From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [kernel-cve-report] New CVE entries this week
Date: Thu, 8 Feb 2024 08:05:11 +0900 [thread overview]
Message-ID: <CAODzB9rAHEekG4XfSQzigdMh0N+6KO-Z+H2mWZ+cLrbWBXX65g@mail.gmail.com> (raw)
Hi!
It's this week's CVE report.
This week reported 10 new CVEs and 3 updated CVEs.
* New CVEs
CVE-2023-6240: Marvin vulnerability side-channel leakage in the RSA
decryption operation
CVSS v3(NIST): N/A
CVSS v3(CNA): 6.5 (MEDIUM)
A Marvin vulnerability side-channel leakage was found in the RSA
decryption operation in the Linux Kernel. This issue may allow a
network attacker to decrypt ciphertexts or forge signatures, limiting
the services that use that private key.
This vulnerability is not only affecting Linux kernel, it is also
affecting lots of softwares.
https://people.redhat.com/~hkario/marvin/
Fixed status
Not fixed yet.
CVE-2024-22386: NULL pointer dereference bug was found in drm/exynos
device driver
CVSS v3(NIST): N/A
CVSS v3(CNA): 5.3 (MEDIUM)
A race condition was found in the Linux kernel's drm/exynos device
driver in exynos_drm_crtc_atomic_disable() function. This can result
in a null pointer dereference issue, possibly leading to a kernel
panic or denial of service issue.
It looks like commit 2e63972a ("drm/exynos: fix a possible
null-pointer dereference due to data race in
exynos_drm_crtc_atomic_disable()") fixes this vulnerability but
accessing to the bugzilla
(https://bugzilla.openanolis.cn/show_bug.cgi?id=8147) is restricted
now so we need to wait for sometime.
Fixed status
Not fixed yet.
CVE-2024-23196: NULL pointer dereference bug was found in sound/hda
device driver
CVSS v3(NIST): N/A
CVSS v3(CNA): 5.3 (MEDIUM)
A race condition was found in the Linux kernel's sound/hda device
driver in snd_hdac_regmap_sync() function. This can result in a null
pointer dereference issue, possibly leading to a kernel panic or
denial of service issue.
It looks like commit 1f4a08fed ("ALSA: hda: fix a possible
null-pointer dereference due to data race in snd_hdac_regmap_sync()")
fixes this vulnerability but accessing to the bugzilla
(https://bugzilla.openanolis.cn/show_bug.cgi?id=8148) is restricted
now so we need to wait for sometime.
Fixed status
Not fixed yet.
CVE-2024-24855: NULL pointer dereference bug was found in scsi device driver
CVSS v3(NIST): N/A
CVSS v3(CNA): 5.0 (MEDIUM)
A race condition was found in the Linux kernel's scsi device driver in
lpfc_unregister_fcf_rescan() function. This can result in a null
pointer dereference issue, possibly leading to a kernel panic or
denial of service issue.
It looks like commit 0e881c0a ("scsi: lpfc: Fix a possible data race
in lpfc_unregister_fcf_rescan()") fixes this vulnerability but
accessing to the bugzilla
(https://bugzilla.openanolis.cn/show_bug.cgi?id=8149) is restricted
now so we need to wait for sometime.
Fixed status
Not fixed yet.
CVE-2024-24857: Integer overflow bug was found in bluetooth device driver
CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)
A race condition was found in the Linux kernel's net/bluetooth device
driver in conn_info_{min,max}_age_set() function. This can result in
integrity overflow issue, possibly leading to bluetooth connection
abnormality or denial of service.
Fixed status
Not fixed yet.
CVE-2024-24858: Race condition bug in
{conn,adv}_{min,max}_interval_set() in bluetooth driver causes DoS
CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)
A race condition was found in the Linux kernel's net/bluetooth in
{conn,adv}_{min,max}_interval_set() function. This can result in I2cap
connection or broadcast abnormality issue, possibly leading to denial
of service.
Fixed status
Not fixed yet.
CVE-2024-24859: Race condition bug in sniff_{min,max}_interval_set()
in bluetooth driver causes DoS
CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)
A race condition was found in the Linux kernel's net/bluetooth in
sniff_{min,max}_interval_set() function. This can result in a
bluetooth sniffing exception issue, possibly leading denial of
service.
Fixed status
Not fixed yet.
CVE-2024-24860: NULL pointer dereference bug was found in bluetooth
device driver in {min,max}_key_size_set()
CVSS v3(NIST): N/A
CVSS v3(CNA): 4.6 (MEDIUM)
A race condition was found in the Linux kernel's bluetooth device
driver in {min,max}_key_size_set() function. This can result in a null
pointer dereference issue, possibly leading to a kernel panic or
denial of service issue.
