0d6-09ae-4590-a41d-5de5d50b6b89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e7d3032-075c-46e7-8edb-99336e85aa9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--faf4f0d6-09ae-4590-a41d-5de5d50b6b89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.634426Z", + "modified": "2025-02-27T00:38:15.634426Z", + "name": "CVE-2022-49135", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak\n\n[why]\nResource release is needed on the error handling path\nto prevent memory leak.\n\n[how]\nFix this by adding kfree on the error handling path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49135" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb1ac9c1-b5ba-4e76-aa58-05828129e690.json b/objects/vulnerability/vulnerability--fb1ac9c1-b5ba-4e76-aa58-05828129e690.json new file mode 100644 index 00000000000..c72f657205a --- /dev/null +++ b/objects/vulnerability/vulnerability--fb1ac9c1-b5ba-4e76-aa58-05828129e690.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5af7b15a-f113-49f8-9ed3-a20d7ab25702", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb1ac9c1-b5ba-4e76-aa58-05828129e690", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.296093Z", + "modified": "2025-02-27T00:38:15.296093Z", + "name": "CVE-2022-49402", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Clean up hash direct_functions on register failures\n\nWe see the following GPF when register_ftrace_direct fails:\n\n[ ] general protection fault, probably for non-canonical address \\\n 0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n[...]\n[ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70\n[ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...]\n[ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206\n[ ] RAX: 0000000000000000 RBX: ffffffff813e0df0 RCX: 000000000000003b\n[ ] RDX: 0200000000000000 RSI: 000000000000000c RDI: ffffffff813e0df0\n[ ] RBP: ffffffffa00a3000 R08: ffffffff81180ce0 R09: 0000000000000001\n[ ] R10: ffffc9000138bc18 R11: 0000000000000001 R12: ffffffff813e0df0\n[ ] R13: ffffffff813e0df0 R14: ffff888171b56400 R15: 0000000000000000\n[ ] FS: 00007fa9420c7780(0000) GS:ffff888ff6a00000(0000) knlGS:000000000\n[ ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ ] CR2: 000000000770d000 CR3: 0000000107d50003 CR4: 0000000000370ee0\n[ ] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ ] Call Trace:\n[ ] \n[ ] register_ftrace_direct+0x54/0x290\n[ ] ? render_sigset_t+0xa0/0xa0\n[ ] bpf_trampoline_update+0x3f5/0x4a0\n[ ] ? 0xffffffffa00a3000\n[ ] bpf_trampoline_link_prog+0xa9/0x140\n[ ] bpf_tracing_prog_attach+0x1dc/0x450\n[ ] bpf_raw_tracepoint_open+0x9a/0x1e0\n[ ] ? find_held_lock+0x2d/0x90\n[ ] ? lock_release+0x150/0x430\n[ ] __sys_bpf+0xbd6/0x2700\n[ ] ? lock_is_held_type+0xd8/0x130\n[ ] __x64_sys_bpf+0x1c/0x20\n[ ] do_syscall_64+0x3a/0x80\n[ ] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ ] RIP: 0033:0x7fa9421defa9\n[ ] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 9 f8 [...]\n[ ] RSP: 002b:00007ffed743bd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n[ ] RAX: ffffffffffffffda RBX: 00000000069d2480 RCX: 00007fa9421defa9\n[ ] RDX: 0000000000000078 RSI: 00007ffed743bd80 RDI: 0000000000000011\n[ ] RBP: 00007ffed743be00 R08: 0000000000bb7270 R09: 0000000000000000\n[ ] R10: 00000000069da210 R11: 0000000000000246 R12: 0000000000000001\n[ ] R13: 00007ffed743c4b0 R14: 00000000069d2480 R15: 0000000000000001\n[ ] \n[ ] Modules linked in: klp_vm(OK)\n[ ] ---[ end trace 0000000000000000 ]---\n\nOne way to trigger this is:\n 1. load a livepatch that patches kernel function xxx;\n 2. run bpftrace -e 'kfunc:xxx {}', this will fail (expected for now);\n 3. repeat #2 => gpf.\n\nThis is because the entry is added to direct_functions, but not removed.\nFix this by remove the entry from direct_functions when\nregister_ftrace_direct fails.