Vulnerability-Lookup

CVE-2024-42256 (GCVE-0-2024-42256)

Vulnerability from cvelistv5 – Published: 2024-08-08 08:49 – Updated: 2025-05-04 09:25

Title

cifs: Fix server re-repick on subrequest retry

Summary

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev(). As this is only called from netfslib-driven code, cifs_prepare_write() should always have been called first, and so server should never be NULL and the preparatory step is repeated in the event that we do a retry. The problem manifests as a warning looking something like: WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Which may be triggered by a number of different xfstests running against an Azure server in multichannel mode. generic/249 seems the most repeatable, but generic/215, generic/249 and generic/308 may also show it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CVE-2024-42256

Vulnerability from fstec - Published: 19.07.2024

Title

Уязвимость функции smb2_async_writev() (fs/smb/client/smb2pdu.c) ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции smb2_async_writev() (fs/smb/client/smb2pdu.c) ядра операционной системы Linux связана с некорректным управлением ресурсом в результате повторного выбора сервера при повторной попытке подзапроса. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Linux

Software Version

6.10 (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/linus/de40579b903883274fe203865f29d66b168b7236 https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.1 https://lore.kernel.org/linux-cve-announce/2024080820-CVE-2024-42256-afbb@gregkh/

Reference

https://git.kernel.org/linus/de40579b903883274fe203865f29d66b168b7236 https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.1 https://lore.kernel.org/linux-cve-announce/2024080820-CVE-2024-42256-afbb@gregkh/ https://security-tracker.debian.org/tracker/CVE-2024-42256 https://vuldb.com/?id.273961 https://www.cve.org/CVERecord?id=CVE-2024-42256 https://www.cybersecurity-help.cz/vdb/SB2024080846

CWE

CWE-200, CWE-399, CWE-911

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.10 (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/linus/de40579b903883274fe203865f29d66b168b7236\nhttps://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a\nhttps://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.1\nhttps://lore.kernel.org/linux-cve-announce/2024080820-CVE-2024-42256-afbb@gregkh/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.07.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.11.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-08914",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-42256",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.11 \u0434\u043e 6.11 rc1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.10 \u0434\u043e 6.10.1 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 smb2_async_writev() (fs/smb/client/smb2pdu.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u041e\u0448\u0438\u0431\u043a\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c (CWE-399), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0447\u0435\u0442\u0447\u0438\u043a\u0430 \u0441\u0441\u044b\u043b\u043e\u043a (CWE-911)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 smb2_async_writev() (fs/smb/client/smb2pdu.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u044b\u0431\u043e\u0440\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0439 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u043f\u043e\u0434\u0437\u0430\u043f\u0440\u043e\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/linus/de40579b903883274fe203865f29d66b168b7236\nhttps://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a\nhttps://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.1\nhttps://lore.kernel.org/linux-cve-announce/2024080820-CVE-2024-42256-afbb@gregkh/\nhttps://security-tracker.debian.org/tracker/CVE-2024-42256\nhttps://vuldb.com/?id.273961\nhttps://www.cve.org/CVERecord?id=CVE-2024-42256\nhttps://www.cybersecurity-help.cz/vdb/SB2024080846",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-399, CWE-911",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CERTFR-2024-AVI-0958

Vulnerability from certfr_avis - Published: 2024-11-08 - Updated: 2024-11-08

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cloud Pak System	Cloud Pak System versions 2.3.4.x antérieures à 2.3.4.1
IBM	VIOS	VIOS version 4.1 avec un fichier tcl.base versions antérieures à 8.6.10.1
IBM	Security QRadar EDR	Security QRadar EDR versions 3.12.x antérieures à 3.12.13
IBM	VIOS	VIOS version 4.1 avec un fichier python3.9.base versions antérieures à 3.9.20.0
IBM	AIX	AIX version 7.2 avec un fichier tcl.base versions antérieures à 8.6.10.1
IBM	AIX	AIX version 7.3 avec un fichier python3.9.base versions antérieures à 3.9.20.0
IBM	AIX	AIX version 7.3 avec un fichier tcl.base versions antérieures à 8.6.10.1
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 IF01
IBM	Cloud Pak System	Cloud Pak System versions 2.3.4.0 avec Db2 versions antérieures à 11.5.9 Special Build
IBM	Sterling Control Center	Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix03
IBM	VIOS	VIOS version 3.1 avec un fichier tcl.base versions antérieures à 8.6.10.1
IBM	Cloud Pak	Cloud Pak for Security versions antérieures à 1.10.27.0
IBM	Cloud Transformation Advisor	Cloud Transformation Advisor versions antérieures à 3.10.2
IBM	QRadar Suite Software	QRadar Suite Software versions antérieures à 1.10.27.0
IBM	Sterling Control Center	Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix14
IBM	QRadar Deployment Intelligence App	QRadar Deployment Intelligence App versions antérieures à 3.0.15

