Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-46936 (GCVE-0-2021-46936)
Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2025-05-04 07:00
VLAI?
EPSS
Title
net: fix use-after-free in tw_timer_handler
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix use-after-free in tw_timer_handler
A real world panic issue was found as follow in Linux 5.4.
BUG: unable to handle page fault for address: ffffde49a863de28
PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0
RIP: 0010:tw_timer_handler+0x20/0x40
Call Trace:
<IRQ>
call_timer_fn+0x2b/0x120
run_timer_softirq+0x1ef/0x450
__do_softirq+0x10d/0x2b8
irq_exit+0xc7/0xd0
smp_apic_timer_interrupt+0x68/0x120
apic_timer_interrupt+0xf/0x20
This issue was also reported since 2017 in the thread [1],
unfortunately, the issue was still can be reproduced after fixing
DCCP.
The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net
namespace is destroyed since tcp_sk_ops is registered befrore
ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops
in the list of pernet_list. There will be a use-after-free on
net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net
if there are some inflight time-wait timers.
This bug is not introduced by commit f2bf415cfed7 ("mib: add net to
NET_ADD_STATS_BH") since the net_statistics is a global variable
instead of dynamic allocation and freeing. Actually, commit
61a7e26028b9 ("mib: put net statistics on struct net") introduces
the bug since it put net statistics on struct net and free it when
net namespace is destroyed.
Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug
and replace pr_crit() with panic() since continuing is meaningless
when init_ipv4_mibs() fails.
[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 15579e1301f856ad9385d720c9267c11032a5022
(git)
Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < e73164e89d1be561228a4534e1091369ee4ba41a (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 5c2fe20ad37ff56070ae0acb34152333976929b4 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < a8e1944b44f94f5c5f530e434c5eaee787254566 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < fe5838c22b986c1190f1dce9aa09bf6a491c1a69 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 2386e81a1d277f540e1285565c9d41d531bb69d4 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 08eacbd141e2495d2fcdde84358a06c4f95cbb13 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:57.788399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:18.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15579e1301f856ad9385d720c9267c11032a5022",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "e73164e89d1be561228a4534e1091369ee4ba41a",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "5c2fe20ad37ff56070ae0acb34152333976929b4",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "a8e1944b44f94f5c5f530e434c5eaee787254566",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "fe5838c22b986c1190f1dce9aa09bf6a491c1a69",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "2386e81a1d277f540e1285565c9d41d531bb69d4",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "08eacbd141e2495d2fcdde84358a06c4f95cbb13",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.298",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.298",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.296",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:00:40.694Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
},
{
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
}
],
"title": "net: fix use-after-free in tw_timer_handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46936",
"datePublished": "2024-02-27T09:44:02.758Z",
"dateReserved": "2024-02-25T13:45:52.720Z",
"dateUpdated": "2025-05-04T07:00:40.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:17:42.878Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46936\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:01:57.788399Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:16.064Z\"}}], \"cna\": {\"title\": \"net: fix use-after-free in tw_timer_handler\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"15579e1301f856ad9385d720c9267c11032a5022\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"e73164e89d1be561228a4534e1091369ee4ba41a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"5c2fe20ad37ff56070ae0acb34152333976929b4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"a8e1944b44f94f5c5f530e434c5eaee787254566\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"fe5838c22b986c1190f1dce9aa09bf6a491c1a69\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"2386e81a1d277f540e1285565c9d41d531bb69d4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"08eacbd141e2495d2fcdde84358a06c4f95cbb13\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"61a7e26028b94805fd686a6dc9dbd9941f8f19b0\", \"lessThan\": \"e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0\", \"versionType\": \"git\"}], \"programFiles\": [\"net/ipv4/af_inet.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.27\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.27\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.4.298\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.4.*\"}, {\"status\": \"unaffected\", \"version\": \"4.9.296\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.261\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.224\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.170\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.90\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/ipv4/af_inet.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022\"}, {\"url\": \"https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a\"}, {\"url\": \"https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4\"}, {\"url\": \"https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566\"}, {\"url\": \"https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69\"}, {\"url\": \"https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4\"}, {\"url\": \"https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13\"}, {\"url\": \"https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: fix use-after-free in tw_timer_handler\\n\\nA real world panic issue was found as follow in Linux 5.4.\\n\\n BUG: unable to handle page fault for address: ffffde49a863de28\\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\\n RIP: 0010:tw_timer_handler+0x20/0x40\\n Call Trace:\\n \u003cIRQ\u003e\\n call_timer_fn+0x2b/0x120\\n run_timer_softirq+0x1ef/0x450\\n __do_softirq+0x10d/0x2b8\\n irq_exit+0xc7/0xd0\\n smp_apic_timer_interrupt+0x68/0x120\\n apic_timer_interrupt+0xf/0x20\\n\\nThis issue was also reported since 2017 in the thread [1],\\nunfortunately, the issue was still can be reproduced after fixing\\nDCCP.\\n\\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\\nnamespace is destroyed since tcp_sk_ops is registered befrore\\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\\nin the list of pernet_list. There will be a use-after-free on\\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\\nif there are some inflight time-wait timers.\\n\\nThis bug is not introduced by commit f2bf415cfed7 (\\\"mib: add net to\\nNET_ADD_STATS_BH\\\") since the net_statistics is a global variable\\ninstead of dynamic allocation and freeing. Actually, commit\\n61a7e26028b9 (\\\"mib: put net statistics on struct net\\\") introduces\\nthe bug since it put net statistics on struct net and free it when\\nnet namespace is destroyed.\\n\\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\\nand replace pr_crit() with panic() since continuing is meaningless\\nwhen init_ipv4_mibs() fails.\\n\\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.4.298\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.296\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.261\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.224\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.170\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.90\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.13\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.16\", \"versionStartIncluding\": \"2.6.27\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:00:40.694Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-46936\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:00:40.694Z\", \"dateReserved\": \"2024-02-25T13:45:52.720Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-27T09:44:02.758Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-9X4X-QWHQ-G8F7
Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 21:30
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
net: fix use-after-free in tw_timer_handler
A real world panic issue was found as follow in Linux 5.4.