\n\nAlso remove the last trailing space from ftrace.c, so we don't have to\nworry about it anymore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49402" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fc20ccdb-fdf8-4a18-970a-5cc382a5e444.json b/objects/vulnerability/vulnerability--fc20ccdb-fdf8-4a18-970a-5cc382a5e444.json new file mode 100644 index 00000000000..1c443d1180e --- /dev/null +++ b/objects/vulnerability/vulnerability--fc20ccdb-fdf8-4a18-970a-5cc382a5e444.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c75b878f-b05e-42c6-a61c-dcca8b98f84d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fc20ccdb-fdf8-4a18-970a-5cc382a5e444", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.602946Z", + "modified": "2025-02-27T00:38:15.602946Z", + "name": "CVE-2022-49188", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region\n\nThe device_node pointer is returned by of_parse_phandle() or\nof_get_child_by_name() with refcount incremented.\nWe should use of_node_put() on it when done.\n\nThis function only call of_node_put(node) when of_address_to_resource\nsucceeds, missing error cases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fc65bc8f-64c0-4678-816c-e6148acd0891.json b/objects/vulnerability/vulnerability--fc65bc8f-64c0-4678-816c-e6148acd0891.json new file mode 100644 index 00000000000..5f30153ff2c --- /dev/null +++ b/objects/vulnerability/vulnerability--fc65bc8f-64c0-4678-816c-e6148acd0891.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20cab3b1-b5be-409e-8652-ae64cd73978a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fc65bc8f-64c0-4678-816c-e6148acd0891", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.524153Z", + "modified": "2025-02-27T00:38:15.524153Z", + "name": "CVE-2022-49277", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_mount_fs\n\nIf jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,\nwe can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88811b25a640 (size 64):\n comm \"mount\", pid 691, jiffies 4294957728 (age 71.952s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_init+0x86/0x130\n [] jffs2_do_mount_fs+0x798/0xac0\n [] jffs2_do_fill_super+0x383/0xc30\n [] jffs2_fill_super+0x2ea/0x4c0\n [...]\nunreferenced object 0xffff88812c760000 (size 65536):\n comm \"mount\", pid 691, jiffies 4294957728 (age 71.952s)\n hex dump (first 32 bytes):\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n backtrace:\n [] __kmalloc+0x6b9/0x910\n [] jffs2_sum_init+0xd7/0x130\n [] jffs2_do_mount_fs+0x798/0xac0\n [] jffs2_do_fill_super+0x383/0xc30\n [] jffs2_fill_super+0x2ea/0x4c0\n [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49277" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fc7f8fcf-4dbd-469c-81d8-6e190b2b14c5.json b/objects/vulnerability/vulnerability--fc7f8fcf-4dbd-469c-81d8-6e190b2b14c5.json new file mode 100644 index 00000000000..ab06d0dceb7 --- /dev/null +++ b/objects/vulnerability/vulnerability--fc7f8fcf-4dbd-469c-81d8-6e190b2b14c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--769d12aa-daf8-4d4c-b8bd-c6a3b8685bae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fc7f8fcf-4dbd-469c-81d8-6e190b2b14c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.579086Z", + "modified": "2025-02-27T00:38:15.579086Z", + "name": "CVE-2022-49605", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Reinstate IGC_REMOVED logic and implement it properly\n\nThe initially merged version of the igc driver code (via commit\n146740f9abc4, \"igc: Add support for PF\") contained the following\nIGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors:\n\n\tu32 igc_rd32(struct igc_hw *hw, u32 reg)\n\t{\n\t\tu8 __iomem *hw_addr = READ_ONCE(hw->hw_addr);\n\t\tu32 value = 0;\n\n\t\tif (IGC_REMOVED(hw_addr))\n\t\t\treturn ~value;\n\n\t\tvalue = readl(&hw_addr[reg]);\n\n\t\t/* reads should not return all F's */\n\t\tif (!(~value) && (!reg || !