forked from CVEProject/cvelist
-
Notifications
You must be signed in to change notification settings - Fork 6
/
output.json
233 lines (233 loc) · 522 KB
/
output.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
{"id":"ff11979e-55c2-4150-8041-1107af0068ea","summary":["The rxrpc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the call ref was not released before returning an error. This vulnerability exists in all versions of the Linux Kernel from v4.11 until commit c48fc11b69e95007109206311b0187a3090591f3 (v4.19.82, v5.4, v5.3.9, v4.14.152)."],"details":["The patch commit for this vulnerability fixes a use-after-free bug in the rxrpc subsystem. A use-after-free bug occurs when a program frees memory that is still being used, which can lead to data corruption or code execution. In this case, the bug occurs when the rxrpc sendmsg() function returns an error without releasing a reference to the call object. This can lead to a use-after-free vulnerability, which could be exploited by an attacker to execute arbitrary code.\n\nVulnerabilities of this type are often exploited by attackers to gain control of a system. In the worst case, an attacker could use this vulnerability to execute arbitrary code on the system with kernel privileges. In the most likely case, an attacker could use this vulnerability to crash the system or steal sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e695c1058fb26925%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d850c266e3df14da1d31"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c48fc11b69e95007109206311b0187a3090591f3"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"37411cad633f5e41f8a13007654909d21b19363a"},{"limit":"c48fc11b69e95007109206311b0187a3090591f3"},{"limit":"570ab0dd35f95a2260d509c4108debd224fdfdf5"},{"limit":"e4cefc83207f1ac93367bcc13b6c7e3a2774a946"},{"limit":"43159c9ec156e7363ba24528fced7a9d7b2f3134"}]}]}]}
{"id":"fecf8dd9-47bc-44da-883e-596e6b981609","summary":["The rxrpc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the usage count was read after the local endpoint was freed. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit 06d9532fa6b34f12a6d75711162d47c17c1add72 (v4.19.69, v5.2.11, v5.3)."],"details":["The patch commit for this vulnerability fixes a read-after-free vulnerability in the rxrpc_queue_local() function. A read-after-free vulnerability occurs when a program reads data from a memory location that has been freed. This can allow an attacker to access sensitive information or execute arbitrary code.\n\nVulnerabilities of this type are exploited by first allocating a memory buffer and then freeing it. The attacker then uses a buffer overflow to overwrite the freed memory with code that will be executed when the program attempts to read from the memory location.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007593f4058fea60d8%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06d9532fa6b34f12a6d75711162d47c17c1add72"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=78e71c5bab4f76a6a719"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"09d2bf595db4b4075ea721acd61e180d6bb18f88"},{"limit":"06d9532fa6b34f12a6d75711162d47c17c1add72"},{"limit":"a05354cbb82248469f907712587992c52fd1c254"},{"limit":"d2783ccec7e0310343238371e5ab82c73e14aa67"}]}]}]}
{"id":"fd88f4e8-3f86-40dd-b35e-95b984ada30b","summary":["The ALSA subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the validator overlooked too short descriptors for processing and extension units. This vulnerability exists in all versions of the Linux Kernel from v5.4 until commit ba8bf0967a154796be15c4983603aad0b05c3138 (v5.3.11, v4.19.84)."],"details":["The patch commit for this vulnerability fixes a copy and paste error in the USB-audio descriptor validator. This error could lead to an unexpected overlook of too short descriptors for processing and extension units, which could be exploited by an attacker to gain unauthorized access to the system.\n\nVulnerabilities of type buffer overflow are exploited by providing an input that is larger than the expected size of the buffer. This can cause the buffer to overflow and overwrite adjacent memory, which can then be used to execute arbitrary code or gain unauthorized access to the system.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain unauthorized access to the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000df5189059580f8e9%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba8bf0967a154796be15c4983603aad0b05c3138"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0620f79a1978b1133fd7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"57f8770620e9b51c61089751f0b5ad3dbe376ff2"},{"limit":"ba8bf0967a154796be15c4983603aad0b05c3138"},{"limit":"d2f49f58b40e1680650bc36f9b5d3de626f57b09"},{"limit":"4ebee4875eab0dd55d68ee61beaed55561377e01"}]}]}]}
