Advisory Database Sync

7h3Rabbit · Apr 3, 2024 · d811a85 · d811a85
1 parent cdd9cad
commit d811a85
Show file tree

Hide file tree

Showing 84 changed files with 3,444 additions and 12 deletions.
diff --git a/advisories/github-reviewed/2024/03/GHSA-5667-3wch-7q7w/GHSA-5667-3wch-7q7w.json b/advisories/github-reviewed/2024/03/GHSA-5667-3wch-7q7w/GHSA-5667-3wch-7q7w.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5667-3wch-7q7w",
-  "modified": "2024-04-02T19:28:13Z",
+  "modified": "2024-04-03T15:30:41Z",
   "published": "2024-03-27T09:30:40Z",
   "aliases": [
     "CVE-2024-1023"
@@ -76,6 +76,10 @@
       "type": "WEB",
       "url": "https://github.com/eclipse-vertx/vert.x/commit/dd6f64302b56cd4d3dcf61efaaf174b5f6ce676d"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:1662"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-1023"

diff --git a/advisories/github-reviewed/2024/03/GHSA-7g97-7r3c-5cc6/GHSA-7g97-7r3c-5cc6.json b/advisories/github-reviewed/2024/03/GHSA-7g97-7r3c-5cc6/GHSA-7g97-7r3c-5cc6.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7g97-7r3c-5cc6",
-  "modified": "2024-03-13T18:10:58Z",
+  "modified": "2024-04-03T15:30:40Z",
   "published": "2024-03-13T12:31:06Z",
   "aliases": [
     "CVE-2024-1979"
@@ -52,6 +52,10 @@
       "type": "WEB",
       "url": "https://github.com/quarkusio/quarkus/commit/5bc05ee35365a905f0e9e37f248c38688a81caaf"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:1662"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-1979"

diff --git a/advisories/github-reviewed/2024/04/GHSA-9ph3-v2vh-3qx7/GHSA-9ph3-v2vh-3qx7.json b/advisories/github-reviewed/2024/04/GHSA-9ph3-v2vh-3qx7/GHSA-9ph3-v2vh-3qx7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9ph3-v2vh-3qx7",
-  "modified": "2024-04-02T16:15:47Z",
+  "modified": "2024-04-03T15:30:41Z",
   "published": "2024-04-02T09:30:42Z",
   "aliases": [
     "CVE-2024-1300"
@@ -79,6 +79,10 @@
       "type": "WEB",
       "url": "https://github.com/eclipse-vertx/vert.x/commit/7ad34ea9d78f85e26b231ee3ec8d492d10046479"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:1662"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-1300"

diff --git a/advisories/unreviewed/2024/02/GHSA-63f3-2rgp-79qx/GHSA-63f3-2rgp-79qx.json b/advisories/unreviewed/2024/02/GHSA-63f3-2rgp-79qx/GHSA-63f3-2rgp-79qx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-63f3-2rgp-79qx",
-  "modified": "2024-03-14T21:30:51Z",
+  "modified": "2024-04-03T15:30:40Z",
   "published": "2024-02-21T15:30:45Z",
   "aliases": [
     "CVE-2024-26585"
@@ -21,6 +21,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26585"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"

diff --git a/advisories/unreviewed/2024/02/GHSA-rjjw-vjj8-q96x/GHSA-rjjw-vjj8-q96x.json b/advisories/unreviewed/2024/02/GHSA-rjjw-vjj8-q96x/GHSA-rjjw-vjj8-q96x.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rjjw-vjj8-q96x",
-  "modified": "2024-02-28T03:30:30Z",
+  "modified": "2024-04-03T15:30:40Z",
   "published": "2024-02-21T15:30:45Z",
   "aliases": [
     "CVE-2024-26584"
@@ -30,6 +30,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM"

diff --git a/advisories/unreviewed/2024/03/GHSA-79wp-fmwh-x929/GHSA-79wp-fmwh-x929.json b/advisories/unreviewed/2024/03/GHSA-79wp-fmwh-x929/GHSA-79wp-fmwh-x929.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-79wp-fmwh-x929",
-  "modified": "2024-03-21T12:31:56Z",
+  "modified": "2024-04-03T15:30:41Z",
   "published": "2024-03-21T12:31:56Z",
   "aliases": [
     "CVE-2024-26642"
@@ -21,6 +21,18 @@
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
     }
   ],
   "database_specific": {

