All of lore.kernel.org
 help / color / mirror / Atom feed
From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [kernel-cve-report] New CVE entries this week
Date: Thu, 8 Feb 2024 08:05:11 +0900	[thread overview]
Message-ID: <CAODzB9rAHEekG4XfSQzigdMh0N+6KO-Z+H2mWZ+cLrbWBXX65g@mail.gmail.com> (raw)

Hi!

It's this week's CVE report.

This week reported 10 new CVEs and 3 updated CVEs.

* New CVEs

CVE-2023-6240: Marvin vulnerability side-channel leakage in the RSA
decryption operation

CVSS v3(NIST): N/A
CVSS v3(CNA): 6.5 (MEDIUM)

A Marvin vulnerability side-channel leakage was found in the RSA
decryption operation in the Linux Kernel. This issue may allow a
network attacker to decrypt ciphertexts or forge signatures, limiting
the services that use that private key.

This vulnerability is not only affecting Linux kernel, it is also
affecting lots of softwares.
https://people.redhat.com/~hkario/marvin/

Fixed status
Not fixed yet.

CVE-2024-22386: NULL pointer dereference bug was found in drm/exynos
device driver

CVSS v3(NIST): N/A
CVSS v3(CNA): 5.3 (MEDIUM)

A race condition was found in the Linux kernel's drm/exynos device
driver in exynos_drm_crtc_atomic_disable() function. This can result
in a null pointer dereference issue, possibly leading to a kernel
panic or denial of service issue.

It looks like commit 2e63972a ("drm/exynos: fix a possible
null-pointer dereference due to data race in
exynos_drm_crtc_atomic_disable()") fixes this vulnerability but
accessing to the bugzilla
(https://bugzilla.openanolis.cn/show_bug.cgi?id=8147) is restricted
now so we need to wait for sometime.

Fixed status
Not fixed yet.

CVE-2024-23196: NULL pointer dereference bug was found in sound/hda
device driver

CVSS v3(NIST): N/A
CVSS v3(CNA): 5.3 (MEDIUM)

A race condition was found in the Linux kernel's sound/hda device
driver in snd_hdac_regmap_sync() function. This can result in a null
pointer dereference issue, possibly leading to a kernel panic or
denial of service issue.

It looks like commit 1f4a08fed ("ALSA: hda: fix a possible
null-pointer dereference due to data race in snd_hdac_regmap_sync()")
fixes this vulnerability but accessing to the bugzilla
(https://bugzilla.openanolis.cn/show_bug.cgi?id=8148) is restricted
now so we need to wait for sometime.

Fixed status
Not fixed yet.

CVE-2024-24855: NULL pointer dereference bug was found in scsi device driver

CVSS v3(NIST): N/A
CVSS v3(CNA): 5.0 (MEDIUM)

A race condition was found in the Linux kernel's scsi device driver in
lpfc_unregister_fcf_rescan() function. This can result in a null
pointer dereference issue, possibly leading to a kernel panic or
denial of service issue.

It looks like commit 0e881c0a ("scsi: lpfc: Fix a possible data race
in lpfc_unregister_fcf_rescan()") fixes this vulnerability but
accessing to the bugzilla
(https://bugzilla.openanolis.cn/show_bug.cgi?id=8149) is restricted
now so we need to wait for sometime.

Fixed status
Not fixed yet.

CVE-2024-24857: Integer overflow bug was found in bluetooth device driver

CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)

A race condition was found in the Linux kernel's net/bluetooth device
driver in conn_info_{min,max}_age_set() function. This can result in
integrity overflow issue, possibly leading to bluetooth connection
abnormality or denial of service.

Fixed status
Not fixed yet.

CVE-2024-24858: Race condition bug in
{conn,adv}_{min,max}_interval_set() in bluetooth driver causes DoS

CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)

A race condition was found in the Linux kernel's net/bluetooth in
{conn,adv}_{min,max}_interval_set() function. This can result in I2cap
connection or broadcast abnormality issue, possibly leading to denial
of service.

Fixed status
Not fixed yet.

CVE-2024-24859: Race condition bug in sniff_{min,max}_interval_set()
in bluetooth driver causes DoS

CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)

A race condition was found in the Linux kernel's net/bluetooth in
sniff_{min,max}_interval_set() function. This can result in a
bluetooth sniffing exception issue, possibly leading denial of
service.

Fixed status
Not fixed yet.

CVE-2024-24860: NULL pointer dereference bug was found in bluetooth
device driver in {min,max}_key_size_set()

CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)

A race condition was found in the Linux kernel's bluetooth device
driver in {min,max}_key_size_set() function. This can result in a null
pointer dereference issue, possibly leading to a kernel panic or
denial of service issue.