{"id":"f9ef3909-c3d6-4c57-891a-e33d7b1ac7a9","summary":["The bpf subsystem of the Linux kernel has a slab out of bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the JIT code generation for x64 was not properly handled. This vulnerability exists in all versions of the Linux Kernel from v3.0 until commit 7c2e988f400e83501e0a3568250780609b7c8263 (v5.3)."],"details":["The patch commit for this vulnerability fixes an issue in the Linux kernel's x86-64 Just In Time (JIT) compiler for the Berkeley Packet Filter (BPF). The JIT compiler maintains an array of offsets to the end of all instructions in order to compute jump offsets. However, the JIT compiler did not keep the offset of the beginning of the first instruction, since classic BPF did not have backward jumps and valid extended BPF could not have a branch to the first instruction, because it did not allow loops. With bounded loops, it is possible to construct a valid program that jumps backwards to the first instruction. This patch fixes the JIT compiler by computing the offset of the beginning of the first instruction as the offset of the end of the prologue.\n\nVulnerabilities of this type are exploited by constructing a malicious program that jumps backwards to the first instruction. This can be used to execute arbitrary code with kernel privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code with kernel privileges, which could lead to a complete compromise of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=35101610ff3e83119b1b"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000819a8c058e6769e7%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c2e988f400e83501e0a3568250780609b7c8263"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0a14842f5a3c0e88a1e59fac5c3025db39721f74"},{"limit":"7c2e988f400e83501e0a3568250780609b7c8263"}]}]}]}
{"id":"f99494be-81d2-4f06-b9c3-5e2ed256e281","summary":["The slip subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the slip_open function failed to clean up the device which registration failed from the slip_devs device list. This vulnerability exists in all versions of the Linux Kernel from v5.4 until commit e58c1912418980f57ba2060017583067f5f71e52 (v4.9.206, v5.5, v4.19.88, v5.3.15, v4.14.158, v5.4.2, v3.16.85, v4.4.206)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's slip device driver. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the system. This packet will cause the kernel to free memory that is still being used by the driver. The attacker can then send another packet that will cause the driver to access this freed memory, which will result in arbitrary code execution.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on the system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=4d5170758f3762109542"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000078348e0597fd08f4%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e58c1912418980f57ba2060017583067f5f71e52"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3b5a39979dafea9d0cd69c7ae06088f7a84cdafa"},{"limit":"e58c1912418980f57ba2060017583067f5f71e52"},{"limit":"31359cfe886f429c0ca6df6a70370ecd29fcf96e"},{"limit":"ee58887f5002721023e56100393c4aacb00d3b23"},{"limit":"0c6e6ceae72c9bdb8834352190c6cafcd0b3c21d"},{"limit":"ad9a71ff33d60a660b44cffa7272d7df89c5db8a"},{"limit":"f5bcc687e3d699bc4949bf37ef5f77fa50269f8c"},{"limit":"8d448b5dd1e2cf623f8c502159fb673f6120d876"},{"limit":"97d92f0763e632d06786e4cd76b76eb8b995acbd"},{"limit":"e143aa385d0d7bd954fe97d4719f8dce933e67f8"}]}]}]}
{"id":"f8f391ac-834b-4b72-bcf5-c71b87a2f1f9","summary":["The block subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when other threads concurrently deleted the partition before the current thread got to it. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit 08fc1ab6d748ab1a690fd483f41e2938984ce353 (v5.8.8, v5.9)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the Linux kernel's block device layer. A use after free vulnerability occurs when a piece of memory that has been freed is still accessed by the program. This can lead to a variety of security issues, including data corruption and privilege escalation.\n\nVulnerabilities of this type are often exploited by attackers by sending specially crafted packets to a vulnerable system. These packets can cause the system to free memory that is still in use, which can then be accessed by the attacker.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000520ffc05ae2f4fee%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6448f3c229bc52b82f69"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=08fc1ab6d748ab1a690fd483f41e2938984ce353"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"cddae808aeb77e5c29d22a8e0dfbdaed413f9e04"},{"limit":"08fc1ab6d748ab1a690fd483f41e2938984ce353"},{"limit":"692d0626557451c4b557397f20b7394b612d0289"}]}]}]}