BUG: unable to handle page fault for address: ffffde49a863de28
PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0
RIP: 0010:tw_timer_handler+0x20/0x40
Call Trace:
<IRQ>
call_timer_fn+0x2b/0x120
run_timer_softirq+0x1ef/0x450
__do_softirq+0x10d/0x2b8
irq_exit+0xc7/0xd0
smp_apic_timer_interrupt+0x68/0x120
apic_timer_interrupt+0xf/0x20
This issue was also reported since 2017 in the thread [1], unfortunately, the issue was still can be reproduced after fixing DCCP.
The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net namespace is destroyed since tcp_sk_ops is registered befrore ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops in the list of pernet_list. There will be a use-after-free on net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net if there are some inflight time-wait timers.
This bug is not introduced by commit f2bf415cfed7 ("mib: add net to NET_ADD_STATS_BH") since the net_statistics is a global variable instead of dynamic allocation and freeing. Actually, commit 61a7e26028b9 ("mib: put net statistics on struct net") introduces the bug since it put net statistics on struct net and free it when net namespace is destroyed.
Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug and replace pr_crit() with panic() since continuing is meaningless when init_ipv4_mibs() fails.
[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2021-46936"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T10:15:08Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1",
"id": "GHSA-9x4x-qwhq-g8f7",
"modified": "2024-04-10T21:30:28Z",
"published": "2024-02-27T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46936"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2021-46936
Vulnerability from fstec - Published: 29.12.2021
VLAI Severity ?
Title
Уязвимость функции inet_init() в модуле net/ipv4/af_inet.c реализации протокола IPv4 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции inet_init() в модуле net/ipv4/af_inet.c реализации протокола IPv4 ядра операционной системы Linux связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity ?
Vendor
ООО «Ред Софт», Сообщество свободного программного обеспечения, ООО «Открытая мобильная платформа»
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Linux, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
7.3 (РЕД ОС), от 5.5 до 5.10.89 включительно (Linux), от 5.11 до 5.15.12 включительно (Linux), от 4.15 до 4.19.223 включительно (Linux), от 4.20 до 5.4.169 включительно (Linux), от 4.0 до 4.4.297 включительно (Linux), от 4.5 до 4.9.295 включительно (Linux), от 4.10 до 4.14.260 включительно (Linux), до 5.1.1 включительно (ОС Аврора)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0
https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13
https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022
https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a
https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69
https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566
https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4
https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.298
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.296
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Аврора:
https://cve.omp.ru/bb25402
Reference
https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0
https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13
https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022
https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a
https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69
https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566
https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4
https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46936
https://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46936-2f8a@gregkh/T/#u
https://git.kernel.org/linus/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0
https://www.cve.org/CVERecord?id=CVE-2021-46936
https://ubuntu.com/security/notices/USN-6739-1
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.298
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.296
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://cve.omp.ru/bb25402
CWE
CWE-416
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 5.5 \u0434\u043e 5.10.89 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.169 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.0 \u0434\u043e 4.4.297 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.295 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.260 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0\nhttps://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13\nhttps://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022\nhttps://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a\nhttps://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69\nhttps://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566\nhttps://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4\nhttps://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.298\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.296\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430:\nhttps://cve.omp.ru/bb25402",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.12.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.05.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-03687",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46936",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Linux, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.89 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.15 \u0434\u043e 4.19.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20 \u0434\u043e 5.4.169 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.0 \u0434\u043e 4.4.297 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.5 \u0434\u043e 4.9.295 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.10 \u0434\u043e 4.14.260 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Mashtab TrustPhone T1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Fplus T1100 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Fplus T800 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 inet_init() \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 net/ipv4/af_inet.c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 IPv4 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 inet_init() \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 net/ipv4/af_inet.c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 IPv4 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0\nhttps://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13\nhttps://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022\nhttps://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a\nhttps://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69\nhttps://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566\nhttps://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4\nhttps://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46936\nhttps://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46936-2f8a@gregkh/T/#u\nhttps://git.kernel.org/linus/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0\nhttps://www.cve.org/CVERecord?id=CVE-2021-46936\nhttps://ubuntu.com/security/notices/USN-6739-1\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.298\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.296\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://cve.omp.ru/bb25402",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
FKIE_CVE-2021-46936
Vulnerability from fkie_nvd - Published: 2024-02-27 10:15 - Updated: 2024-11-21 06:34
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix use-after-free in tw_timer_handler
A real world panic issue was found as follow in Linux 5.4.
BUG: unable to handle page fault for address: ffffde49a863de28
PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0
RIP: 0010:tw_timer_handler+0x20/0x40
Call Trace:
<IRQ>
call_timer_fn+0x2b/0x120
run_timer_softirq+0x1ef/0x450
__do_softirq+0x10d/0x2b8
irq_exit+0xc7/0xd0
smp_apic_timer_interrupt+0x68/0x120
apic_timer_interrupt+0xf/0x20
This issue was also reported since 2017 in the thread [1],
unfortunately, the issue was still can be reproduced after fixing
DCCP.