(~readl(hw_addr))))\n\t\t\thw->hw_addr = NULL;\n\n\t\treturn value;\n\t}\n\nAnd:\n\n\t#define wr32(reg, val) \\\n\tdo { \\\n\t\tu8 __iomem *hw_addr = READ_ONCE((hw)->hw_addr); \\\n\t\tif (!IGC_REMOVED(hw_addr)) \\\n\t\t\twritel((val), &hw_addr[(reg)]); \\\n\t} while (0)\n\nE.g. igb has similar checks in its MMIO accessors, and has a similar\nmacro E1000_REMOVED, which is implemented as follows:\n\n\t#define E1000_REMOVED(h) unlikely(!(h))\n\nThese checks serve to detect and take note of an 0xffffffff MMIO read\nreturn from the device, which can be caused by a PCIe link flap or some\nother kind of PCI bus error, and to avoid performing MMIO reads and\nwrites from that point onwards.\n\nHowever, the IGC_REMOVED macro was not originally implemented:\n\n\t#ifndef IGC_REMOVED\n\t#define IGC_REMOVED(a) (0)\n\t#endif /* IGC_REMOVED */\n\nThis led to the IGC_REMOVED logic to be removed entirely in a\nsubsequent commit (commit 3c215fb18e70, \"igc: remove IGC_REMOVED\nfunction\"), with the rationale that such checks matter only for\nvirtualization and that igc does not support virtualization -- but a\nPCIe device can become detached even without virtualization being in\nuse, and without proper checks, a PCIe bus error affecting an igc\nadapter will lead to various NULL pointer dereferences, as the first\naccess after the error will set hw->hw_addr to NULL, and subsequent\naccesses will blindly dereference this now-NULL pointer.\n\nThis patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and\nimplements IGC_REMOVED the way it is done for igb, by checking for the\nunlikely() case of hw_addr being NULL. This change prevents the oopses\nseen when a PCIe link flap occurs on an igc adapter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd5ae035-516c-4d61-abfa-56f196fe9744.json b/objects/vulnerability/vulnerability--fd5ae035-516c-4d61-abfa-56f196fe9744.json new file mode 100644 index 00000000000..779d91d6955 --- /dev/null +++ b/objects/vulnerability/vulnerability--fd5ae035-516c-4d61-abfa-56f196fe9744.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d5ed932-7b32-4374-8700-aa5be702c05d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd5ae035-516c-4d61-abfa-56f196fe9744", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.498498Z", + "modified": "2025-02-27T00:38:15.498498Z", + "name": "CVE-2022-49515", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t\n\nThe CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in\nthe array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN\nto report a shift-out-of-bounds warning in the cs35l41_otp_unpack()\nsince the last entry in the array will result in GENMASK(-1, 0).\n\nUBSAN reports this problem:\n UBSAN: shift-out-of-bounds in /home/hwang4/build/jammy/jammy/sound/soc/codecs/cs35l41-lib.c:836:8\n shift exponent 64 is too large for 64-bit type 'long unsigned int'\n CPU: 10 PID: 595 Comm: systemd-udevd Not tainted 5.15.0-23-generic #23\n Hardware name: LENOVO \\x02MFG_IN_GO/\\x02MFG_IN_GO, BIOS N3GET19W (1.00 ) 03/11/2022\n Call Trace:\n \n show_stack+0x52/0x58\n dump_stack_lvl+0x4a/0x5f\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x45\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef\n ? regmap_unlock_mutex+0xe/0x10\n cs35l41_otp_unpack.cold+0x1c6/0x2b2 [snd_soc_cs35l41_lib]\n cs35l41_hda_probe+0x24f/0x33a [snd_hda_scodec_cs35l41]\n cs35l41_hda_i2c_probe+0x65/0x90 [snd_hda_scodec_cs35l41_i2c]\n ? cs35l41_hda_i2c_remove+0x20/0x20 [snd_hda_scodec_cs35l41_i2c]\n i2c_device_probe+0x252/0x2b0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fda77875-17b0-4f0e-a297-8a963a368e53.json b/objects/vulnerability/vulnerability--fda77875-17b0-4f0e-a297-8a963a368e53.json new file mode 100644 index 00000000000..321d33c3535 --- /dev/null +++ b/objects/vulnerability/vulnerability--fda77875-17b0-4f0e-a297-8a963a368e53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58ba417d-23d4-41c8-ab09-e0ad99b40da1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fda77875-17b0-4f0e-a297-8a963a368e53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.59552Z", + "modified": "2025-02-27T00:38:15.59552Z", + "name": "CVE-2022-49175", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: core: keep irq flags in device_pm_check_callbacks()\n\nThe function device_pm_check_callbacks() can be called under the spin\nlock (in the reported case it happens from genpd_add_device() ->\ndev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.