{"id":"f70037e0-5a9d-45a3-ab50-578bc7b039fd","summary":["The hsr subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the hsr slave interface name is changed. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit 04b69426d846cd04ca9acefff1ea39e1c64d2714 (v5.4.13)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the hsr_debugfs_rename() function. This function is responsible for renaming the debugfs directory for an hsr interface. When an hsr slave interface is renamed, the hsr_debugfs_rename() function is not supposed to be called because hsr slave interfaces do not have debugfs directories. However, the fix commit changes the code so that the hsr_debugfs_rename() function is no longer called when an hsr slave interface is renamed.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This packet can cause the kernel to read data from an invalid memory location, which can lead to a denial of service or even arbitrary code execution.\n\nThe security impact of this vulnerability could be a denial of service or even arbitrary code execution. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b63799059aba5164%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9328206518f08318a5fd"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b69426d846cd04ca9acefff1ea39e1c64d2714"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"4c2d5e33dcd3a6333a7895be3b542ff3d373177c"},{"limit":"04b69426d846cd04ca9acefff1ea39e1c64d2714"},{"limit":"70ac97390522c4169c3c29e246c73e7e95b40a0d"},{"limit":"8aaefcaa5ee0900524a69983a014e57d57c4326c"}]}]}]}
{"id":"f60ec93a-1f8a-4510-b39c-8efabd331911","summary":["The xfrm subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the policy hash table is rehashed. This vulnerability exists in all versions of the Linux Kernel from v2.6.28 until commit 862591bf4f519d1b8d859af720fafeaebdd0162a (v4.9.84, v4.15, v4.14.22, v4.4.139)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds read vulnerability in the Linux kernel's xfrm subsystem. This vulnerability could be exploited by a local attacker to gain root privileges.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the kernel to attempt to read data from an invalid memory location, resulting in a system crash or other unexpected behavior.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a vulnerable system, which would allow them to execute arbitrary code with the privileges of the kernel.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=862591bf4f519d1b8d859af720fafeaebdd0162a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c028095236fcb6f4348811565b75084c754dc729"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/089e0825eec8a9d078055d6a6961%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"12a169e7d8f4b1c95252d8b04ed0f1033ed7cfe2"},{"limit":"862591bf4f519d1b8d859af720fafeaebdd0162a"},{"limit":"5d89917c5a0fbe2f5fe04bb15c6bcd0b1ebf4d24"},{"limit":"10f64c9dfb1cf1f3a1fa4dfca3f0aa4858dec6d4"},{"limit":"8e754b4ec589f14ef6efa454ee872580ba1802fa"}]}]}]}
{"id":"f49703c8-0914-4e92-85b0-626ba8e10185","summary":["The bpf/devmap subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the devmap_flush_old function was called. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit 2baae3545327632167c0180e9ca1d467416f1919 (v5.1.6, v4.19.47, v4.14.123, v5.2, v5.0.20)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's bpf devmap subsystem. This vulnerability could allow an attacker to execute arbitrary code on the kernel by exploiting a race condition between the devmap_flush_old() and __dev_map_entry_free() functions.\n\nVulnerabilities of this type are exploited by first allocating a memory object using the devmap_alloc() function. The attacker then uses the devmap_flush_old() function to free the memory object, but does not wait for the __dev_map_entry_free() callback to complete. This can cause the __dev_map_entry_free() function to access freed memory, which can lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the kernel. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2baae3545327632167c0180e9ca1d467416f1919"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009cd09a056f1451d1%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=457d3e2ffbcf31aee5c0"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"546ac1ffb70d25b56c1126940e5ec639c4dd7413"},{"limit":"2baae3545327632167c0180e9ca1d467416f1919"},{"limit":"003e2d74c554648c38853971c893953224ad72b8"},{"limit":"45d7cd7cd0d8f994680aaaa7a3c8ab065d0e295d"},{"limit":"ddfe0bfd0681628c997b4380d2eed7f6f0ec7ef0"},{"limit":"888103f9ac9067921bc4c0249c7f93b848c66616"}]}]}]}