diff --git a/advisories/unreviewed/2024/03/GHSA-ph5r-c8gc-xg6f/GHSA-ph5r-c8gc-xg6f.json b/advisories/unreviewed/2024/03/GHSA-ph5r-c8gc-xg6f/GHSA-ph5r-c8gc-xg6f.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ph5r-c8gc-xg6f",
-  "modified": "2024-03-21T12:31:56Z",
+  "modified": "2024-04-03T15:30:41Z",
   "published": "2024-03-21T12:31:56Z",
   "aliases": [
     "CVE-2024-26643"
@@ -18,9 +18,21 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26643"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"
     }
   ],
   "database_specific": {

diff --git a/advisories/unreviewed/2024/04/GHSA-2595-73wg-wgrp/GHSA-2595-73wg-wgrp.json b/advisories/unreviewed/2024/04/GHSA-2595-73wg-wgrp/GHSA-2595-73wg-wgrp.json
@@ -0,0 +1,51 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2595-73wg-wgrp",
+  "modified": "2024-04-03T15:30:42Z",
+  "published": "2024-04-03T15:30:42Z",
+  "aliases": [
+    "CVE-2023-52638"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: prevent deadlock by changing j1939_socks_lock to rwlock\n\nThe following 3 locks would race against each other, causing the\ndeadlock situation in the Syzbot bug report:\n\n- j1939_socks_lock\n- active_session_list_lock\n- sk_session_queue_lock\n\nA reasonable fix is to change j1939_socks_lock to an rwlock, since in\nthe rare situations where a write lock is required for the linked list\nthat j1939_socks_lock is protecting, the code does not attempt to\nacquire any more locks. This would break the circular lock dependency,\nwhere, for example, the current thread already locks j1939_socks_lock\nand attempts to acquire sk_session_queue_lock, and at the same time,\nanother thread attempts to acquire j1939_socks_lock while holding\nsk_session_queue_lock.\n\nNOTE: This patch along does not fix the unregister_netdevice bug\nreported by Syzbot; instead, it solves a deadlock situation to prepare\nfor one or more further patches to actually fix the Syzbot bug, which\nappears to be a reference counting problem within the j1939 codebase.\n\n[mkl: remove unrelated newline change]",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52638"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/03358aba991668d3bb2c65b3c82aa32c36851170"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/26dfe112ec2e95fe0099681f6aec33da13c2dd8e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/559b6322f9480bff68cfa98d108991e945a4f284"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6cdedc18ba7b9dacc36466e27e3267d201948c8d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/aedda066d717a0b4335d7e0a00b2e3a61e40afcf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-04-03T15:15:51Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/04/GHSA-25pf-crf2-9cqg/GHSA-25pf-crf2-9cqg.json b/advisories/unreviewed/2024/04/GHSA-25pf-crf2-9cqg/GHSA-25pf-crf2-9cqg.json
@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-25pf-crf2-9cqg",
+  "modified": "2024-04-03T15:30:42Z",
+  "published": "2024-04-03T15:30:42Z",
+  "aliases": [
+    "CVE-2024-26699"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr\n\n[Why]\nThere is a potential memory access violation while\niterating through array of dcn35 clks.\n\n[How]\nLimit iteration per array size.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26699"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-04-03T15:15:52Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/04/GHSA-2mrh-g8f4-xvjv/GHSA-2mrh-g8f4-xvjv.json b/advisories/unreviewed/2024/04/GHSA-2mrh-g8f4-xvjv/GHSA-2mrh-g8f4-xvjv.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2mrh-g8f4-xvjv",
+  "modified": "2024-04-03T15:30:42Z",
+  "published": "2024-04-03T15:30:42Z",
+  "aliases": [
