Advisory Database Sync

github · Nov 9, 2024 · 2cb888b · 2cb888b
1 parent 94895d9
commit 2cb888b
Show file tree

Hide file tree

Showing 80 changed files with 3,543 additions and 0 deletions.
diff --git a/advisories/unreviewed/2024/11/GHSA-2742-r3c2-2qgj/GHSA-2742-r3c2-2qgj.json b/advisories/unreviewed/2024/11/GHSA-2742-r3c2-2qgj/GHSA-2742-r3c2-2qgj.json
@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2742-r3c2-2qgj",
+  "modified": "2024-11-09T12:30:48Z",
+  "published": "2024-11-09T12:30:48Z",
+  "aliases": [
+    "CVE-2024-50226"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Fix use-after-free, permit out-of-order decoder shutdown\n\nIn support of investigating an initialization failure report [1],\ncxl_test was updated to register mock memory-devices after the mock\nroot-port/bus device had been registered. That led to cxl_test crashing\nwith a use-after-free bug with the following signature:\n\n    cxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem0:decoder7.0 @ 0 next: cxl_switch_uport.0 nr_eps: 1 nr_targets: 1\n    cxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem4:decoder14.0 @ 1 next: cxl_switch_uport.0 nr_eps: 2 nr_targets: 1\n    cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[0] = cxl_switch_dport.0 for mem0:decoder7.0 @ 0\n1)  cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[1] = cxl_switch_dport.4 for mem4:decoder14.0 @ 1\n    [..]\n    cxld_unregister: cxl decoder14.0:\n    cxl_region_decode_reset: cxl_region region3:\n    mock_decoder_reset: cxl_port port3: decoder3.0 reset\n2)  mock_decoder_reset: cxl_port port3: decoder3.0: out of order reset, expected decoder3.1\n    cxl_endpoint_decoder_release: cxl decoder14.0:\n    [..]\n    cxld_unregister: cxl decoder7.0:\n3)  cxl_region_decode_reset: cxl_region region3:\n    Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bc3: 0000 [#1] PREEMPT SMP PTI\n    [..]\n    RIP: 0010:to_cxl_port+0x8/0x60 [cxl_core]\n    [..]\n    Call Trace:\n     <TASK>\n     cxl_region_decode_reset+0x69/0x190 [cxl_core]\n     cxl_region_detach+0xe8/0x210 [cxl_core]\n     cxl_decoder_kill_region+0x27/0x40 [cxl_core]\n     cxld_unregister+0x5d/0x60 [cxl_core]\n\nAt 1) a region has been established with 2 endpoint decoders (7.0 and\n14.0). Those endpoints share a common switch-decoder in the topology\n(3.0). At teardown, 2), decoder14.0 is the first to be removed and hits\nthe \"out of order reset case\" in the switch decoder. The effect though\nis that region3 cleanup is aborted leaving it in-tact and\nreferencing decoder14.0. At 3) the second attempt to teardown region3\ntrips over the stale decoder14.0 object which has long since been\ndeleted.\n\nThe fix here is to recognize that the CXL specification places no\nmandate on in-order shutdown of switch-decoders, the driver enforces\nin-order allocation, and hardware enforces in-order commit. So, rather\nthan fail and leave objects dangling, always remove them.\n\nIn support of making cxl_region_decode_reset() always succeed,\ncxl_region_invalidate_memregion() failures are turned into warnings.\nCrashing the kernel is ok there since system integrity is at risk if\ncaches cannot be managed around physical address mutation events like\nCXL region destruction.\n\nA new device_for_each_child_reverse_from() is added to cleanup\nport->commit_end after all dependent decoders have been disabled. In\nother words if decoders are allocated 0->1->2 and disabled 1->2->0 then\nport->commit_end only decrements from 2 after 2 has been disabled, and\nit decrements all the way to zero since 1 was disabled previously.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50226"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/101c268bd2f37e965a5468353e62d154db38838e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/78c8454fdce0eeee962be004eb6d99860c80dad1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8e1b52c15c81106456437f8e49575040e489e355"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T11:15:08Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-2fwq-2wwr-qrww/GHSA-2fwq-2wwr-qrww.json b/advisories/unreviewed/2024/11/GHSA-2fwq-2wwr-qrww/GHSA-2fwq-2wwr-qrww.json