The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net
namespace is destroyed since tcp_sk_ops is registered befrore
ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops
in the list of pernet_list. There will be a use-after-free on
net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net
if there are some inflight time-wait timers.
This bug is not introduced by commit f2bf415cfed7 ("mib: add net to
NET_ADD_STATS_BH") since the net_statistics is a global variable
instead of dynamic allocation and freeing. Actually, commit
61a7e26028b9 ("mib: put net statistics on struct net") introduces
the bug since it put net statistics on struct net and free it when
net namespace is destroyed.
Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug
and replace pr_crit() with panic() since continuing is meaningless
when init_ipv4_mibs() fails.
[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1
References
| URL | Tags | ||
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B63EF4E-6C8F-4CCD-A30C-09E949BDD667",
"versionEndExcluding": "4.4.298",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "883CB22B-11DA-4D54-8121-3F5494EDBD4C",
"versionEndExcluding": "4.9.296",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D4F856-5F69-4F4A-911F-50A21B9A68B6",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "4.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34A1353-506A-4AB9-87EC-CD50F09DFB8A",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "4.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D16FBB-453E-4316-A027-E517828203D7",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "4.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: corrige use-after-free en tw_timer_handler Se encontr\u00f3 un problema de p\u00e1nico en el mundo real como se muestra a continuaci\u00f3n en Linux 5.4. ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0 RIP: 0010:tw_timer_handler+0x20/0x40 Seguimiento de llamadas: call_timer_fn+0x2b/ 0x120 run_timer_softirq+0x1ef/0x450 __do_softirq+0x10d/ 0x2b8 irq_exit+0xc7/0xd0 smp_apic_timer_interrupt+0x68/0x120 apic_timer_interrupt+0xf/0x20 Este problema tambi\u00e9n se inform\u00f3 desde 2017 en el hilo [1], desafortunadamente, el problema a\u00fan se puede reproducir despu\u00e9s de corregir DCCP. ipv4_mib_exit_net se llama antes de tcp_sk_exit_batch cuando se destruye un espacio de nombres de red, ya que tcp_sk_ops est\u00e1 registrado antes de ipv4_mib_ops, lo que significa que tcp_sk_ops est\u00e1 al frente de ipv4_mib_ops en la lista de pernet_list. Habr\u00e1 un use-after-free en net-\u0026gt;mib.net_statistics en tw_timer_handler despu\u00e9s de ipv4_mib_exit_net si hay algunos temporizadores de espera a bordo. Este error no se introduce mediante la confirmaci\u00f3n f2bf415cfed7 (\"mib: add net to NET_ADD_STATS_BH\") ya que net_statistics es una variable global en lugar de una asignaci\u00f3n y liberaci\u00f3n din\u00e1micas. En realidad, la confirmaci\u00f3n 61a7e26028b9 (\"mib: poner estad\u00edsticas de red en struct net\") introduce el error ya que coloca estad\u00edsticas de red en struct net y las libera cuando se destruye el espacio de nombres de red. Mover init_ipv4_mibs() al frente de tcp_init() para corregir este error y reemplazar pr_crit() con p\u00e1nico() ya que continuar no tiene sentido cuando init_ipv4_mibs() falla. [1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
}
],
"id": "CVE-2021-46936",
"lastModified": "2024-11-21T06:34:58.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-27T10:15:08.017",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-46936
Vulnerability from gsd - Updated: 2024-02-26 06:03Details
In the Linux kernel, the following vulnerability has been resolved:
net: fix use-after-free in tw_timer_handler
A real world panic issue was found as follow in Linux 5.4.
BUG: unable to handle page fault for address: ffffde49a863de28
PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0
RIP: 0010:tw_timer_handler+0x20/0x40
Call Trace:
<IRQ>
call_timer_fn+0x2b/0x120
run_timer_softirq+0x1ef/0x450
__do_softirq+0x10d/0x2b8
irq_exit+0xc7/0xd0
smp_apic_timer_interrupt+0x68/0x120
apic_timer_interrupt+0xf/0x20
This issue was also reported since 2017 in the thread [1],
unfortunately, the issue was still can be reproduced after fixing
DCCP.
The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net
namespace is destroyed since tcp_sk_ops is registered befrore
ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops
in the list of pernet_list. There will be a use-after-free on
net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net
if there are some inflight time-wait timers.
This bug is not introduced by commit f2bf415cfed7 ("mib: add net to
NET_ADD_STATS_BH") since the net_statistics is a global variable
instead of dynamic allocation and freeing. Actually, commit
61a7e26028b9 ("mib: put net statistics on struct net") introduces
the bug since it put net statistics on struct net and free it when
net namespace is destroyed.
Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug
and replace pr_crit() with panic() since continuing is meaningless
when init_ipv4_mibs() fails.
