Vulnerability-Lookup

CVE-2024-56368 (GCVE-0-2024-56368)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-05-04 09:57

Title

ring-buffer: Fix overflow in __rb_map_vma

Summary

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in __rb_map_vma An overflow occurred when performing the following calculation: nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff; Add a check before the calculation to avoid this problem. syzbot reported this as a slab-out-of-bounds in __rb_map_vma: BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836 CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The reproducer for this bug is: ------------------------8<------------------------- #include <fcntl.h> #include <stdlib.h> #include <unistd.h> #include <asm/types.h> #include <sys/mman.h> int main(int argc, char **argv) { int page_size = getpagesize(); int fd; void *meta; system("echo 1 > /sys/kernel/tracing/buffer_size_kb"); fd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY); meta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5); } ------------------------>8-------------------------

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CERTFR-2025-AVI-0254

Vulnerability from certfr_avis - Published: 2025-03-28 - Updated: 2025-03-28

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et un déni de service.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 24.10
Ubuntu	Ubuntu	Ubuntu 14.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu LSN-0110-1	2025-03-26	vendor-advisory
Bulletin de sécurité Ubuntu USN-7382-1	2025-03-27	vendor-advisory
Bulletin de sécurité Ubuntu USN-7380-1	2025-03-27	vendor-advisory
Bulletin de sécurité Ubuntu USN-7379-1	2025-03-27	vendor-advisory
Bulletin de sécurité Ubuntu USN-7381-1	2025-03-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 24.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 24.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-52880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52880"
    },
    {
      "name": "CVE-2024-38558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
    },
    {
      "name": "CVE-2024-53104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
    },
    {
      "name": "CVE-2024-53140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
    },
    {
      "name": "CVE-2024-53179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53179"
    },
    {
      "name": "CVE-2024-56551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
    },
    {
      "name": "CVE-2024-56562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
    },
    {
      "name": "CVE-2024-56566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56566"
    },
    {
      "name": "CVE-2024-56567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
    },
    {
      "name": "CVE-2024-56576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
    },
    {
      "name": "CVE-2024-56582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
    },
    {
      "name": "CVE-2024-56599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
    },
    {
      "name": "CVE-2024-56604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
    },
    {
      "name": "CVE-2024-56605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
    },
    {
      "name": "CVE-2024-56645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
    },
    {
      "name": "CVE-2024-56667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56667"
    },
    {
      "name": "CVE-2024-56570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
    },
    {
      "name": "CVE-2024-56575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
    },
    {
      "name": "CVE-2024-56598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
    },
    {
      "name": "CVE-2024-56619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
    },
    {
      "name": "CVE-2024-56631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
    },
    {
      "name": "CVE-2024-36476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
    },
    {
      "name": "CVE-2024-39282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
    },
    {
      "name": "CVE-2024-45828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
    },
    {
      "name": "CVE-2024-47141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
    },
    {
      "name": "CVE-2024-47143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
    },
    {
      "name": "CVE-2024-47809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
    },
    {
      "name": "CVE-2024-48873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
    },
    {
      "name": "CVE-2024-48881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
    },
    {
      "name": "CVE-2024-49569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
    },
    {
      "name": "CVE-2024-50051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
    },
    {
      "name": "CVE-2024-52332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
    },
    {
      "name": "CVE-2024-53685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
    },
    {
      "name": "CVE-2024-53690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
    },
    {
      "name": "CVE-2024-54680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
    },
    {
      "name": "CVE-2024-55639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55639"
    },
    {
      "name": "CVE-2024-55881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
    },
    {
      "name": "CVE-2024-55916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
    },
    {
      "name": "CVE-2024-56369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
    },
    {
      "name": "CVE-2024-56372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56372"
    },
    {
      "name": "CVE-2024-56557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
    },
    {
      "name": "CVE-2024-56558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
    },
    {
      "name": "CVE-2024-56568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
    },
    {
      "name": "CVE-2024-56569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
    },
    {
      "name": "CVE-2024-56572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
    },
    {
      "name": "CVE-2024-56573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
    },
    {
      "name": "CVE-2024-56574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
    },
    {
      "name": "CVE-2024-56757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56757"
    },
    {
      "name": "CVE-2024-56577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
    },
    {
      "name": "CVE-2024-56578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
    },
    {