It looks like commit da9065caa ("Bluetooth: Fix atomicity violation in
{min,max}_key_size_set") fixes this vulnerability but accessing to the
bugzilla (https://bugzilla.openanolis.cn/show_bug.cgi?id=8151) is
restricted now so we need to wait for sometime.

Fixed status
Not fixed yet.

CVE-2024-24861: Race condition bug was found in media/xc4000 device
driver in xc4000 xc4000_get_frequency()

CVSS v3(NIST): N/A
CVSS v3(CNA): 3.3 (LOW)

A race condition was found in the Linux kernel's media/xc4000 device
driver in xc4000 xc4000_get_frequency() function. This can result in
return value overflow issue, possibly leading to malfunction or denial
of service issue.

Fixed status
Not fixed yet.

CVE-2024-24864: Race condition bug in media/dvb-core in dvbdmx_write()
causes DoS

A race condition was found in the Linux kernel's media/dvb-core in
dvbdmx_write() function. This can result in a null pointer dereference
issue, possibly leading to a kernel panic or denial of service issue.

CVSS v3(NIST): N/A
CVSS v3(CNA): 5.3 (MEDIUM)

Fixed status
Not fixed yet.

* Updated CVEs

CVE-2024-1086: netfilter: nf_tables: reject QUEUE/DROP verdict parameters

stable 6.1, 6.6, and 6.7 were fixed.

Fixed status
mainline: [f342de4e2f33e0e39165d8639387aa6c19dff660]
stable/6.1: [8e34430e33b8a80bc014f3efe29cac76bc30a4b4]
stable/6.6: [6653118b176a00915125521c6572ae8e507621db]
stable/6.7: [f05a497e7bc8851eeeb3a58da180ba469efebb05]

CVE-2024-23849: net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

The mainlinx, stable 6.1, 6.6, and 6.7 were fixed.

Fixed status
mainline: [13e788deb7348cc88df34bed736c3b3b9927ea52]
stable/6.1: [71024928b3f71ce4529426f8692943205c58d30b]
stable/6.6: [7a73190ea557e7f26914b0fe04c1f57a96cb771f]
stable/6.7: [0b787c2dea15e7a2828fa3a74a5447df4ed57711]

CVE-2024-23851: Kernel crash in drivers/md/dm-ioctl.c when allocate
memory more than INT_MAX bytes

Fixed in 6.8-rc3.

Fixed status
mainline: [bd504bcfec41a503b32054da5472904b404341a4]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,
-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com


             reply	other threads:[~2024-02-07 23:05 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-07 23:05 Masami Ichikawa [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-05-23  0:56 [kernel-cve-report] New CVE entries this week Masami Ichikawa
2024-05-23  6:12 ` Jan Kiszka
2024-05-15 22:11 Masami Ichikawa
2024-05-08 23:45 Masami Ichikawa
2024-05-02  3:10 Masami Ichikawa
2024-04-24 22:53 Masami Ichikawa
2024-04-18  4:09 Masami Ichikawa
2024-04-11  2:21 Masami Ichikawa
2024-04-04  5:34 Masami Ichikawa
2024-03-27 23:10 Masami Ichikawa
2024-03-20 23:36 Masami Ichikawa
2024-03-13 23:34 Masami Ichikawa
2024-03-07  3:08 Masami Ichikawa
2024-02-29  0:02 Masami Ichikawa
2024-02-22  0:31 Masami Ichikawa
2024-02-14 22:47 Masami Ichikawa
2024-01-31 23:18 Masami Ichikawa
2024-01-24 23:17 Masami Ichikawa
2024-01-10 22:52 Masami Ichikawa
2024-01-03 23:09 Masami Ichikawa
2023-12-27 22:47 Masami Ichikawa
2023-12-20 23:08 Masami Ichikawa
2023-12-13 22:52 Masami Ichikawa
2023-12-06 23:22 Masami Ichikawa
2023-11-29 23:03 Masami Ichikawa
2023-11-22 23:21 Masami Ichikawa
2023-11-15 22:48 Masami Ichikawa
2023-11-08 22:55 Masami Ichikawa
2023-11-01 22:42 Masami Ichikawa
2023-10-25 23:30 Masami Ichikawa
2023-10-18 23:20 Masami Ichikawa
2023-10-11 22:54 Masami Ichikawa
2023-10-04 22:09 Masami Ichikawa
2023-09-27 22:58 Masami Ichikawa
2023-09-20 22:51 Masami Ichikawa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAODzB9rAHEekG4XfSQzigdMh0N+6KO-Z+H2mWZ+cLrbWBXX65g@mail.gmail.com \
    --to=masami.ichikawa@miraclelinux.com \
    --cc=cip-dev@lists.cip-project.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.