[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-46936"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1",
"id": "GSD-2021-46936",
"modified": "2024-02-26T06:03:52.311209Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@kernel.org",
"ID": "CVE-2021-46936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "61a7e26028b9",
"version_value": "15579e1301f8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.298",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.296",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.261",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.224",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.170",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.90",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"name": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"name": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"name": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"name": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
},
{
"name": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"name": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"name": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B63EF4E-6C8F-4CCD-A30C-09E949BDD667",
"versionEndExcluding": "4.4.298",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "883CB22B-11DA-4D54-8121-3F5494EDBD4C",
"versionEndExcluding": "4.9.296",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D4F856-5F69-4F4A-911F-50A21B9A68B6",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "4.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34A1353-506A-4AB9-87EC-CD50F09DFB8A",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "4.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D16FBB-453E-4316-A027-E517828203D7",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "4.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: corrige use-after-free en tw_timer_handler Se encontr\u00f3 un problema de p\u00e1nico en el mundo real como se muestra a continuaci\u00f3n en Linux 5.4. ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0 RIP: 0010:tw_timer_handler+0x20/0x40 Seguimiento de llamadas: call_timer_fn+0x2b/ 0x120 run_timer_softirq+0x1ef/0x450 __do_softirq+0x10d/ 0x2b8 irq_exit+0xc7/0xd0 smp_apic_timer_interrupt+0x68/0x120 apic_timer_interrupt+0xf/0x20 Este problema tambi\u00e9n se inform\u00f3 desde 2017 en el hilo [1], desafortunadamente, el problema a\u00fan se puede reproducir despu\u00e9s de corregir DCCP. ipv4_mib_exit_net se llama antes de tcp_sk_exit_batch cuando se destruye un espacio de nombres de red, ya que tcp_sk_ops est\u00e1 registrado antes de ipv4_mib_ops, lo que significa que tcp_sk_ops est\u00e1 al frente de ipv4_mib_ops en la lista de pernet_list. Habr\u00e1 un use-after-free en net-\u0026gt;mib.net_statistics en tw_timer_handler despu\u00e9s de ipv4_mib_exit_net si hay algunos temporizadores de espera a bordo. Este error no se introduce mediante la confirmaci\u00f3n f2bf415cfed7 (\"mib: add net to NET_ADD_STATS_BH\") ya que net_statistics es una variable global en lugar de una asignaci\u00f3n y liberaci\u00f3n din\u00e1micas. En realidad, la confirmaci\u00f3n 61a7e26028b9 (\"mib: poner estad\u00edsticas de red en struct net\") introduce el error ya que coloca estad\u00edsticas de red en struct net y las libera cuando se destruye el espacio de nombres de red. Mover init_ipv4_mibs() al frente de tcp_init() para corregir este error y reemplazar pr_crit() con p\u00e1nico() ya que continuar no tiene sentido cuando init_ipv4_mibs() falla. [1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
}
],
"id": "CVE-2021-46936",
"lastModified": "2024-04-10T19:20:08.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-27T10:15:08.017",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
CERTFR-2024-AVI-1048
Vulnerability from certfr_avis - Published: 2024-12-06 - Updated: 2024-12-06
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP4 LTSS | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | SUSE Enterprise Storage | SUSE Enterprise Storage 7.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.1 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 LTSS | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 Business Critical Linux | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP4 LTSS",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 Business Critical Linux",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2022-48992",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48992"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2022-49010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49010"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-42133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42133"
},
{
"name": "CVE-2022-49028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49028"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2022-49015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49015"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2021-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47291"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-41082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41082"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2022-48947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48947"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2022-49000",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49000"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2021-47612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47612"
},
{
"name": "CVE-2021-47402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47402"
},
{
"name": "CVE-2021-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47598"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46813"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2022-48953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48953"
},
{
"name": "CVE-2024-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45026"
},
{
"name": "CVE-2022-48968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2022-49007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49007"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2023-46343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46343"
},
{
"name": "CVE-2024-35867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2022-49016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2022-48994",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48994"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2022-48987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48987"
},
{
"name": "CVE-2022-49022",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49022"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2022-48969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48969"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-48955",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48955"
},
{
"name": "CVE-2022-49002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49002"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2022-49023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49023"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2022-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48988"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2022-48954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48954"
},
{
"name": "CVE-2023-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28327"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2022-49032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49032"
},
{
"name": "CVE-2022-49027",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49027"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2022-48971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48971"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2023-52918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52918"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2022-48959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48959"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2023-52800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
},
{
"name": "CVE-2024-44958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44958"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2022-48975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48975"
},
{
"name": "CVE-2022-49003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
},
{
"name": "CVE-2022-48961",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48961"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2023-52766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
},
{
"name": "CVE-2022-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48958"
},
{
"name": "CVE-2022-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48949"
},
{
"name": "CVE-2022-48970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48970"
},
{
"name": "CVE-2023-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52919"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2022-48999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48999"
},
{
"name": "CVE-2021-47589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47589"
},
{
"name": "CVE-2022-48991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48991"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2022-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48956"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2022-48985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48985"
},
{
"name": "CVE-2024-35905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35905"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2022-49024",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49024"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2022-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48948"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2022-49026",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49026"
},
{
"name": "CVE-2022-48995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48995"
},
{
"name": "CVE-2022-49031",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49031"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2022-48960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48960"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2022-48978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48978"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2022-49020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49020"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2022-49029",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49029"
},
{
"name": "CVE-2021-47378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47378"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2021-47383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47383"
},
{
"name": "CVE-2022-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48997"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2023-52752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52752"
},
{
"name": "CVE-2022-48951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48951"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2024-35862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35862"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2022-48664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48664"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2022-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49014"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2022-49006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49006"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2022-48972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48972"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2022-48809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48809"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2022-49019",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49019"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2022-48879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48879"
},
{
"name": "CVE-2021-47163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47163"
},
{
"name": "CVE-2021-46936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
},
{
"name": "CVE-2024-35863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35863"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2022-48946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48946"
},
{
"name": "CVE-2022-48977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48977"
},
{