      "name": "CVE-2024-56584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
    },
    {
      "name": "CVE-2024-56587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
    },
    {
      "name": "CVE-2024-56588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
    },
    {
      "name": "CVE-2024-56589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
    },
    {
      "name": "CVE-2024-56590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
    },
    {
      "name": "CVE-2024-56593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
    },
    {
      "name": "CVE-2024-56594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
    },
    {
      "name": "CVE-2024-56595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
    },
    {
      "name": "CVE-2024-56596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
    },
    {
      "name": "CVE-2024-56597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
    },
    {
      "name": "CVE-2024-56602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
    },
    {
      "name": "CVE-2024-56603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
    },
    {
      "name": "CVE-2024-56606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
    },
    {
      "name": "CVE-2024-56607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
    },
    {
      "name": "CVE-2024-56609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
    },
    {
      "name": "CVE-2024-56611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
    },
    {
      "name": "CVE-2024-56614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
    },
    {
      "name": "CVE-2024-56615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
    },
    {
      "name": "CVE-2024-56616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
    },
    {
      "name": "CVE-2024-56617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56617"
    },
    {
      "name": "CVE-2024-56620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
    },
    {
      "name": "CVE-2024-56622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
    },
    {
      "name": "CVE-2024-56623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
    },
    {
      "name": "CVE-2024-56625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
    },
    {
      "name": "CVE-2024-56629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
    },
    {
      "name": "CVE-2024-56630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
    },
    {
      "name": "CVE-2024-56632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
    },
    {
      "name": "CVE-2024-56634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
    },
    {
      "name": "CVE-2024-56635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
    },
    {
      "name": "CVE-2024-56636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
    },
    {
      "name": "CVE-2024-56637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
    },
    {
      "name": "CVE-2024-56641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
    },
    {
      "name": "CVE-2024-56642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
    },
    {
      "name": "CVE-2024-56643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
    },
    {
      "name": "CVE-2024-56644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
    },
    {
      "name": "CVE-2024-56648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
    },
    {
      "name": "CVE-2024-56649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
    },
    {
      "name": "CVE-2024-56651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
    },
    {
      "name": "CVE-2024-56654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56654"
    },
    {
      "name": "CVE-2024-56656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56656"
    },
    {
      "name": "CVE-2024-56659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
    },
    {
      "name": "CVE-2024-56660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
    },
    {
      "name": "CVE-2024-56662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
    },
    {
      "name": "CVE-2024-56663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
    },
    {
      "name": "CVE-2024-56664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
    },
    {
      "name": "CVE-2024-56670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
    },
    {
      "name": "CVE-2024-56672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
    },
    {
      "name": "CVE-2024-56675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
    },
    {
      "name": "CVE-2024-56709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
    },
    {
      "name": "CVE-2024-56712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56712"
    },
    {
      "name": "CVE-2024-56716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
    },
    {
      "name": "CVE-2024-56759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
    },
    {
      "name": "CVE-2024-56760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56760"
    },
    {
      "name": "CVE-2024-56765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
    },
    {
      "name": "CVE-2024-56766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
    },
    {
      "name": "CVE-2024-56767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
    },
    {
      "name": "CVE-2024-56769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
    },
    {
      "name": "CVE-2024-56774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
    },
    {
      "name": "CVE-2024-56775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
    },
    {
      "name": "CVE-2024-56776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
    },
    {
      "name": "CVE-2024-56777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
    },
    {
      "name": "CVE-2024-56778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
    },
    {
      "name": "CVE-2024-56779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
    },
    {
      "name": "CVE-2024-56780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
    },
    {
      "name": "CVE-2024-56787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
    },
    {
      "name": "CVE-2024-57791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
    },
    {
      "name": "CVE-2024-57792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
    },
    {
      "name": "CVE-2024-57793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
    },
    {
      "name": "CVE-2024-57795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
    },
    {
      "name": "CVE-2024-57798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
    },
    {
      "name": "CVE-2024-57801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57801"