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7174802	2024-11-05	vendor-advisory
Bulletin de sécurité IBM 7174634	2024-11-01	vendor-advisory
Bulletin de sécurité IBM 7174639	2024-11-01	vendor-advisory
Bulletin de sécurité IBM 7175196	2024-11-08	vendor-advisory
Bulletin de sécurité IBM 7175086	2024-11-07	vendor-advisory
Bulletin de sécurité IBM 7175192	2024-11-08	vendor-advisory
Bulletin de sécurité IBM 7174799	2024-11-05	vendor-advisory
Bulletin de sécurité IBM 7174797	2024-11-05	vendor-advisory
Bulletin de sécurité IBM 7174945	2024-11-06	vendor-advisory
Bulletin de sécurité IBM 7174912	2024-11-05	vendor-advisory
Bulletin de sécurité IBM 7175166	2024-11-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Pak System versions 2.3.4.x ant\u00e9rieures \u00e0 2.3.4.1",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.13",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.20.0",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.2 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.3 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.20.0",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.3 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF01",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions 2.3.4.0 avec Db2 versions ant\u00e9rieures \u00e0 11.5.9 Special Build",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix03",
      "product": {
        "name": "Sterling Control Center",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 3.1 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.27.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Transformation Advisor versions ant\u00e9rieures \u00e0 3.10.2 ",
      "product": {
        "name": "Cloud Transformation Advisor",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.27.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix14",
      "product": {
        "name": "Sterling Control Center",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.15",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2022-23181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23181"
    },
    {
      "name": "CVE-2021-42340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
    },
    {
      "name": "CVE-2022-29885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
    },
    {
      "name": "CVE-2022-34305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34305"
    },
    {
      "name": "CVE-2017-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
    },
    {
      "name": "CVE-2022-25762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
    },
    {
      "name": "CVE-2022-42252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2023-28708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
    },
    {
      "name": "CVE-2022-24999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2021-43618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2023-28487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2023-28486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2022-31030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
    },
    {
      "name": "CVE-2022-23648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-52451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
    },
    {
      "name": "CVE-2023-52584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52584"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2023-52600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2023-52599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
    },
    {
      "name": "CVE-2023-42465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2024-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2024-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
    },
    {
      "name": "CVE-2023-52609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52609"
    },
    {
      "name": "CVE-2017-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2021-35939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-0553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
    },
    {
      "name": "CVE-2021-35938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
    },
    {
      "name": "CVE-2023-50782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
    },
    {
      "name": "CVE-2021-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2023-52591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
    },
    {
      "name": "CVE-2024-26667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26667"
    },
    {
      "name": "CVE-2023-52608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52608"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2024-25739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
    },
    {
      "name": "CVE-2023-52623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
    },
    {
      "name": "CVE-2023-52619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-26707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26707"
    },
    {
      "name": "CVE-2024-26697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
    },
    {
      "name": "CVE-2024-26704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
    },
    {
      "name": "CVE-2023-52622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
    },
    {
      "name": "CVE-2024-26727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26727"
    },
    {
      "name": "CVE-2024-26718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
    },
    {
      "name": "CVE-2024-26702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26702"
    },
    {
      "name": "CVE-2024-26710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26710"
    },
    {
      "name": "CVE-2024-26810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
    },
    {
      "name": "CVE-2024-26663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26663"
    },
    {
      "name": "CVE-2024-26773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
    },
    {
      "name": "CVE-2024-26660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26660"
    },
    {
      "name": "CVE-2024-26726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
    },
    {
      "name": "CVE-2024-26640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
    },
    {
      "name": "CVE-2024-26802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
    },
    {
      "name": "CVE-2024-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
    },
    {
      "name": "CVE-2024-26700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
    },
    {
      "name": "CVE-2024-26772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
    },
    {
      "name": "CVE-2024-26696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
    },
    {
      "name": "CVE-2024-26698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26698"
    },
    {
      "name": "CVE-2024-26714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26714"
    },
    {
      "name": "CVE-2024-26686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
    },
    {
      "name": "CVE-2017-11468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
    },
    {