{"id":"f2d93819-0317-4711-94e3-4dd92255f4a9","summary":["The sctp subsystem of the Linux kernel has an invalid free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the stream ext was not set to NULL after freeing in sctp_stream_outq_migrate. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit af98c5a78517c04adb5fd68bb64b1ad6fe3d473f (v4.19.26, v5.0, v4.20.13)."],"details":["The patch commit for this vulnerability fixes an invalid free issue in the SCTP stream scheduler. The fix ensures that stream extensions are set to NULL after being freed, which prevents them from being freed again later and causing a double-free.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. The packet triggers the invalid free, which can then be used to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of the target system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=58e480e7b28f2d890bfd"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f4f3ad0581140b3f%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=af98c5a78517c04adb5fd68bb64b1ad6fe3d473f"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51"},{"limit":"af98c5a78517c04adb5fd68bb64b1ad6fe3d473f"},{"limit":"5716864df7c4b0eba223d4fc3278f7e7ce6f1525"},{"limit":"b050bf7ac6037bb0c908b490ffd7a9e024758637"}]}]}]}
{"id":"f2186eef-bd7a-4618-9dce-4b91f230c026","summary":["The l2tp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tunnel was not properly registered before being freed. This vulnerability exists in all versions of the Linux Kernel from v2.6.35 until commit 6b9f34239b00e6956a267abed2bc559ede556ad6 (v4.16.3, v4.15.18, v3.16.60, v4.17)."],"details":["The patch commit for this vulnerability fixes a race condition in the Linux kernel's L2TP implementation. This race condition could allow an attacker to crash the kernel or execute arbitrary code.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. The attacker can then exploit the race condition to gain access to kernel memory or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on the target system or to execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=fbeeb5c3b538e8545644"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b9f34239b00e6956a267abed2bc559ede556ad6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c0b8e0861a1e4056838f799%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"fd558d186df2c13a22455373858bae634a4795af"},{"limit":"6b9f34239b00e6956a267abed2bc559ede556ad6"},{"limit":"4f9aa3f83f7ac517daac34b2e2415cd5f5a0f62a"},{"limit":"186fab54f609903110a93bfe742f513b8d7d8221"},{"limit":"b05006c067d82932535aacc6ec2cdd1e556ec4e2"}]}]}]}
{"id":"f17f9fde-fa43-4eee-8fc7-87a3cb8f66fb","summary":[" This vulnerability exists in all versions of the Linux Kernel from v4.2 until commit 72e560cb8c6f80fc2b4afc5d3634a32465e13a51 (v6.1)."],"details":["\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=a521c1469d816b1718cfb09a540e843d37480e90"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=738e37fee508c33dd12a3693bc1790085ac07a50"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=72e560cb8c6f80fc2b4afc5d3634a32465e13a51"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2b0a8c9eee81882fc0001ccf6d9af62cdc682f9e"},{"limit":"72e560cb8c6f80fc2b4afc5d3634a32465e13a51"},{"limit":"78be2ee0112409ae4e9ee9e326151e0559b3d239"},{"limit":"9e481d87349d2282f400ee1d010a169c99f766b8"},{"limit":"1b639be27cbf428a5ca01dcf8b5d654194c956f8"},{"limit":"b49026d9c86f35a4c5bfb8d7345c9c4379828c6b"},{"limit":"35309be06b6feded2ab2cafbc2bca8534c2fa41e"},{"limit":"4026033907cc6186d86b48daa4a252c860db2536"},{"limit":"0b19171439016a8e4c97eafe543670ac86e2b8fe"}]}]}]}
{"id":"f0533c05-59df-4f3e-a2c0-8f1dbecd7585","summary":["The io_uring/io-wq subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the worker was not freed when canceling task_work creation for a new worker. This vulnerability exists in all versions of the Linux Kernel from v6.2 until commit e6db6f9398dadcbc06318a133d4c44a2d3844e61 (v6.1.7, v5.10.164, v5.15.89)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the Linux kernel's io_uring subsystem. A use-after-free vulnerability occurs when a program frees memory that is still being used, which can allow an attacker to execute arbitrary code.\n\nVulnerabilities of this type are often exploited by attackers to gain control of a system. In this case, an attacker could use the vulnerability to execute arbitrary code on the kernel, which could lead to a denial of service or other serious consequences.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of a system and execute arbitrary code. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6db6f9398dadcbc06318a133d4c44a2d3844e61"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000da806205f1a5b139%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d56ec896af3637bdb7e4"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"af82425c6a2d2f347c79b63ce74fca6dc6be157f"},{"limit":"e6db6f9398dadcbc06318a133d4c44a2d3844e61"},{"limit":"ba86db02d408ae362ee5f1cde52ffafb37b41ce5"},{"limit":"e62e6258ab140b55bbef1f0d288263b75e2f0c20"},{"limit":"a88a0d16e18f18d7221f0c5a1fdf487f5f9079e3"}]}]}]}