    },
    {
      "name": "CVE-2024-57804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57804"
    },
    {
      "name": "CVE-2024-57809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57809"
    },
    {
      "name": "CVE-2024-57838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
    },
    {
      "name": "CVE-2024-57849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
    },
    {
      "name": "CVE-2024-57850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
    },
    {
      "name": "CVE-2024-57857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57857"
    },
    {
      "name": "CVE-2024-57874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
    },
    {
      "name": "CVE-2024-57876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
    },
    {
      "name": "CVE-2024-57887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
    },
    {
      "name": "CVE-2024-57888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
    },
    {
      "name": "CVE-2024-57890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
    },
    {
      "name": "CVE-2024-57892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
    },
    {
      "name": "CVE-2024-57893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
    },
    {
      "name": "CVE-2024-57896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
    },
    {
      "name": "CVE-2024-57897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
    },
    {
      "name": "CVE-2024-57899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
    },
    {
      "name": "CVE-2024-57903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
    },
    {
      "name": "CVE-2024-57904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
    },
    {
      "name": "CVE-2024-57906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
    },
    {
      "name": "CVE-2024-57907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
    },
    {
      "name": "CVE-2024-57908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
    },
    {
      "name": "CVE-2024-57910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
    },
    {
      "name": "CVE-2024-57911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
    },
    {
      "name": "CVE-2024-57912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
    },
    {
      "name": "CVE-2024-57913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
    },
    {
      "name": "CVE-2024-57916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
    },
    {
      "name": "CVE-2024-57926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57926"
    },
    {
      "name": "CVE-2024-57929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
    },
    {
      "name": "CVE-2024-57932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57932"
    },
    {
      "name": "CVE-2024-57933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57933"
    },
    {
      "name": "CVE-2024-57935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57935"
    },
    {
      "name": "CVE-2024-57940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
    },
    {
      "name": "CVE-2025-21632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21632"
    },
    {
      "name": "CVE-2025-21645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
    },
    {
      "name": "CVE-2025-21646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
    },
    {
      "name": "CVE-2025-21649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21649"
    },
    {
      "name": "CVE-2025-21650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21650"
    },
    {
      "name": "CVE-2025-21651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21651"
    },
    {
      "name": "CVE-2025-21656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21656"
    },
    {
      "name": "CVE-2025-21662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
    },
    {
      "name": "CVE-2024-56592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
    },
    {
      "name": "CVE-2024-56600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
    },
    {
      "name": "CVE-2024-56601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
    },
    {
      "name": "CVE-2024-56608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
    },
    {
      "name": "CVE-2024-56610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
    },
    {
      "name": "CVE-2024-56650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
    },
    {
      "name": "CVE-2024-56658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
    },
    {
      "name": "CVE-2024-56665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
    },
    {
      "name": "CVE-2024-56715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
    },
    {
      "name": "CVE-2024-56763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
    },
    {
      "name": "CVE-2024-57802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
    },
    {
      "name": "CVE-2024-57882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
    },
    {
      "name": "CVE-2024-57884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
    },
    {
      "name": "CVE-2024-57917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
    },
    {
      "name": "CVE-2024-57931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
    },
    {
      "name": "CVE-2024-57938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
    },
    {
      "name": "CVE-2024-57946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
    },
    {
      "name": "CVE-2025-21652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21652"
    },
    {
      "name": "CVE-2025-21653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
    },
    {
      "name": "CVE-2025-21655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
    },
    {
      "name": "CVE-2025-21663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21663"
    },
    {
      "name": "CVE-2025-21664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
    },
    {
      "name": "CVE-2024-57925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
    },
    {
      "name": "CVE-2024-57939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
    },
    {
      "name": "CVE-2025-21631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
    },
    {
      "name": "CVE-2025-21636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
    },
    {
      "name": "CVE-2025-21637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
    },
    {
      "name": "CVE-2025-21638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
    },
    {
      "name": "CVE-2025-21639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
    },
    {