It looks like commit da9065caa ("Bluetooth: Fix atomicity violation in
{min,max}_key_size_set") fixes this vulnerability but accessing to the
bugzilla (https://bugzilla.openanolis.cn/show_bug.cgi?id=8151) is
restricted now so we need to wait for sometime.
Fixed status
Not fixed yet.
CVE-2024-24861: Race condition bug was found in media/xc4000 device
driver in xc4000 xc4000_get_frequency()
CVSS v3(NIST): N/A
CVSS v3(CNA): 3.3 (LOW)
A race condition was found in the Linux kernel's media/xc4000 device
driver in xc4000 xc4000_get_frequency() function. This can result in
return value overflow issue, possibly leading to malfunction or denial
of service issue.
Fixed status
Not fixed yet.
CVE-2024-24864: Race condition bug in media/dvb-core in dvbdmx_write()
causes DoS
A race condition was found in the Linux kernel's media/dvb-core in
dvbdmx_write() function. This can result in a null pointer dereference
issue, possibly leading to a kernel panic or denial of service issue.
CVSS v3(NIST): N/A
CVSS v3(CNA): 5.3 (MEDIUM)
Fixed status
Not fixed yet.
* Updated CVEs
CVE-2024-1086: netfilter: nf_tables: reject QUEUE/DROP verdict parameters
stable 6.1, 6.6, and 6.7 were fixed.
Fixed status
mainline: [f342de4e2f33e0e39165d8639387aa6c19dff660]
stable/6.1: [8e34430e33b8a80bc014f3efe29cac76bc30a4b4]
stable/6.6: [6653118b176a00915125521c6572ae8e507621db]
stable/6.7: [f05a497e7bc8851eeeb3a58da180ba469efebb05]
CVE-2024-23849: net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
The mainlinx, stable 6.1, 6.6, and 6.7 were fixed.
Fixed status
mainline: [13e788deb7348cc88df34bed736c3b3b9927ea52]
stable/6.1: [71024928b3f71ce4529426f8692943205c58d30b]
stable/6.6: [7a73190ea557e7f26914b0fe04c1f57a96cb771f]
stable/6.7: [0b787c2dea15e7a2828fa3a74a5447df4ed57711]
CVE-2024-23851: Kernel crash in drivers/md/dm-ioctl.c when allocate
memory more than INT_MAX bytes
Fixed in 6.8-rc3.
Fixed status
mainline: [bd504bcfec41a503b32054da5472904b404341a4]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2024-02-07 23:05 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-07 23:05 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-05-23 0:56 [kernel-cve-report] New CVE entries this week Masami Ichikawa
2024-05-23 6:12 ` Jan Kiszka
2024-05-15 22:11 Masami Ichikawa
2024-05-08 23:45 Masami Ichikawa
2024-05-02 3:10 Masami Ichikawa
2024-04-24 22:53 Masami Ichikawa
2024-04-18 4:09 Masami Ichikawa
2024-04-11 2:21 Masami Ichikawa
2024-04-04 5:34 Masami Ichikawa
2024-03-27 23:10 Masami Ichikawa
2024-03-20 23:36 Masami Ichikawa
2024-03-13 23:34 Masami Ichikawa
2024-03-07 3:08 Masami Ichikawa
2024-02-29 0:02 Masami Ichikawa
2024-02-22 0:31 Masami Ichikawa
2024-02-14 22:47 Masami Ichikawa
2024-01-31 23:18 Masami Ichikawa
2024-01-24 23:17 Masami Ichikawa
2024-01-10 22:52 Masami Ichikawa
2024-01-03 23:09 Masami Ichikawa
2023-12-27 22:47 Masami Ichikawa
2023-12-20 23:08 Masami Ichikawa
2023-12-13 22:52 Masami Ichikawa
2023-12-06 23:22 Masami Ichikawa
2023-11-29 23:03 Masami Ichikawa
2023-11-22 23:21 Masami Ichikawa
2023-11-15 22:48 Masami Ichikawa
2023-11-08 22:55 Masami Ichikawa
2023-11-01 22:42 Masami Ichikawa
2023-10-25 23:30 Masami Ichikawa
2023-10-18 23:20 Masami Ichikawa
2023-10-11 22:54 Masami Ichikawa
2023-10-04 22:09 Masami Ichikawa
2023-09-27 22:58 Masami Ichikawa
2023-09-20 22:51 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAODzB9rAHEekG4XfSQzigdMh0N+6KO-Z+H2mWZ+cLrbWBXX65g@mail.gmail.com \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.