@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fwq-2wwr-qrww",
+  "modified": "2024-11-09T12:30:49Z",
+  "published": "2024-11-09T12:30:49Z",
+  "aliases": [
+    "CVE-2024-50240"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usb: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data, but mistakenly\nalso removed the initialisation despite the data still being used in the\nruntime PM callbacks.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with this driver.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/370814e9d512ba289612c3780890b80bf2605046"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5ebde521fbb9a813b993d4436329a3ca0eeb6574"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bd9e4d4a3b127686efc60096271b0a44c3100061"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T11:15:09Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-2rm2-h7r9-p8x4/GHSA-2rm2-h7r9-p8x4.json b/advisories/unreviewed/2024/11/GHSA-2rm2-h7r9-p8x4/GHSA-2rm2-h7r9-p8x4.json
@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rm2-h7r9-p8x4",
+  "modified": "2024-11-09T12:30:46Z",
+  "published": "2024-11-09T12:30:46Z",
+  "aliases": [
+    "CVE-2024-50539"
+  ],
+  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodgix Lodgix.Com Vacation Rental Website Builder allows SQL Injection.This issue affects Lodgix.Com Vacation Rental Website Builder: from n/a through 3.9.73.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50539"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/vulnerability/lodgixcom-vacation-rental-listing-management-booking-plugin/wordpress-lodgix-com-vacation-rental-website-builder-plugin-3-9-73-sql-injection-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T10:15:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-3g8v-hxcm-qw7q/GHSA-3g8v-hxcm-qw7q.json b/advisories/unreviewed/2024/11/GHSA-3g8v-hxcm-qw7q/GHSA-3g8v-hxcm-qw7q.json
@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3g8v-hxcm-qw7q",
+  "modified": "2024-11-09T12:30:47Z",
+  "published": "2024-11-09T12:30:46Z",
+  "aliases": [
+    "CVE-2024-51763"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Team Showcase and Slider – Team Members Builder allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Builder: from n/a through 1.3.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/vulnerability/team-showcase-ultimate/wordpress-team-showcase-and-slider-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T10:15:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-462w-mhhh-chgq/GHSA-462w-mhhh-chgq.json b/advisories/unreviewed/2024/11/GHSA-462w-mhhh-chgq/GHSA-462w-mhhh-chgq.json
@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-462w-mhhh-chgq",
+  "modified": "2024-11-09T12:30:50Z",
+  "published": "2024-11-09T12:30:50Z",
+  "aliases": [
+    "CVE-2024-51718"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Dehnel Simple Modal allows Reflected XSS.This issue affects Simple Modal: from n/a through 0.3.3.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/vulnerability/simplemodal/wordpress-simple-modal-plugin-0-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T12:15:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-4qfr-cjvm-qrcj/GHSA-4qfr-cjvm-qrcj.json b/advisories/unreviewed/2024/11/GHSA-4qfr-cjvm-qrcj/GHSA-4qfr-cjvm-qrcj.json
@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4qfr-cjvm-qrcj",
+  "modified": "2024-11-09T12:30:49Z",
+  "published": "2024-11-09T12:30:49Z",
+  "aliases": [
+    "CVE-2024-50258"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk->sk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n    tso_segs = tcp_init_tso_segs(skb, mss_now);\n        tcp_set_skb_tso_segs\n            tcp_skb_pcount_set\n                // skb->len = 524288, mss_now = 8\n                // u16 tso_segs = 524288/8 = 65535 -> 0\n                tso_segs = DIV_ROUND_UP(skb->len, mss_now)\n    BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50258"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ac5977001eee7660c643f8e07a2de9001990b7b8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T11:15:11Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-54ff-cq25-mx5m/GHSA-54ff-cq25-mx5m.json b/advisories/unreviewed/2024/11/GHSA-54ff-cq25-mx5m/GHSA-54ff-cq25-mx5m.json