"name": "CVE-2022-48981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48981"
},
{
"name": "CVE-2024-45013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45013"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2022-48962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48962"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2022-48967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48967"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2022-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49005"
},
{
"name": "CVE-2021-47534",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47534"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2021-47416",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47416"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-35861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35861"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-46834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46834"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2022-49021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49021"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2022-48662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48662"
},
{
"name": "CVE-2022-49025",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49025"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2022-49012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49012"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2022-48973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48973"
},
{
"name": "CVE-2022-48966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48966"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-26622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26622"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
}
],
"initial_release_date": "2024-12-06T00:00:00",
"last_revision_date": "2024-12-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4100-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244100-1"
},
{
"published_at": "2024-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4103-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244103-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4208-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244208-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4124-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244124-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4218-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244218-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4221-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244221-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4217-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244217-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4195-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244195-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4197-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244197-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4140-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244140-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4210-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244210-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4161-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244161-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4129-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244129-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4219-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244219-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4131-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244131-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4141-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244141-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4220-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244220-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4179-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244179-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4125-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244125-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4214-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244214-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4180-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244180-1"
},
{
"published_at": "2024-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4160-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244160-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4170-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244170-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4177-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244177-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4122-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244122-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4206-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244206-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4123-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244123-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4128-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244128-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4209-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244209-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4207-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244207-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4127-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244127-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4216-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244216-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4120-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244120-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4139-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244139-1"
}
]
}
CERTFR-2025-AVI-0024
Vulnerability from certfr_avis - Published: 2025-01-10 - Updated: 2025-01-10
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2022-48992",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48992"
},
{
"name": "CVE-2024-27051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27051"
},
{
"name": "CVE-2022-49010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49010"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2022-49028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49028"
},
{
"name": "CVE-2022-49015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49015"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-41082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41082"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2022-49000",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49000"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2021-47612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47612"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46813"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2023-46343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46343"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2022-48969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48969"
},
{
"name": "CVE-2022-49002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49002"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2022-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48988"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2022-49027",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49027"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2022-48971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48971"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-36905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2023-52918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52918"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-44958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44958"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2021-47162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47162"
},
{
"name": "CVE-2022-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48958"
},
{
"name": "CVE-2022-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48949"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2023-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52919"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-47660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47660"
},
{
"name": "CVE-2022-48991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48991"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2022-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48956"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2022-48985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48985"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2022-49026",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49026"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2022-48960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48960"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2022-48978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48978"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2022-49020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49020"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2022-49029",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49029"
},
{
"name": "CVE-2022-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48997"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2022-48951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48951"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2022-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49014"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2022-48972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48972"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2022-48809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48809"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2021-47163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47163"
},
{
"name": "CVE-2021-46936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2022-48946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48946"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2022-48962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48962"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2022-48967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48967"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2021-47416",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47416"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-46834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46834"
},
{
"name": "CVE-2024-36954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2022-49021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49021"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2022-48973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48973"
},
{
"name": "CVE-2022-48966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48966"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
}
],
"initial_release_date": "2025-01-10T00:00:00",
"last_revision_date": "2025-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0024",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0035-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250035-1"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0034-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250034-1"
}
]
}
CERTFR-2024-AVI-0352
Vulnerability from certfr_avis - Published: 2024-04-26 - Updated: 2024-04-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 23.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2023-52429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52429"
},
{
"name": "CVE-2024-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0639"
},
{
"name": "CVE-2024-26589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26589"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2024-26581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26581"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-52603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
},
{
"name": "CVE-2021-46966",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46966"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2021-46955",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46955"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2022-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"name": "CVE-2024-23851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23851"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2024-26591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26591"