\n\nHowever this function uncoditionally uses spin_lock_irq() /\nspin_unlock_irq(), thus not preserving the CPU flags. Use the\nirqsave/irqrestore instead.\n\nThe backtrace for the reference:\n[ 2.752010] ------------[ cut here ]------------\n[ 2.756769] raw_local_irq_restore() called with IRQs enabled\n[ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50\n[ 2.772338] Modules linked in:\n[ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684\n[ 2.781384] Freeing initrd memory: 46024K\n[ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50\n[ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50\n[ 2.785846] sp : ffff80000805b7d0\n[ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002\n[ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800\n[ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00\n[ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff\n[ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7\n[ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8\n[ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0\n[ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0\n[ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000\n[ 2.889774] Call trace:\n[ 2.892290] warn_bogus_irq_restore+0x34/0x50\n[ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0\n[ 2.901690] genpd_unlock_spin+0x20/0x30\n[ 2.905724] genpd_add_device+0x100/0x2d0\n[ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c\n[ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190\n[ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0\n[ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30\n[ 2.929102] psci_dt_attach_cpu+0x24/0x90\n[ 2.933230] psci_cpuidle_probe+0x2d4/0x46c\n[ 2.937534] platform_probe+0x68/0xe0\n[ 2.941304] really_probe.part.0+0x9c/0x2fc\n[ 2.945605] __driver_probe_device+0x98/0x144\n[ 2.950085] driver_probe_device+0x44/0x15c\n[ 2.954385] __device_attach_driver+0xb8/0x120\n[ 2.958950] bus_for_each_drv+0x78/0xd0\n[ 2.962896] __device_attach+0xd8/0x180\n[ 2.966843] device_initial_probe+0x14/0x20\n[ 2.971144] bus_probe_device+0x9c/0xa4\n[ 2.975092] device_add+0x380/0x88c\n[ 2.978679] platform_device_add+0x114/0x234\n[ 2.983067] platform_device_register_full+0x100/0x190\n[ 2.988344] psci_idle_init+0x6c/0xb0\n[ 2.992113] do_one_initcall+0x74/0x3a0\n[ 2.996060] kernel_init_freeable+0x2fc/0x384\n[ 3.000543] kernel_init+0x28/0x130\n[ 3.004132] ret_from_fork+0x10/0x20\n[ 3.007817] irq event stamp: 319826\n[ 3.011404] hardirqs last enabled at (319825): [] __up_console_sem+0x78/0x84\n[ 3.020332] hardirqs last disabled at (319826): [] el1_dbg+0x24/0x8c\n[ 3.028458] softirqs last enabled at (318312): [] _stext+0x410/0x588\n[ 3.036678] softirqs last disabled at (318299): [] __irq_exit_rcu+0x158/0x174\n[ 3.045607] ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe72405e-603c-4e1f-acbc-3b1e2c736035.json b/objects/vulnerability/vulnerability--fe72405e-603c-4e1f-acbc-3b1e2c736035.json new file mode 100644 index 00000000000..632bc2cfc77 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe72405e-603c-4e1f-acbc-3b1e2c736035.