{"id":"efd13d7b-8888-49a0-a708-07852fbde80d","summary":["The squashfs subsystem of the Linux kernel has an out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the length field read from the filesystem was corrupted. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit e812cbbbbbb15adbbbee176baa1e8bda53059bf0 (v5.11, v5.10.16)."],"details":["The patch commit for this vulnerability fixes a regression introduced by the patch \"migrate from ll_rw_block usage to BIO\". This regression has produced a number of Sysbot/Syzkaller reports.\n\nThe patch fixes a potential out of bounds write vulnerability in the squashfs decompressor. This vulnerability could be exploited by an attacker to corrupt kernel memory and potentially gain control of the kernel.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6fba78f99b9afd4b5634"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e812cbbbbbb15adbbbee176baa1e8bda53059bf0"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000a196b05b8c5b94a%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"93e72b3c612adcaca13d874fcc86c53e6c8da541"},{"limit":"e812cbbbbbb15adbbbee176baa1e8bda53059bf0"},{"limit":"ff3a75bda722b4a488ae095939e610bd315b371f"}]}]}]}
{"id":"ef0e19a5-173a-4e64-afa0-c39700a42f69","summary":["The ucounts subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ucounts reference counter was not properly incremented before the security hook. This vulnerability exists in all versions of the Linux Kernel from v5.14 until commit bbb6d0f3e1feb43d663af089c7dedb23be6a04fb (v5.10.62, v5.13.14)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the ucounts subsystem. This vulnerability could be exploited by an attacker to gain elevated privileges on the system.\n\nVulnerabilities of this type are exploited by first allocating a large amount of memory. The attacker then uses a fault injection technique to cause the kernel to free this memory prematurely. This can be done by sending a specially crafted packet to the network interface or by using a malicious application. Once the memory has been freed, the attacker can then use it to overwrite other parts of the kernel memory, including the kernel stack. This can allow the attacker to execute arbitrary code on the system with kernel privileges.\n\nThe security impact of this vulnerability could be very high. An attacker could use it to gain control of the entire system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=01985d7909f9468f013c"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bbb6d0f3e1feb43d663af089c7dedb23be6a04fb"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f2d84305c74bb986%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=345daff2e994ee844d6a609c37f085695fbb4c4d"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"905ae01c4ae2ae3df05bb141801b1db4b7d83c61"},{"limit":"bbb6d0f3e1feb43d663af089c7dedb23be6a04fb"},{"limit":"6faa3f1424f1a0715a0f5640158a2109acb56781"},{"limit":"0c1443874e1cb359b377a0e383c0dcce81aefa12"},{"limit":"b493af3a66e067f93e5e03465507866ddeabff9e"}]}]}]}
{"id":"eeb1fd4b-8015-48f3-b3bb-3f75bc3a2222","summary":["The net/packet subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the skb was not properly dequeued from the receive queue. This vulnerability exists in all versions of the Linux Kernel from v4.6 until commit 945d015ee0c3095d2290e845565a23dedfd8027c (v4.18)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's packet subsystem. This vulnerability occurs when a packet is freed before it has been fully processed, which can allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to the target system. The packet will contain malicious code that is executed when the packet is processed by the kernel.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=380acd1f7d59c28809f18bb577d645aab34d23b0"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945d015ee0c3095d2290e845565a23dedfd8027c"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"58d19b19cd99b438541eea4cdbf5c171900b25e5"},{"limit":"945d015ee0c3095d2290e845565a23dedfd8027c"},{"limit":"5e6b4b9b28b72acd98729ad098e720a0606de2fd"},{"limit":"9dc96f7205d4bc8c99187c29dcdca5d31d6e7383"},{"limit":"ca0b5e05c2e58d41b3c69790c64a99521ba70391"}]}]}]}