},
{
"name": "CVE-2021-46936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2021-46990",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46990"
}
],
"initial_release_date": "2024-04-26T00:00:00",
"last_revision_date": "2024-04-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0352",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6743-1 du 19 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6743-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6740-1 du 19 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6740-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6739-1 du 19 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6739-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6741-1 du 19 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6741-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6742-2 du 23 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6742-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6742-1 du 19 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6742-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6743-3 du 24 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6743-3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6743-2 du 22 avril 2024",
"url": "https://ubuntu.com/security/notices/USN-6743-2"
}
]
}
CERTFR-2024-AVI-0363
Vulnerability from certfr_avis - Published: 2024-05-03 - Updated: 2024-05-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | Legacy Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.3 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | Public Cloud Module | Public Cloud Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Real Time Module | SUSE Real Time Module 15-SP5 | ||
| SUSE | Basesystem Module | Basesystem Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP2 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP5 | ||
| SUSE | N/A | Development Tools Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP5",
"product": {
"name": "Public Cloud Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "SUSE Real Time Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP5",
"product": {
"name": "Basesystem Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29155"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2022-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0487"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-4881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4881"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6531"
},
{
"name": "CVE-2023-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35827"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2024-26599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26599"
},
{
"name": "CVE-2023-52454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52454"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2023-52597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52597"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2023-52462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52462"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2023-52601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52601"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2023-52602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52602"
},
{
"name": "CVE-2024-26627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26627"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2023-52447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52447"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2023-52604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52604"
},
{
"name": "CVE-2023-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2023-52583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
},
{
"name": "CVE-2023-52603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2021-47061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47061"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2024-23850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23850"
},
{
"name": "CVE-2023-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52559"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2021-47083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47083"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2023-52531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52531"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2023-52532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52532"
},
{
"name": "CVE-2021-46929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46929"
},
{
"name": "CVE-2022-48628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48628"
},
{
"name": "CVE-2023-52569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52569"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2024-26607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26607"
},
{
"name": "CVE-2023-52482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52482"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2023-52484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52484"
},
{
"name": "CVE-2021-46991",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46991"
},
{
"name": "CVE-2021-47077",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47077"
},
{
"name": "CVE-2021-46992",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46992"
},
{
"name": "CVE-2021-46921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46921"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2023-52612",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52612"
},
{
"name": "CVE-2021-47104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47104"
},
{
"name": "CVE-2023-52567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52567"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2023-52501",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52501"
},
{
"name": "CVE-2023-52519",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52519"
},
{
"name": "CVE-2023-52575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52575"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-26667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26667"
},
{
"name": "CVE-2023-52617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52617"
},
{
"name": "CVE-2023-52564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52564"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2023-52511",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52511"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2023-52476",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
},
{
"name": "CVE-2023-52563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52563"
},
{
"name": "CVE-2024-26695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26695"
},
{
"name": "CVE-2021-47107",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47107"
},
{
"name": "CVE-2021-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47100"
},
{
"name": "CVE-2021-47087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47087"
},
{
"name": "CVE-2023-52453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52453"
},
{
"name": "CVE-2023-52500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52500"
},
{
"name": "CVE-2021-47096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47096"
},
{
"name": "CVE-2021-46926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46926"
},
{
"name": "CVE-2023-52608",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52608"
},
{
"name": "CVE-2022-48629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48629"
},
{
"name": "CVE-2024-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
},
{
"name": "CVE-2024-26670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26670"
},
{
"name": "CVE-2024-26654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26654"
},
{
"name": "CVE-2024-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26612"
},
{
"name": "CVE-2021-47101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2023-52504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52504"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2024-26629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
},
{
"name": "CVE-2024-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26646"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2023-52481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52481"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2021-47108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47108"
},
{
"name": "CVE-2023-52628",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52628"
},
{
"name": "CVE-2023-52474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
},
{
"name": "CVE-2022-48630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48630"
},
{
"name": "CVE-2023-52529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52529"
},
{
"name": "CVE-2023-52524",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52524"
},
{
"name": "CVE-2021-47094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47094"
},
{
"name": "CVE-2023-52493",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52493"
},
{
"name": "CVE-2021-47095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47095"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2023-52509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52509"
},
{
"name": "CVE-2023-52639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52639"
},
{
"name": "CVE-2023-52515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52515"
},
{
"name": "CVE-2023-52637",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52637"
},
{
"name": "CVE-2023-52508",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52508"
},
{
"name": "CVE-2023-52494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52494"
},
{
"name": "CVE-2021-46930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46930"
},
{
"name": "CVE-2023-52497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52497"
},
{
"name": "CVE-2023-52507",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52507"
},
{
"name": "CVE-2021-47082",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47082"
},
{
"name": "CVE-2021-46933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46933"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2023-52582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52582"
},
{
"name": "CVE-2021-46931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46931"
},
{
"name": "CVE-2023-52621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52621"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2021-47105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47105"
},
{
"name": "CVE-2021-47099",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47099"
},
{
"name": "CVE-2021-46925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46925"
},
{
"name": "CVE-2021-47102",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47102"
},
{
"name": "CVE-2021-47091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47091"
},
{
"name": "CVE-2023-52518",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52518"
},
{
"name": "CVE-2021-47098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47098"
},
{
"name": "CVE-2022-48626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48626"
},
{
"name": "CVE-2023-52525",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52525"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2023-52450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52450"
},
{
"name": "CVE-2021-46927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46927"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2023-52566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52566"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2023-52576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52576"
},
{
"name": "CVE-2021-47093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47093"
},
{
"name": "CVE-2023-52632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52632"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2024-26620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26620"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2021-46936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
},
{
"name": "CVE-2021-47097",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47097"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2023-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2023-52510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52510"
},
{