      "name": "CVE-2025-21640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
    },
    {
      "name": "CVE-2025-21647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
    },
    {
      "name": "CVE-2025-21648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
    },
    {
      "name": "CVE-2025-21660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21660"
    },
    {
      "name": "CVE-2024-56633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
    },
    {
      "name": "CVE-2025-0927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
    },
    {
      "name": "CVE-2024-56579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
    },
    {
      "name": "CVE-2024-56647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
    },
    {
      "name": "CVE-2024-57889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
    },
    {
      "name": "CVE-2024-43098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
    },
    {
      "name": "CVE-2024-47408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
    },
    {
      "name": "CVE-2024-49571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
    },
    {
      "name": "CVE-2024-53680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
    },
    {
      "name": "CVE-2024-56581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
    },
    {
      "name": "CVE-2024-56586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
    },
    {
      "name": "CVE-2024-56626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
    },
    {
      "name": "CVE-2024-56627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
    },
    {
      "name": "CVE-2024-56640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
    },
    {
      "name": "CVE-2024-56717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56717"
    },
    {
      "name": "CVE-2024-56718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56718"
    },
    {
      "name": "CVE-2024-56770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
    },
    {
      "name": "CVE-2024-56781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
    },
    {
      "name": "CVE-2024-56783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56783"
    },
    {
      "name": "CVE-2024-56785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
    },
    {
      "name": "CVE-2024-57807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
    },
    {
      "name": "CVE-2024-57841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
    },
    {
      "name": "CVE-2024-57894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57894"
    },
    {
      "name": "CVE-2024-57900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
    },
    {
      "name": "CVE-2024-57901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
    },
    {
      "name": "CVE-2024-57902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
    },
    {
      "name": "CVE-2025-21629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
    },
    {
      "name": "CVE-2024-41932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41932"
    },
    {
      "name": "CVE-2024-41935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41935"
    },
    {
      "name": "CVE-2024-47794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
    },
    {
      "name": "CVE-2024-48875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48875"
    },
    {
      "name": "CVE-2024-48876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48876"
    },
    {
      "name": "CVE-2024-49568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49568"
    },
    {
      "name": "CVE-2024-51729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51729"
    },
    {
      "name": "CVE-2024-52319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52319"
    },
    {
      "name": "CVE-2024-53681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53681"
    },
    {
      "name": "CVE-2024-53682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53682"
    },
    {
      "name": "CVE-2024-53687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53687"
    },
    {
      "name": "CVE-2024-54191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54191"
    },
    {
      "name": "CVE-2024-54193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54193"
    },
    {
      "name": "CVE-2024-54455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54455"
    },
    {
      "name": "CVE-2024-54460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54460"
    },
    {
      "name": "CVE-2024-54683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54683"
    },
    {
      "name": "CVE-2024-55641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55641"
    },
    {
      "name": "CVE-2024-55642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55642"
    },
    {
      "name": "CVE-2024-56368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56368"
    },
    {
      "name": "CVE-2024-56550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56550"
    },
    {
      "name": "CVE-2024-56552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56552"
    },
    {
      "name": "CVE-2024-56559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56559"
    },
    {
      "name": "CVE-2024-56561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56561"
    },
    {
      "name": "CVE-2024-56563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56563"
    },
    {
      "name": "CVE-2024-56564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56564"
    },
    {
      "name": "CVE-2024-56565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56565"
    },
    {
      "name": "CVE-2024-56580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56580"
    },
    {
      "name": "CVE-2024-56583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56583"
    },
    {
      "name": "CVE-2024-56591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56591"
    },
    {
      "name": "CVE-2024-56613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56613"
    },
    {
      "name": "CVE-2024-56618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56618"
    },
    {
      "name": "CVE-2024-56621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56621"
    },
    {
      "name": "CVE-2024-56624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56624"
    },
    {
      "name": "CVE-2024-56638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56638"
    },
    {
      "name": "CVE-2024-56639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56639"
    },
    {
      "name": "CVE-2024-56646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56646"
    },
    {
      "name": "CVE-2024-56652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56652"
    },
    {