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--736b18e1-2556-458b-b6c6-6c9d06151215", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe72405e-603c-4e1f-acbc-3b1e2c736035", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.465124Z", + "modified": "2025-02-27T00:38:15.465124Z", + "name": "CVE-2022-49159", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Implement ref count for SRB\n\nThe timeout handler and the done function are racing. When\nqla2x00_async_iocb_timeout() starts to run it can be preempted by the\nnormal response path (via the firmware?). qla24xx_async_gpsc_sp_done()\nreleases the SRB unconditionally. When scheduling back to\nqla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed\nsp->qpair pointer:\n\n qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeout - hdl=63d portid=234500 50:06:0e:80:08:77:b6:21.\n qla2xxx [0000:83:00.0]-2853:0: Async done-gpsc res 0, WWPN 50:06:0e:80:08:77:b6:21\n qla2xxx [0000:83:00.0]-2854:0: Async-gpsc OUT WWPN 20:45:00:27:f8:75:33:00 speeds=2c00 speed=0400.\n qla2xxx [0000:83:00.0]-28d8:0: qla24xx_handle_gpsc_event 50:06:0e:80:08:77:b6:21 DS 7 LS 6 rc 0 login 1|1 rscn 1|0 lid 5\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000004\n IP: qla24xx_async_abort_cmd+0x1b/0x1c0 [qla2xxx]\n\nObvious solution to this is to introduce a reference counter. One reference\nis taken for the normal code path (the 'good' case) and one for the timeout\npath. As we always race between the normal good case and the timeout/abort\nhandler we need to serialize it. Also we cannot assume any order between\nthe handlers. Since this is slow path we can use proper synchronization via\nlocks.\n\nWhen we are able to cancel a timer (del_timer returns 1) we know there\ncan't be any error handling in progress because the timeout handler hasn't\nexpired yet, thus we can safely decrement the refcounter by one.\n\nIf we are not able to cancel the timer, we know an abort handler is\nrunning. We have to make sure we call sp->done() in the abort handlers\nbefore calling kref_put().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49159" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fead0207-c73f-438c-bb20-75e46ec64a71.json b/objects/vulnerability/vulnerability--fead0207-c73f-438c-bb20-75e46ec64a71.json new file mode 100644 index 00000000000..386ed54e36b --- /dev/null +++ b/objects/vulnerability/vulnerability--fead0207-c73f-438c-bb20-75e46ec64a71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0980efc-badc-4f6f-b7c1-c83cc9f98890", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fead0207-c73f-438c-bb20-75e46ec64a71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.665441Z", + "modified": "2025-02-27T00:38:15.665441Z", + "name": "CVE-2022-49302", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: host: isp116x: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49302" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--feba9485-23ba-4ada-b47e-b6ca49051a38.json b/objects/vulnerability/vulnerability--feba9485-23ba-4ada-b47e-b6ca49051a38.json new file mode 100644 index 00000000000..6233f3a042a --- /dev/null +++ b/objects/vulnerability/vulnerability--feba9485-23ba-4ada-b47e-b6ca49051a38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69cf0002-f756-4d7c-a355-eeaff7f06fe8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--feba9485-23ba-4ada-b47e-b6ca49051a38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.339856Z", + "modified": "2025-02-27T00:38:15.339856Z", + "name": "CVE-2022-49312", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix a potential memory leak in r871xu_drv_init()\n\nIn r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory\nallocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not\nproperly released as there is no action will be performed by\nr8712_usb_dvobj_deinit().\nTo properly release it, we should call r8712_free_io_queue() in\nr8712_usb_dvobj_deinit().\n\nBesides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called\nby r871x_dev_unload() under condition `padapter->bup` and\nr8712_free_io_queue() is called by r8712_free_drv_sw().\nHowever, r8712_usb_dvobj_deinit() does not rely on `padapter->bup` and\ncalling r8712_free_io_queue() in r8712_free_drv_sw() is negative for\nbetter understading the code.