"name": "CVE-2023-52523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52523"
},
{
"name": "CVE-2023-52517",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52517"
},
{
"name": "CVE-2024-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26769"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2024-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2024-26689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26689"
},
{
"name": "CVE-2024-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26727"
},
{
"name": "CVE-2024-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26745"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2024-26685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26685"
},
{
"name": "CVE-2024-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26737"
},
{
"name": "CVE-2024-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26771"
},
{
"name": "CVE-2024-26787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26787"
},
{
"name": "CVE-2024-26798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26798"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2024-26684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26684"
},
{
"name": "CVE-2024-26660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26660"
},
{
"name": "CVE-2024-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26749"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2024-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26760"
},
{
"name": "CVE-2024-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26722"
},
{
"name": "CVE-2024-26681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26681"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26747"
},
{
"name": "CVE-2024-26696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
},
{
"name": "CVE-2024-26790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26790"
},
{
"name": "CVE-2024-26680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26680"
},
{
"name": "CVE-2024-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26751"
},
{
"name": "CVE-2024-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26736"
},
{
"name": "CVE-2021-46990",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46990"
},
{
"name": "CVE-2021-47180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47180"
},
{
"name": "CVE-2020-36780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36780"
},
{
"name": "CVE-2021-47014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47014"
},
{
"name": "CVE-2021-47058",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47058"
},
{
"name": "CVE-2021-47167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47167"
},
{
"name": "CVE-2021-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46908"
},
{
"name": "CVE-2021-47035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47035"
},
{
"name": "CVE-2023-52590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52590"
},
{
"name": "CVE-2021-47130",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47130"
},
{
"name": "CVE-2021-47056",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47056"
},
{
"name": "CVE-2021-46918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46918"
},
{
"name": "CVE-2021-47138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47138"
},
{
"name": "CVE-2021-46960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46960"
},
{
"name": "CVE-2021-47046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47046"
},
{
"name": "CVE-2024-26848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26848"
},
{
"name": "CVE-2021-47170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47170"
},
{
"name": "CVE-2021-47164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47164"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2021-46920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46920"
},
{
"name": "CVE-2021-47139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47139"
},
{
"name": "CVE-2023-52488",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52488"
},
{
"name": "CVE-2021-46976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46976"
},
{
"name": "CVE-2021-46922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46922"
},
{
"name": "CVE-2024-26807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26807"
},
{
"name": "CVE-2021-47150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47150"
},
{
"name": "CVE-2021-46943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46943"
},
{
"name": "CVE-2021-46914",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46914"
},
{
"name": "CVE-2021-46950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46950"
},
{
"name": "CVE-2021-46971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46971"
},
{
"name": "CVE-2021-47109",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47109"
},
{
"name": "CVE-2021-46988",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46988"
},
{
"name": "CVE-2021-46919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46919"
},
{
"name": "CVE-2021-46944",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46944"
},
{
"name": "CVE-2021-46938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46938"
},
{
"name": "CVE-2021-46981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46981"
},
{
"name": "CVE-2021-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47175"
},
{
"name": "CVE-2021-47049",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47049"
},
{
"name": "CVE-2023-52627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52627"
},
{
"name": "CVE-2021-47144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47144"
},
{
"name": "CVE-2021-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47068"
},
{
"name": "CVE-2021-47044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47044"
},
{
"name": "CVE-2021-47137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47137"
},
{
"name": "CVE-2021-47161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47161"
},
{
"name": "CVE-2021-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47177"
},
{
"name": "CVE-2021-46917",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46917"
},
{
"name": "CVE-2021-46958",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46958"
},
{
"name": "CVE-2021-47020",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47020"
},
{
"name": "CVE-2021-47110",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47110"
},
{
"name": "CVE-2021-47017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47017"
},
{
"name": "CVE-2021-46983",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46983"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2021-47165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47165"
},
{
"name": "CVE-2021-46998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46998"
},
{
"name": "CVE-2021-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47176"
},
{
"name": "CVE-2021-47006",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47006"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2021-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47141"
},
{
"name": "CVE-2021-47117",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47117"
},
{
"name": "CVE-2021-47172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47172"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2020-36781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36781"
},
{
"name": "CVE-2021-47189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47189"
},
{
"name": "CVE-2023-52636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52636"
},
{
"name": "CVE-2021-47181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47181"
},
{
"name": "CVE-2021-47001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47001"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2021-47173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47173"
},
{
"name": "CVE-2021-46962",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46962"
},
{
"name": "CVE-2021-46984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46984"
},
{
"name": "CVE-2021-47063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47063"
},
{
"name": "CVE-2021-47179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47179"
},
{
"name": "CVE-2021-47182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47182"
},
{
"name": "CVE-2021-47065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47065"
},
{
"name": "CVE-2021-47071",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47071"
},
{
"name": "CVE-2021-46911",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46911"
},
{
"name": "CVE-2021-47168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47168"
},
{
"name": "CVE-2021-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47038"
},
{
"name": "CVE-2021-46959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46959"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2021-47120",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47120"
},
{
"name": "CVE-2021-47174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47174"
},
{
"name": "CVE-2021-47015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47015"
},
{
"name": "CVE-2021-47142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47142"
},
{
"name": "CVE-2021-46961",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46961"
},
{
"name": "CVE-2021-47003",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47003"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2021-47202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47202"
},
{
"name": "CVE-2021-47112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47112"
},
{
"name": "CVE-2021-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47169"
},
{
"name": "CVE-2021-47160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47160"
},
{
"name": "CVE-2021-47136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47136"
},
{
"name": "CVE-2021-47045",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47045"
},
{
"name": "CVE-2020-36783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36783"
},
{
"name": "CVE-2021-47114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47114"
},
{
"name": "CVE-2021-47034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47034"
},
{
"name": "CVE-2021-47051",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47051"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2021-47026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47026"
},
{
"name": "CVE-2021-46963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46963"
},
{
"name": "CVE-2023-52503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52503"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2021-46951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46951"
},
{
"name": "CVE-2021-47070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47070"
},
{
"name": "CVE-2021-47183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47183"
},
{
"name": "CVE-2021-46956",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46956"
},
{
"name": "CVE-2021-47166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47166"
},
{
"name": "CVE-2021-47000",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47000"
},
{
"name": "CVE-2020-36782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36782"
},
{
"name": "CVE-2021-47009",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47009"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2023-52561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52561"
},
{
"name": "CVE-2021-46980",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46980"
}
],
"initial_release_date": "2024-05-03T00:00:00",
"last_revision_date": "2024-05-03T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0363",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1465-1 du 29 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241465-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1490-1 du 03 mai 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241490-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1489-1 du 03 mai 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241489-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1454-1 du 26 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241454-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1466-1 du 29 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241466-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:1480-1 du 30 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241480-1"
}
]
}
CERTFR-2024-AVI-0329
Vulnerability from certfr_avis - Published: 2024-04-19 - Updated: 2024-04-19