      "name": "CVE-2024-56653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56653"
    },
    {
      "name": "CVE-2024-56655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56655"
    },
    {
      "name": "CVE-2024-56657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56657"
    },
    {
      "name": "CVE-2024-56669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56669"
    },
    {
      "name": "CVE-2024-56671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56671"
    },
    {
      "name": "CVE-2024-56673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56673"
    },
    {
      "name": "CVE-2024-56710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56710"
    },
    {
      "name": "CVE-2024-56711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56711"
    },
    {
      "name": "CVE-2024-56713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56713"
    },
    {
      "name": "CVE-2024-56714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56714"
    },
    {
      "name": "CVE-2024-56719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56719"
    },
    {
      "name": "CVE-2024-56758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56758"
    },
    {
      "name": "CVE-2024-56761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56761"
    },
    {
      "name": "CVE-2024-56764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56764"
    },
    {
      "name": "CVE-2024-56768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56768"
    },
    {
      "name": "CVE-2024-56771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56771"
    },
    {
      "name": "CVE-2024-56772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56772"
    },
    {
      "name": "CVE-2024-56773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56773"
    },
    {
      "name": "CVE-2024-56782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56782"
    },
    {
      "name": "CVE-2024-56784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56784"
    },
    {
      "name": "CVE-2024-56786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56786"
    },
    {
      "name": "CVE-2024-57799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57799"
    },
    {
      "name": "CVE-2024-57805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57805"
    },
    {
      "name": "CVE-2024-57806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57806"
    },
    {
      "name": "CVE-2024-57839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57839"
    },
    {
      "name": "CVE-2024-57843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57843"
    },
    {
      "name": "CVE-2024-57872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57872"
    },
    {
      "name": "CVE-2024-57875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57875"
    },
    {
      "name": "CVE-2024-57878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57878"
    },
    {
      "name": "CVE-2024-57879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57879"
    },
    {
      "name": "CVE-2024-57880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57880"
    },
    {
      "name": "CVE-2024-57881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57881"
    },
    {
      "name": "CVE-2024-57883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
    },
    {
      "name": "CVE-2024-57885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57885"
    },
    {
      "name": "CVE-2024-57886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57886"
    },
    {
      "name": "CVE-2024-57895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57895"
    },
    {
      "name": "CVE-2024-57898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57898"
    },
    {
      "name": "CVE-2024-57905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57905"
    },
    {
      "name": "CVE-2024-57918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57918"
    },
    {
      "name": "CVE-2024-57919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57919"
    },
    {
      "name": "CVE-2024-57921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57921"
    },
    {
      "name": "CVE-2024-57924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
    },
    {
      "name": "CVE-2024-57934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57934"
    },
    {
      "name": "CVE-2024-57944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57944"
    },
    {
      "name": "CVE-2024-57945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57945"
    },
    {
      "name": "CVE-2024-58087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
    },
    {
      "name": "CVE-2025-21633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21633"
    },
    {
      "name": "CVE-2025-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21634"
    },
    {
      "name": "CVE-2025-21635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21635"
    },
    {
      "name": "CVE-2025-21642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21642"
    },
    {
      "name": "CVE-2025-21643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21643"
    },
    {
      "name": "CVE-2025-21644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21644"
    },
    {
      "name": "CVE-2025-21654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21654"
    },
    {
      "name": "CVE-2025-21658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21658"
    },
    {
      "name": "CVE-2025-21659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21659"
    },
    {
      "name": "CVE-2025-21661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21661"
    },
    {
      "name": "CVE-2025-21834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21834"
    }
  ],
  "initial_release_date": "2025-03-28T00:00:00",
  "last_revision_date": "2025-03-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0254",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": "2025-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0110-1",
      "url": "https://ubuntu.com/security/notices/LSN-0110-1"
    },
    {
      "published_at": "2025-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7382-1",
      "url": "https://ubuntu.com/security/notices/USN-7382-1"
    },
    {
      "published_at": "2025-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7380-1",
      "url": "https://ubuntu.com/security/notices/USN-7380-1"
    },
    {
      "published_at": "2025-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7379-1",
      "url": "https://ubuntu.com/security/notices/USN-7379-1"
    },
    {
      "published_at": "2025-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7381-1",
      "url": "https://ubuntu.com/security/notices/USN-7381-1"
    }
  ]
}