{"id":"ee6a872f-0fdd-401f-9088-227954b7b90e","summary":["The net_sched subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the em->datalen value was overwritten by em_nbyte_change() and then overwritten again by tcf_em_validate(). This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit 61678d28d4a45ef376f5d02a839cc37509ae9281 (v4.9.212, v4.4.212, v4.19.100, v5.4.16, v5.5, v3.16.83, v4.14.169)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds access in the em_nbyte function. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by providing crafted input that causes the program to access memory outside of its allocated space. This can be done by sending a specially crafted packet to the network interface.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system, which could lead to a complete compromise of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006370ef059cabac14%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61678d28d4a45ef376f5d02a839cc37509ae9281"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=2f07903a5b05e7f36410"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000078224f059cb50887%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5af9a90dad568aa9f611"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"61678d28d4a45ef376f5d02a839cc37509ae9281"},{"limit":"8242918c8417c9f974c4a87d063b46d0145279eb"},{"limit":"b6a9a954b3fea24386b46be1bf9f5b0ba32470db"},{"limit":"66ac8ee96faa582a252ae19510f35529c9143670"},{"limit":"9bfa1646d70b01eea470bbd15dca3e3c0e29aff1"},{"limit":"627996d4ca0c16be2c5ff83803979a613aadefda"},{"limit":"a1029289cc4176debaf557872e907f5a18843d17"},{"limit":"24ac271a627ff257265bcd061b33b513260018af"}]}]}]}
{"id":"e9887c34-1bcb-4426-82f9-c71ec78d8f1f","summary":["The kcm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the lower socket was not locked in kcm_attach. This vulnerability exists in all versions of the Linux Kernel from v4.6 until commit 2cc683e88c0c993ac3721d9b702cb0630abe2879 (v4.9.92, v4.16, v4.15.15, v4.14.32)."],"details":["The patch commit for this vulnerability fixes a race condition in the kcm_attach function of the Kernel Connection Multiplexor module. This vulnerability could allow an attacker to cause a denial of service or potentially execute arbitrary code on the system.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access a shared resource at the same time. This can cause the system to become unstable or crash, or it can allow an attacker to gain access to sensitive data or execute arbitrary code.\n\nThe security impact of this vulnerability could be a denial of service or potentially arbitrary code execution. The most likely case is that the system would become unstable or crash. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2cc683e88c0c993ac3721d9b702cb0630abe2879"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=ea75c0ffcd353d32515f064aaebefc5279e6161e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/089e0825d42484310b055c75c3f6%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ab7ac4eb9832e32a09f4e8042705484d2fb0aad3"},{"limit":"2cc683e88c0c993ac3721d9b702cb0630abe2879"},{"limit":"515bc34124f3aaf7ea2508fa2707906623eba748"},{"limit":"b6b64dea97e02f9d9975c8ea2196ee06cfe6934c"},{"limit":"406996f36e01b5da0685e8e205302448b29feba3"}]}]}]}
{"id":"e8fda5b4-9286-4c68-956f-8aff5f2f8a05","summary":["The ax88172a subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when ax88172a_unbind() failed to return a negative value. This vulnerability exists in all versions of the Linux Kernel from v5.4 until commit c28d9a285668c799eeae2f7f93e929a6028a4d6d (v4.19.135, v5.7.11, v4.4.232, v5.8, v4.9.232, v4.14.190, v5.4.54)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the ax88172a driver.\nVulnerabilities of type use-after-free are exploited by first causing a function to free memory that is still in use, then calling another function that accesses that memory. This can lead to arbitrary code execution or other serious security issues.\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000bc5697059882957f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=4cd84f527bf4a10fc9c1"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c28d9a285668c799eeae2f7f93e929a6028a4d6d"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"a9a51bd727d141a67b589f375fe69d0e54c4fe22"},{"limit":"c28d9a285668c799eeae2f7f93e929a6028a4d6d"},{"limit":"26bcc076586db1d0d52933916d690145f580c344"},{"limit":"97ae6f4703a781d62e3d8016da9cdfb4261b803a"},{"limit":"d0d394c71604053ee6e1bf8f73432e543ae8b247"},{"limit":"041aff4ad9470c328b50c5be10e49270913d5041"},{"limit":"73fc41e93bcc8e97b5486afd950342b0e4bad9bc"},{"limit":"a87881486ec446dff8e32c338ff18becea3edc62"},{"limit":"e08e2a927a8629adde071f34a103be6f8006c12d"},{"limit":"e44f7bc1cfec80a701627e07ccc59075ddbf2b35"}]}]}]}