      "name": "CVE-2023-45284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
    },
    {
      "name": "CVE-2023-52590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52590"
    },
    {
      "name": "CVE-2021-46939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
    },
    {
      "name": "CVE-2024-26870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26870"
    },
    {
      "name": "CVE-2024-27025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27025"
    },
    {
      "name": "CVE-2024-26961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
    },
    {
      "name": "CVE-2024-26840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
    },
    {
      "name": "CVE-2024-26958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26958"
    },
    {
      "name": "CVE-2024-26843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
    },
    {
      "name": "CVE-2024-26925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26925"
    },
    {
      "name": "CVE-2024-27388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
    },
    {
      "name": "CVE-2024-27020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27020"
    },
    {
      "name": "CVE-2024-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
    },
    {
      "name": "CVE-2024-26820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26820"
    },
    {
      "name": "CVE-2024-26878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
    },
    {
      "name": "CVE-2024-26852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
    },
    {
      "name": "CVE-2024-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
    },
    {
      "name": "CVE-2024-26825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26825"
    },
    {
      "name": "CVE-2024-27019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
    },
    {
      "name": "CVE-2024-26668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
    },
    {
      "name": "CVE-2024-26669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2023-52653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
    },
    {
      "name": "CVE-2024-26853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
    },
    {
      "name": "CVE-2022-48632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48632"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-35947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35947"
    },
    {
      "name": "CVE-2024-36017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
    },
    {
      "name": "CVE-2024-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
    },
    {
      "name": "CVE-2024-36889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
    },
    {
      "name": "CVE-2024-36904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
    },
    {
      "name": "CVE-2024-36905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
    },
    {
      "name": "CVE-2024-36929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
    },
    {
      "name": "CVE-2024-36933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
    },
    {
      "name": "CVE-2024-36940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
    },
    {
      "name": "CVE-2024-36941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
    },
    {
      "name": "CVE-2024-36950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36950"
    },
    {
      "name": "CVE-2024-36954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
    },
    {
      "name": "CVE-2021-47231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47231"
    },
    {
      "name": "CVE-2021-47284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47284"
    },
    {
      "name": "CVE-2021-47373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
    },
    {
      "name": "CVE-2021-47408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47408"
    },
    {
      "name": "CVE-2021-47449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47449"
    },
    {
      "name": "CVE-2021-47461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47461"
    },
    {
      "name": "CVE-2021-47468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47468"
    },
    {
      "name": "CVE-2021-47491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47491"
    },
    {
      "name": "CVE-2021-47548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47548"
    },
    {
      "name": "CVE-2023-52662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52662"
    },
    {
      "name": "CVE-2023-52679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52679"
    },
    {
      "name": "CVE-2023-52707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52707"
    },
    {
      "name": "CVE-2023-52730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
    },
    {
      "name": "CVE-2023-52756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52756"
    },
    {
      "name": "CVE-2023-52764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
    },
    {
      "name": "CVE-2023-52777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52777"
    },
    {
      "name": "CVE-2023-52791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
    },
    {
      "name": "CVE-2023-52796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
    },
    {
      "name": "CVE-2023-52803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52803"
    },
    {
      "name": "CVE-2023-52811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52811"
    },
    {
      "name": "CVE-2023-52817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
    },
    {
      "name": "CVE-2023-52832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
    },
    {
      "name": "CVE-2023-52834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52834"
    },
    {
      "name": "CVE-2023-52847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
    },
    {
      "name": "CVE-2023-52864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
    },
    {
      "name": "CVE-2024-26921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
    },
    {
      "name": "CVE-2024-26940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26940"
    },
    {
      "name": "CVE-2024-27395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27395"
    },
    {
      "name": "CVE-2024-35801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35801"
    },
    {
      "name": "CVE-2024-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
    },
    {
      "name": "CVE-2024-35847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35847"
    },
    {
      "name": "CVE-2024-35912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35912"
    },
    {
      "name": "CVE-2024-35924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35924"
    },
    {
      "name": "CVE-2024-35930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35930"
    },
    {
      "name": "CVE-2024-35938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35938"
    },
    {
      "name": "CVE-2024-35940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35940"
    },
    {
      "name": "CVE-2024-35952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35952"