FKIE_CVE-2024-56368

Vulnerability from fkie_nvd - Published: 2025-01-11 13:15 - Updated: 2025-09-23 14:46

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c58a812c8e49ad688f94f4b050ad5c5b388fc5d2	Patch
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ec12f30fe54234dd40ffee50dda8d2df10bd0871	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	6.13
linux	linux_kernel	6.13
linux	linux_kernel	6.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCD8BD3-5C46-4941-B3DF-2AA3E532D3D6",
              "versionEndExcluding": "6.12.7",
              "versionStartIncluding": "6.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix overflow in __rb_map_vma\n\nAn overflow occurred when performing the following calculation:\n\n   nr_pages = ((nr_subbufs + 1) \u003c\u003c subbuf_order) - pgoff;\n\nAdd a check before the calculation to avoid this problem.\n\nsyzbot reported this as a slab-out-of-bounds in __rb_map_vma:\n\nBUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\nRead of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836\n\nCPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\n ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138\n tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482\n call_mmap include/linux/fs.h:2183 [inline]\n mmap_file mm/internal.h:124 [inline]\n __mmap_new_file_vma mm/vma.c:2291 [inline]\n __mmap_new_vma mm/vma.c:2355 [inline]\n __mmap_region+0x1786/0x2670 mm/vma.c:2456\n mmap_region+0x127/0x320 mm/mmap.c:1348\n do_mmap+0xc00/0xfc0 mm/mmap.c:496\n vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580\n ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542\n __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]\n __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]\n __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe reproducer for this bug is:\n\n------------------------8\u003c-------------------------\n #include \u003cfcntl.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003casm/types.h\u003e\n #include \u003csys/mman.h\u003e\n\n int main(int argc, char **argv)\n {\n\tint page_size = getpagesize();\n\tint fd;\n\tvoid *meta;\n\n\tsystem(\"echo 1 \u003e /sys/kernel/tracing/buffer_size_kb\");\n\tfd = open(\"/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\", O_RDONLY);\n\n\tmeta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);\n }\n------------------------\u003e8-------------------------"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ring-buffer: Corregir desbordamiento en __rb_map_vma Se produjo un desbordamiento al realizar el siguiente c\u00e1lculo: nr_pages = ((nr_subbufs + 1) \u0026lt;\u0026lt; subbuf_order) - pgoff; Agregue una verificaci\u00f3n antes del c\u00e1lculo para evitar este problema. syzbot report\u00f3 esto como un slab-out-of-bounds en __rb_map_vma: ERROR: KASAN: slab-out-of-bounds en __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880767dd2b8 por la tarea syz-executor187/5836 CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 No contaminado 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/11/2024 Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 imprimir_direcci\u00f3n_descripci\u00f3n mm/kasan/report.c:378 [en l\u00ednea] imprimir_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 mapa_de_buffer_de_anillo+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 rastreo_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 llamada_mmap include/linux/fs.h:2183 [en l\u00ednea] archivo_mmap mm/internal.h:124 [en l\u00ednea] __mmap_nuevo_archivo_vma mm/vma.c:2291 [en l\u00ednea] __mmap_nuevo_vma mm/vma.c:2355 [en l\u00ednea] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [en l\u00ednea] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [en l\u00ednea] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f El reproductor de este error es: ------------------------8\u0026lt;-------------------------- #include  #include  #include  #include  #include  int main(int argc, char **argv) { int tama\u00f1o_p\u00e1gina = getpagesize(); int fd; void *meta; system(\"echo 1 \u0026gt; /sys/kernel/tracing/buffer_size_kb\"); fd = open(\"/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\", O_RDONLY); meta = mmap(NULL, tama\u00f1o_p\u00e1gina, PROT_READ, MAP_SHARED, fd, tama\u00f1o_p\u00e1gina * 5); } ------------------------\u0026gt;8-------------------------"
    }
  ],
  "id": "CVE-2024-56368",
  "lastModified": "2025-09-23T14:46:17.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-11T13:15:28.530",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c58a812c8e49ad688f94f4b050ad5c5b388fc5d2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ec12f30fe54234dd40ffee50dda8d2df10bd0871"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7G63-2RPP-XVQC