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | Public Cloud Module | Public Cloud Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | SUSE Real Time Module | SUSE Real Time Module 15-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP5",
"product": {
"name": "Public Cloud Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "SUSE Real Time Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35827"
},
{
"name": "CVE-2023-52567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52567"
},
{
"name": "CVE-2024-1085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1085"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2021-47102",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47102"
},
{
"name": "CVE-2024-26654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26654"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2022-48626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48626"
},
{
"name": "CVE-2023-52532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52532"
},
{
"name": "CVE-2023-52621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52621"
},
{
"name": "CVE-2024-26629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2021-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47100"
},
{
"name": "CVE-2023-52637",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52637"
},
{
"name": "CVE-2023-52508",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52508"
},
{
"name": "CVE-2023-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52559"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6531"
},
{
"name": "CVE-2023-52453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52453"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52563"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2023-52515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52515"
},
{
"name": "CVE-2021-46926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46926"
},
{
"name": "CVE-2023-52454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52454"
},
{
"name": "CVE-2024-26627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26627"
},
{
"name": "CVE-2021-47094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47094"
},
{
"name": "CVE-2021-46929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46929"
},
{
"name": "CVE-2023-52632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52632"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2023-52507",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52507"
},
{
"name": "CVE-2023-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2023-52582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52582"
},
{
"name": "CVE-2023-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2023-52604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52604"
},
{
"name": "CVE-2023-52518",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52518"
},
{
"name": "CVE-2023-52601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52601"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2021-47099",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47099"
},
{
"name": "CVE-2021-47104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47104"
},
{
"name": "CVE-2021-46933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46933"
},
{
"name": "CVE-2023-52603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-26695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26695"
},
{
"name": "CVE-2023-52482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52482"
},
{
"name": "CVE-2022-20154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20154"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2021-46931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46931"
},
{
"name": "CVE-2024-26670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26670"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2023-52617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52617"
},
{
"name": "CVE-2021-47096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47096"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2023-52462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52462"
},
{
"name": "CVE-2023-52524",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52524"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52493",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52493"
},
{
"name": "CVE-2021-47108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47108"
},
{
"name": "CVE-2023-52484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52484"
},
{
"name": "CVE-2023-52569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52569"
},
{
"name": "CVE-2023-52481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52481"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2024-26599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26599"
},
{
"name": "CVE-2023-52608",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52608"
},
{
"name": "CVE-2021-47082",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47082"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-52639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52639"
},
{
"name": "CVE-2021-47091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47091"
},
{
"name": "CVE-2021-47095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47095"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2024-26607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26607"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2023-52509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52509"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2023-52583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
},
{
"name": "CVE-2023-52602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52602"
},
{
"name": "CVE-2023-52519",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52519"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2021-47098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47098"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2021-47083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47083"
},
{
"name": "CVE-2022-48630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48630"
},
{
"name": "CVE-2023-52510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52510"
},
{
"name": "CVE-2023-52497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52497"
},
{
"name": "CVE-2024-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26646"
},
{
"name": "CVE-2023-52612",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52612"
},
{
"name": "CVE-2023-52500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52500"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2021-47093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47093"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2021-47097",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47097"
},
{
"name": "CVE-2023-52575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52575"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2023-52517",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52517"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2023-52525",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52525"
},
{
"name": "CVE-2021-46927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46927"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52450"
},
{
"name": "CVE-2022-48629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48629"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2021-47087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47087"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-26620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26620"
},
{
"name": "CVE-2021-46925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46925"
},
{
"name": "CVE-2021-46936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2023-52501",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52501"
},
{
"name": "CVE-2023-52447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52447"
},
{
"name": "CVE-2023-52504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52504"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2021-47105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47105"
},
{
"name": "CVE-2023-52511",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52511"
},
{
"name": "CVE-2023-4881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4881"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2024-26667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26667"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-52597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52597"
},
{
"name": "CVE-2023-52531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52531"
},
{
"name": "CVE-2024-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
},
{
"name": "CVE-2023-52566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52566"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2021-47101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
},
{
"name": "CVE-2023-52476",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2023-52628",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52628"
},
{
"name": "CVE-2023-52529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52529"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2021-47107",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47107"
},
{
"name": "CVE-2023-52523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52523"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2023-52494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52494"
},
{
"name": "CVE-2023-52576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52576"
},
{
"name": "CVE-2024-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26612"
},
{
"name": "CVE-2023-52474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
},
{
"name": "CVE-2021-46930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46930"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2022-48628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48628"
},
{
"name": "CVE-2023-52564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52564"
}
],
"initial_release_date": "2024-04-19T00:00:00",
"last_revision_date": "2024-04-19T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0329",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241280-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241280-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241257-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241257-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241321-1 du 16 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241321-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241299-1 du 15 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241299-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241332-2 du 18 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241332-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241278-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241278-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241298-1 du 15 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241298-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241274-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241274-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241275-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241275-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241322-2 du 18 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241322-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241322-1 du 16 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241322-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241320-1 du 16 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241320-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241288-1 du 15 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241288-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241276-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241276-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241273-1 du 12 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241273-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241292-1 du 15 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241292-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241332-1 du 18 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241332-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241312-1 du 16 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241312-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241318-1 du 16 avril 2024",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241318-1"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…