\nSo I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove\nr8712_free_io_queue() from r8712_free_drv_sw().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49312" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fece35b0-c94f-4dde-b540-379fce059aab.json b/objects/vulnerability/vulnerability--fece35b0-c94f-4dde-b540-379fce059aab.json new file mode 100644 index 00000000000..3940248e11b --- /dev/null +++ b/objects/vulnerability/vulnerability--fece35b0-c94f-4dde-b540-379fce059aab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdf28233-de4c-46b2-adec-304736c60d84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fece35b0-c94f-4dde-b540-379fce059aab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.289441Z", + "modified": "2025-02-27T00:38:15.289441Z", + "name": "CVE-2022-49187", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_hw_get_clk() when dev is NULL\n\nAny registered clk_core structure can have a NULL pointer in its dev\nfield. While never actually documented, this is evidenced by the wide\nusage of clk_register and clk_hw_register with a NULL device pointer,\nand the fact that the core of_clk_hw_register() function also passes a\nNULL device pointer.\n\nA call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that\ncase will result in a NULL pointer derefence when it calls dev_name() on\nthat NULL device pointer.\n\nAdd a test for this case and use NULL as the dev_id if the device\npointer is NULL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ffbee861-6b3f-40e1-85b8-755c53eeb0aa.json b/objects/vulnerability/vulnerability--ffbee861-6b3f-40e1-85b8-755c53eeb0aa.json new file mode 100644 index 00000000000..a6159fcf6f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--ffbee861-6b3f-40e1-85b8-755c53eeb0aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1e70467-039a-4e3f-8b0f-a4d848035716", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ffbee861-6b3f-40e1-85b8-755c53eeb0aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-27T00:38:15.740756Z", + "modified": "2025-02-27T00:38:15.740756Z", + "name": "CVE-2022-49496", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko\n\nIf the driver support subdev mode, the parameter \"dev->pm.dev\" will be\nNULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod\nmtk-vcodec-dec.ko.\n\n[ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80\n[ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c\n[ 4380.711509] sp : ffff80000819bc10\n[ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000\n[ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220\n[ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020\n[ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976\n[ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040\n[ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n[ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc\n[ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\n[ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208\n[ 4380.786031] Call trace:\n[ 4380.788465] do_raw_spin_trylock+0x4/0x80\n[ 4380.792462] __pm_runtime_disable+0x2c/0x1b0\n[ 4380.796723] mtk_vcodec_dec_remove+0x5c/0xa0 [mtk_vcodec_dec]\n[ 4380.802466] platform_remove+0x2c/0x60\n[ 4380.806204] __device_release_driver+0x194/0x250\n[ 4380.810810] driver_detach+0xc8/0x15c\n[ 4380.814462] bus_remove_driver+0x5c/0xb0\n[ 4380.818375] driver_unregister+0x34/0x64\n[ 4380.822288] platform_driver_unregister+0x18/0x24\n[ 4380.826979] mtk_vcodec_dec_driver_exit+0x1c/0x888 [mtk_vcodec_dec]\n[ 4380.833240] __arm64_sys_delete_module+0x190/0x224\n[ 4380.838020] invoke_syscall+0x48/0x114\n[ 4380.841760] el0_svc_common.constprop.0+0x60/0x11c\n[ 4380.846540] do_el0_svc+0x28/0x90\n[ 4380.849844] el0_svc+0x4c/0x100\n[ 4380.852975] el0t_64_sync_handler+0xec/0xf0\n[ 4380.857148] el0t_64_sync+0x190/0x194\n[ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49496" + } + ] + } + ] +} \ No newline at end of file