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-09-23 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Fix overflow in __rb_map_vma

An overflow occurred when performing the following calculation:

nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff;

Add a check before the calculation to avoid this problem.

syzbot reported this as a slab-out-of-bounds in __rb_map_vma:

BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836

CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The reproducer for this bug is:

------------------------8<------------------------- #include #include #include #include #include

int main(int argc, char *argv) { int page_size = getpagesize(); int fd; void meta;

system("echo 1 > /sys/kernel/tracing/buffer_size_kb");
fd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY);

meta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);

} ------------------------>8-------------------------

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-56368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T13:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix overflow in __rb_map_vma\n\nAn overflow occurred when performing the following calculation:\n\n   nr_pages = ((nr_subbufs + 1) \u003c\u003c subbuf_order) - pgoff;\n\nAdd a check before the calculation to avoid this problem.\n\nsyzbot reported this as a slab-out-of-bounds in __rb_map_vma:\n\nBUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\nRead of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836\n\nCPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\n ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138\n tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482\n call_mmap include/linux/fs.h:2183 [inline]\n mmap_file mm/internal.h:124 [inline]\n __mmap_new_file_vma mm/vma.c:2291 [inline]\n __mmap_new_vma mm/vma.c:2355 [inline]\n __mmap_region+0x1786/0x2670 mm/vma.c:2456\n mmap_region+0x127/0x320 mm/mmap.c:1348\n do_mmap+0xc00/0xfc0 mm/mmap.c:496\n vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580\n ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542\n __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]\n __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]\n __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe reproducer for this bug is:\n\n------------------------8\u003c-------------------------\n #include \u003cfcntl.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003casm/types.h\u003e\n #include \u003csys/mman.h\u003e\n\n int main(int argc, char **argv)\n {\n\tint page_size = getpagesize();\n\tint fd;\n\tvoid *meta;\n\n\tsystem(\"echo 1 \u003e /sys/kernel/tracing/buffer_size_kb\");\n\tfd = open(\"/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\", O_RDONLY);\n\n\tmeta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);\n }\n------------------------\u003e8-------------------------",
  "id": "GHSA-7g63-2rpp-xvqc",
  "modified": "2025-09-23T15:31:07Z",
  "published": "2025-01-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56368"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c58a812c8e49ad688f94f4b050ad5c5b388fc5d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec12f30fe54234dd40ffee50dda8d2df10bd0871"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-56368 (GCVE-0-2024-56368)

CERTFR-2025-AVI-0254

Solutions

FKIE_CVE-2024-56368

GHSA-7G63-2RPP-XVQC

Tags

Sightings

Nomenclature