@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-54ff-cq25-mx5m",
+  "modified": "2024-11-09T12:30:47Z",
+  "published": "2024-11-09T12:30:47Z",
+  "aliases": [
+    "CVE-2024-51778"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Starfish Reviews Satisfaction Reports from Help Scout allows Reflected XSS.This issue affects Satisfaction Reports from Help Scout: from n/a through 2.0.3.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51778"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/vulnerability/happiness-reports-for-help-scout/wordpress-satisfaction-reports-from-help-scout-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T10:15:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-5684-4xfg-mxj4/GHSA-5684-4xfg-mxj4.json b/advisories/unreviewed/2024/11/GHSA-5684-4xfg-mxj4/GHSA-5684-4xfg-mxj4.json
@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5684-4xfg-mxj4",
+  "modified": "2024-11-09T12:30:47Z",
+  "published": "2024-11-09T12:30:47Z",
+  "aliases": [
+    "CVE-2024-50217"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()\n\nMounting btrfs from two images (which have the same one fsid and two\ndifferent dev_uuids) in certain executing order may trigger an UAF for\nvariable 'device->bdev_file' in __btrfs_free_extra_devids(). And\nfollowing are the details:\n\n1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs\n   devices by ioctl(BTRFS_IOC_SCAN_DEV):\n\n             /  btrfs_device_1 → loop0\n   fs_device\n             \\  btrfs_device_2 → loop1\n2. mount /dev/loop0 /mnt\n   btrfs_open_devices\n    btrfs_device_1->bdev_file = btrfs_get_bdev_and_sb(loop0)\n    btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1)\n   btrfs_fill_super\n    open_ctree\n     fail: btrfs_close_devices // -ENOMEM\n\t    btrfs_close_bdev(btrfs_device_1)\n             fput(btrfs_device_1->bdev_file)\n\t      // btrfs_device_1->bdev_file is freed\n\t    btrfs_close_bdev(btrfs_device_2)\n             fput(btrfs_device_2->bdev_file)\n\n3. mount /dev/loop1 /mnt\n   btrfs_open_devices\n    btrfs_get_bdev_and_sb(&bdev_file)\n     // EIO, btrfs_device_1->bdev_file is not assigned,\n     // which points to a freed memory area\n    btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1)\n   btrfs_fill_super\n    open_ctree\n     btrfs_free_extra_devids\n      if (btrfs_device_1->bdev_file)\n       fput(btrfs_device_1->bdev_file) // UAF !\n\nFix it by setting 'device->bdev_file' as 'NULL' after closing the\nbtrfs_device in btrfs_close_one_device().",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50217"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/47a83f8df39545f3f552bb6a1b6d9c30e37621dd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/aec8e6bf839101784f3ef037dcdb9432c3f32343"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T11:15:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-56rv-pwm3-v8q5/GHSA-56rv-pwm3-v8q5.json b/advisories/unreviewed/2024/11/GHSA-56rv-pwm3-v8q5/GHSA-56rv-pwm3-v8q5.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56rv-pwm3-v8q5",
+  "modified": "2024-11-09T12:30:49Z",
+  "published": "2024-11-09T12:30:49Z",
+  "aliases": [
+    "CVE-2024-50233"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50233"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/2f39548f45693d86e950647012a214da6917dc9f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/442f786c5bff8cfd756ebdeaa4aadbf05c22aa5a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6bd301819f8f69331a55ae2336c8b111fc933f3d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/adfbc08b94e7df08b9ed5fa26b969cc1b54c84ec"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ccbc10647aafe2b7506edb4b10e19c6c2416c162"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/dd9e1cf619c945f320e686dcaf13e37ef0b05fdd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/fcd6b59f7a774558e2525251c68aa37aff748e55"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-09T11:15:09Z"
+  }
+}