+    "CVE-2024-26695"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked\n\nThe SEV platform device can be shutdown with a null psp_master,\ne.g., using DEBUG_TEST_DRIVER_REMOVE.  Found using KASAN:\n\n[  137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)\n[  137.162647] ccp 0000:23:00.1: no command queues available\n[  137.170598] ccp 0000:23:00.1: sev enabled\n[  137.174645] ccp 0000:23:00.1: psp enabled\n[  137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI\n[  137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]\n[  137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311\n[  137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180\n[  137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c\n[  137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216\n[  137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e\n[  137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0\n[  137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66\n[  137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28\n[  137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8\n[  137.182693] FS:  0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000\n[  137.182693] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0\n[  137.182693] Call Trace:\n[  137.182693]  <TASK>\n[  137.182693]  ? show_regs+0x6c/0x80\n[  137.182693]  ? __die_body+0x24/0x70\n[  137.182693]  ? die_addr+0x4b/0x80\n[  137.182693]  ? exc_general_protection+0x126/0x230\n[  137.182693]  ? asm_exc_general_protection+0x2b/0x30\n[  137.182693]  ? __sev_platform_shutdown_locked+0x51/0x180\n[  137.182693]  sev_firmware_shutdown.isra.0+0x1e/0x80\n[  137.182693]  sev_dev_destroy+0x49/0x100\n[  137.182693]  psp_dev_destroy+0x47/0xb0\n[  137.182693]  sp_destroy+0xbb/0x240\n[  137.182693]  sp_pci_remove+0x45/0x60\n[  137.182693]  pci_device_remove+0xaa/0x1d0\n[  137.182693]  device_remove+0xc7/0x170\n[  137.182693]  really_probe+0x374/0xbe0\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  __driver_probe_device+0x199/0x460\n[  137.182693]  driver_probe_device+0x4e/0xd0\n[  137.182693]  __driver_attach+0x191/0x3d0\n[  137.182693]  ? __pfx___driver_attach+0x10/0x10\n[  137.182693]  bus_for_each_dev+0x100/0x190\n[  137.182693]  ? __pfx_bus_for_each_dev+0x10/0x10\n[  137.182693]  ? __kasan_check_read+0x15/0x20\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  ? _raw_spin_unlock+0x27/0x50\n[  137.182693]  driver_attach+0x41/0x60\n[  137.182693]  bus_add_driver+0x2a8/0x580\n[  137.182693]  driver_register+0x141/0x480\n[  137.182693]  __pci_register_driver+0x1d6/0x2a0\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  ? esrt_sysfs_init+0x1cd/0x5d0\n[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10\n[  137.182693]  sp_pci_init+0x22/0x30\n[  137.182693]  sp_mod_init+0x14/0x30\n[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10\n[  137.182693]  do_one_initcall+0xd1/0x470\n[  137.182693]  ? __pfx_do_one_initcall+0x10/0x10\n[  137.182693]  ? parameq+0x80/0xf0\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  ? __kmalloc+0x3b0/0x4e0\n[  137.182693]  ? kernel_init_freeable+0x92d/0x1050\n[  137.182693]  ? kasan_populate_vmalloc_pte+0x171/0x190\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  kernel_init_freeable+0xa64/0x1050\n[  137.182693]  ? __pfx_kernel_init+0x10/0x10\n[  137.182693]  kernel_init+0x24/0x160\n[  137.182693]  ? __switch_to_asm+0x3e/0x70\n[  137.182693]  ret_from_fork+0x40/0x80\n[  137.182693]  ? __pfx_kernel_init+0x1\n---truncated---",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26695"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-04-03T15:15:52Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/04/GHSA-2vp9-gjfg-fmgw/GHSA-2vp9-gjfg-fmgw.json b/advisories/unreviewed/2024/04/GHSA-2vp9-gjfg-fmgw/GHSA-2vp9-gjfg-fmgw.json
@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vp9-gjfg-fmgw",
+  "modified": "2024-04-03T15:30:43Z",
+  "published": "2024-04-03T15:30:43Z",
+  "aliases": [
+    "CVE-2024-26710"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Limit KASAN thread size increase to 32KB\n\nKASAN is seen to increase stack usage, to the point that it was reported\nto lead to stack overflow on some 32-bit machines (see link).\n\nTo avoid overflows the stack size was doubled for KASAN builds in\ncommit 3e8635fb2e07 (\"powerpc/kasan: Force thread size increase with\nKASAN\").\n\nHowever with a 32KB stack size to begin with, the doubling leads to a\n64KB stack, which causes build errors:\n  arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)\n\nAlthough the asm could be reworked, in practice a 32KB stack seems\nsufficient even for KASAN builds - the additional usage seems to be in\nthe 2-3KB range for a 64-bit KASAN build.\n\nSo only increase the stack for KASAN if the stack size is < 32KB.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-04-03T15:15:53Z"
+  }
+}