    },
    {
      "name": "CVE-2024-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
    },
    {
      "name": "CVE-2024-36016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
    },
    {
      "name": "CVE-2024-36896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36896"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2023-52658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52658"
    },
    {
      "name": "CVE-2024-26740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
    },
    {
      "name": "CVE-2024-26844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26844"
    },
    {
      "name": "CVE-2024-26962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26962"
    },
    {
      "name": "CVE-2024-27434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
    },
    {
      "name": "CVE-2024-35790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
    },
    {
      "name": "CVE-2024-35810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35810"
    },
    {
      "name": "CVE-2024-35814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35814"
    },
    {
      "name": "CVE-2024-35824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35824"
    },
    {
      "name": "CVE-2024-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
    },
    {
      "name": "CVE-2024-35946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
    },
    {
      "name": "CVE-2024-36020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
    },
    {
      "name": "CVE-2024-36025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36025"
    },
    {
      "name": "CVE-2024-36921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
    },
    {
      "name": "CVE-2024-31076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
    },
    {
      "name": "CVE-2024-33621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
    },
    {
      "name": "CVE-2024-35807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
    },
    {
      "name": "CVE-2024-35893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35893"
    },
    {
      "name": "CVE-2024-35896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
    },
    {
      "name": "CVE-2024-35897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-35900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35900"
    },
    {
      "name": "CVE-2024-35910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35910"
    },
    {
      "name": "CVE-2024-35925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35925"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-36286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
    },
    {
      "name": "CVE-2024-36960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2024-38596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38596"
    },
    {
      "name": "CVE-2024-38598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38598"
    },
    {
      "name": "CVE-2024-38627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2023-52648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52648"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-34069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2022-48743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48743"
    },
    {
      "name": "CVE-2022-48747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48747"
    },
    {
      "name": "CVE-2023-52762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52762"
    },
    {
      "name": "CVE-2023-52784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
    },
    {
      "name": "CVE-2023-52845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
    },
    {
      "name": "CVE-2024-26842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26842"
    },
    {
      "name": "CVE-2024-36917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
    },
    {
      "name": "CVE-2024-36945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
    },
    {
      "name": "CVE-2024-36978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
    },
    {
      "name": "CVE-2024-38555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
    },
    {
      "name": "CVE-2024-38573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38573"
    },
    {
      "name": "CVE-2024-22365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2024-26662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26662"
    },
    {
      "name": "CVE-2024-26703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26703"
    },
    {
      "name": "CVE-2024-26818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26818"
    },
    {
      "name": "CVE-2024-26824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26824"
    },
    {
      "name": "CVE-2024-26831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26831"
    },
    {
      "name": "CVE-2024-27010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
    },
    {
      "name": "CVE-2024-27011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
    },
    {
      "name": "CVE-2024-36270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
    },
    {
      "name": "CVE-2024-36489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
    },
    {
      "name": "CVE-2024-38615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
    },
    {
      "name": "CVE-2024-39276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39276"
    },
    {
      "name": "CVE-2024-39476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-39495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
    },
    {
      "name": "CVE-2024-39502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
    },
    {
      "name": "CVE-2024-40902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
    },
    {
      "name": "CVE-2024-40927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
    },
    {
      "name": "CVE-2024-40974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
    },
    {
      "name": "CVE-2024-36010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36010"
    },
    {
      "name": "CVE-2024-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2024-36927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36927"
    },
    {
      "name": "CVE-2024-36979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
    },
    {
      "name": "CVE-2024-38538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
    },
    {
      "name": "CVE-2021-47018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47018"
    },
    {
      "name": "CVE-2021-47257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
    },
    {
      "name": "CVE-2021-47304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47304"
    },
    {
      "name": "CVE-2021-47579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47579"
    },
    {
      "name": "CVE-2021-47624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47624"
    },
    {
      "name": "CVE-2022-48757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48757"
    },
    {
      "name": "CVE-2023-52471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
    },
    {
      "name": "CVE-2023-52775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52775"
    },
    {
      "name": "CVE-2024-26837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
    },
    {
      "name": "CVE-2024-39472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2024-38808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
    },
    {
      "name": "CVE-2024-38809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
    },
    {
      "name": "CVE-2024-27267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-42232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
    },
    {
      "name": "CVE-2024-42236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
    },
    {
      "name": "CVE-2024-42244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
    },
    {
      "name": "CVE-2024-42247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
    },
    {
      "name": "CVE-2023-4692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
    },
    {
      "name": "CVE-2023-4693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
    },
    {
      "name": "CVE-2023-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
    },
    {
      "name": "CVE-2024-1048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-41042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
    },
    {
      "name": "CVE-2024-42238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
    },
    {
      "name": "CVE-2024-42259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
    },
    {
      "name": "CVE-2024-43824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
    },
    {
      "name": "CVE-2024-43833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
    },
    {
      "name": "CVE-2024-43858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
    },
    {
      "name": "CVE-2021-42694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42694"
    },
    {
      "name": "CVE-2023-50314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-42252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
    },
    {
      "name": "CVE-2024-43832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43832"
    },
    {
      "name": "CVE-2024-37370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
    },
    {
      "name": "CVE-2024-37371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-42251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42251"
    },
    {
      "name": "CVE-2021-43980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43980"
    },
    {
      "name": "CVE-2023-20584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20584"
    },
    {
      "name": "CVE-2023-31356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31356"
    },
    {
      "name": "CVE-2023-36328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36328"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2023-5115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5115"
    },
    {
      "name": "CVE-2023-52596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52596"
    },
    {
      "name": "CVE-2023-5764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5764"
    },
    {
      "name": "CVE-2024-21529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21529"
    },
    {
      "name": "CVE-2024-21534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
    },
    {
      "name": "CVE-2024-25620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25620"
    },
    {
      "name": "CVE-2024-26147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26147"
    },
    {
      "name": "CVE-2024-26713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26713"
    },
    {
      "name": "CVE-2024-26721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26721"
    },
    {
      "name": "CVE-2024-26823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26823"
    },
    {
      "name": "CVE-2024-30203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
    },
    {
      "name": "CVE-2024-30205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
    },
    {
      "name": "CVE-2024-31882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2024-35136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
    },
    {
      "name": "CVE-2024-35152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
    },
    {
      "name": "CVE-2024-37529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2024-39331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
    },
    {
      "name": "CVE-2024-42254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42254"
    },
    {
      "name": "CVE-2024-42255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42255"
    },
    {
      "name": "CVE-2024-42256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42256"
    },
    {
      "name": "CVE-2024-42258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42258"
    },
    {
      "name": "CVE-2024-42460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-43857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43857"
    },
    {
      "name": "CVE-2024-45490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2024-46982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2024-47874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    }
  ],
  "initial_release_date": "2024-11-08T00:00:00",
  "last_revision_date": "2024-11-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0958",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174802",
      "url": "https://www.ibm.com/support/pages/node/7174802"
    },
    {
      "published_at": "2024-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174634",
      "url": "https://www.ibm.com/support/pages/node/7174634"
    },
    {
      "published_at": "2024-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174639",
      "url": "https://www.ibm.com/support/pages/node/7174639"
    },
    {
      "published_at": "2024-11-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175196",
      "url": "https://www.ibm.com/support/pages/node/7175196"
    },
    {
      "published_at": "2024-11-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175086",
      "url": "https://www.ibm.com/support/pages/node/7175086"
    },
    {
      "published_at": "2024-11-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175192",
      "url": "https://www.ibm.com/support/pages/node/7175192"
    },
    {
      "published_at": "2024-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174799",
      "url": "https://www.ibm.com/support/pages/node/7174799"
    },
    {
      "published_at": "2024-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174797",
      "url": "https://www.ibm.com/support/pages/node/7174797"
    },
    {
      "published_at": "2024-11-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174945",
      "url": "https://www.ibm.com/support/pages/node/7174945"
    },
    {
      "published_at": "2024-11-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174912",
      "url": "https://www.ibm.com/support/pages/node/7174912"
    },
    {
      "published_at": "2024-11-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175166",
      "url": "https://www.ibm.com/support/pages/node/7175166"
    }
  ]
}

GHSA-JRCF-GR4J-P9GP

Vulnerability from github – Published: 2024-08-08 09:30 – Updated: 2024-09-06 15:32

Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix server re-repick on subrequest retry

When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server.

If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting.

Fix this by just removing the repick code in smb2_async_writev(). As this is only called from netfslib-driven code, cifs_prepare_write() should always have been called first, and so server should never be NULL and the preparatory step is repeated in the event that we do a retry.

The problem manifests as a warning looking something like:

WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30

Which may be triggered by a number of different xfstests running against an Azure server in multichannel mode. generic/249 seems the most repeatable, but generic/215, generic/249 and generic/308 may also show it.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-42256"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-08T09:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix server re-repick on subrequest retry\n\nWhen a subrequest is marked for needing retry, netfs will call\ncifs_prepare_write() which will make cifs repick the server for the op\nbefore renegotiating credits; it then calls cifs_issue_write() which\ninvokes smb2_async_writev() - which re-repicks the server.\n\nIf a different server is then selected, this causes the increment of\nserver-\u003ein_flight to happen against one record and the decrement to happen\nagainst another, leading to misaccounting.\n\nFix this by just removing the repick code in smb2_async_writev().  As this\nis only called from netfslib-driven code, cifs_prepare_write() should\nalways have been called first, and so server should never be NULL and the\npreparatory step is repeated in the event that we do a retry.\n\nThe problem manifests as a warning looking something like:\n\n WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs]\n ...\n RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs]\n ...\n  smb2_writev_callback+0x334/0x560 [cifs]\n  cifs_demultiplex_thread+0x77a/0x11b0 [cifs]\n  kthread+0x187/0x1d0\n  ret_from_fork+0x34/0x60\n  ret_from_fork_asm+0x1a/0x30\n\nWhich may be triggered by a number of different xfstests running against an\nAzure server in multichannel mode.  generic/249 seems the most repeatable,\nbut generic/215, generic/249 and generic/308 may also show it.",
  "id": "GHSA-jrcf-gr4j-p9gp",
  "modified": "2024-09-06T15:32:56Z",
  "published": "2024-08-08T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42256"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-42256

Vulnerability from fkie_nvd - Published: 2024-08-08 09:15 - Updated: 2024-09-06 13:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a	Patch
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236	Patch

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5B6890-A2E7-41F8-AA56-E3202E9FB075",
              "versionEndExcluding": "6.10.1",
              "versionStartIncluding": "6.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix server re-repick on subrequest retry\n\nWhen a subrequest is marked for needing retry, netfs will call\ncifs_prepare_write() which will make cifs repick the server for the op\nbefore renegotiating credits; it then calls cifs_issue_write() which\ninvokes smb2_async_writev() - which re-repicks the server.\n\nIf a different server is then selected, this causes the increment of\nserver-\u003ein_flight to happen against one record and the decrement to happen\nagainst another, leading to misaccounting.\n\nFix this by just removing the repick code in smb2_async_writev().  As this\nis only called from netfslib-driven code, cifs_prepare_write() should\nalways have been called first, and so server should never be NULL and the\npreparatory step is repeated in the event that we do a retry.\n\nThe problem manifests as a warning looking something like:\n\n WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs]\n ...\n RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs]\n ...\n  smb2_writev_callback+0x334/0x560 [cifs]\n  cifs_demultiplex_thread+0x77a/0x11b0 [cifs]\n  kthread+0x187/0x1d0\n  ret_from_fork+0x34/0x60\n  ret_from_fork_asm+0x1a/0x30\n\nWhich may be triggered by a number of different xfstests running against an\nAzure server in multichannel mode.  generic/249 seems the most repeatable,\nbut generic/215, generic/249 and generic/308 may also show it."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: corrige la repetici\u00f3n del servidor en el reintento de subrequest Cuando se marca una subrequest para necesitar un reintento, netfs llamar\u00e1 a cifs_prepare_write(), lo que har\u00e1 que cifs vuelva a seleccionar el servidor para la operaci\u00f3n antes de renegociar los cr\u00e9ditos; luego llama a cifs_issue_write(), que invoca a smb2_async_writev(), que vuelve a seleccionar el servidor. Si luego se selecciona un servidor diferente, esto hace que el incremento de server-\u0026gt;in_flight ocurra en un registro y la disminuci\u00f3n en otro, lo que lleva a una contabilidad err\u00f3nea. Solucione este problema simplemente eliminando el c\u00f3digo de repetici\u00f3n en smb2_async_writev(). Como esto solo se llama desde c\u00f3digo controlado por netfslib, siempre se deber\u00eda haber llamado primero a cifs_prepare_write(), por lo que el servidor nunca deber\u00eda ser NULL y el paso preparatorio se repite en caso de que hagamos un reintento. El problema se manifiesta como una advertencia similar a: ADVERTENCIA: CPU: 4 PID: 72896 en fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Que puede ser activado por varios xfstests corriendo contra un Servidor Azure en modo multicanal. generic/249 parece el m\u00e1s repetible, pero generic/215, generic/249 y generic/308 tambi\u00e9n pueden mostrarlo."
    }
  ],
  "id": "CVE-2024-42256",
  "lastModified": "2024-09-06T13:56:00.207",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-08T09:15:08.553",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-42256 (GCVE-0-2024-42256)

CVE-2024-42256

CERTFR-2024-AVI-0958

Solutions

GHSA-JRCF-GR4J-P9GP

FKIE_CVE-2024-42256

Tags

Sightings

Nomenclature