{"id":"e7af0600-4faf-4d78-bec2-4bb7689f4855","summary":["The USB/ldusb subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver failed to check if the custom ring buffer was still empty when waking up after having waited for more data. This vulnerability exists in all versions of the Linux Kernel from v2.6.13 until commit 7a6f22d7479b7a0b68eadd308a997dd64dda7dae (v5.4, v4.19.81, v4.4.198, v3.16.80, v5.3.8, v4.14.151, v4.9.198)."],"details":["The patch commit for this vulnerability fixes a bug in the ldusb driver that could be used to trigger slab info leaks.\n\nSlab info leaks occur when a driver allocates memory from the kernel's slab allocator but does not properly free it when it is no longer needed. This can lead to a memory exhaustion attack, where an attacker can exhaust the kernel's memory and cause a denial of service.\n\nThe ldusb driver is a kernel driver for the ldusb USB device. The bug in the driver occurs in the read() function, which is used to read data from the device. The driver fails to check if the custom ring buffer is still empty when waking up after having waited for more data. This could lead to a slab info leak if no data had been added to the ring buffer since the driver last woke up.\n\nThe security impact of this vulnerability could be a denial of service attack. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6fe95b826644f7f12b0b"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a6f22d7479b7a0b68eadd308a997dd64dda7dae"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000070102d059511537d%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2824bd250f0be1551747cc3ed5ae07facc285b57"},{"limit":"7a6f22d7479b7a0b68eadd308a997dd64dda7dae"},{"limit":"e509538bb9cc53f6f7f0adaa3210ec96189f4791"},{"limit":"44d3e9852350e7797096097f47fd3972b94fb657"},{"limit":"1339e279a497881f10055bff7e286d5dd4fe77de"},{"limit":"e57630148a7f62c47513d9c245f0306d46c43124"},{"limit":"9f7e157464cd69fba9b00057770555dae25d7449"},{"limit":"312ab599be611fbd8995fbf0f9746e9b0bb686de"}]}]}]}
{"id":"e70b1f8a-57bb-45a0-85a8-39992ff19d6b","summary":["The net/ipv4/ip_gre.c subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the erspan header is built for either v1 or v2. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit b423d13c08a656c719fa56324a8f4279c835d90c (v4.14.123, v4.16)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's erspan implementation. Erspan is a protocol used to encapsulate packets over IPsec tunnels. The vulnerability occurs when building the erspan header for either v1 or v2, and it causes the eth_hdr() function to point to the wrong inner packet's eth_hdr, which can lead to a use-after-free and slab-out-of-bounds read.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a vulnerable system. This can be done by an attacker on the local network or by an attacker who has gained access to the network. Once the packet is received, the vulnerability can be exploited to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1141ea6c12c0db056362d9b0%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1143d62c48a1f605636c110c%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f0ddeb2b032a8e1d9098"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b423d13c08a656c719fa56324a8f4279c835d90c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f14b3703cd8d7670203f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=eefa384efad8d7997f20"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a11449aa2185dd1056362d94f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9723f2d288e49b492cf0"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113e9f281d2cc3056362d99a%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"84e54fe0a5eaed696dee4019c396f8396f5a908b"},{"limit":"b423d13c08a656c719fa56324a8f4279c835d90c"},{"limit":"1d629bf9b5767cdbe902f32b058ae8c99df72516"}]}]}]}
{"id":"e6565181-b409-4616-9fa4-dac5fe6cdf76","summary":["The netfilter/nf_tables subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the module list is zapped and the request_module() calls happen when object lists are in consistent state. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit eb014de4fd418de1a277913cba244e47274fe392 (v5.4.16)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow vulnerability in the netfilter subsystem of the Linux kernel. The vulnerability occurs when a netfilter netlink command attempts to load a module that does not exist. In this case, the netfilter subsystem attempts to allocate a new module request object, but the size of the object is not properly checked. This can lead to an integer overflow, which could be exploited by an attacker to execute arbitrary code.\n\nVulnerabilities of this type are exploited by sending a specially crafted netlink message to the netfilter subsystem. This message can cause the netfilter subsystem to allocate a new module request object that is larger than the maximum allowed size. This can then be used to overflow the stack and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to execute arbitrary code on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=29125d208b3dae9a7019"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000367175059c90b6bf%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb014de4fd418de1a277913cba244e47274fe392"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ec7470b834fe7b5d7eff11b6677f5d7fdf5e9a91"},{"limit":"eb014de4fd418de1a277913cba244e47274fe392"},{"limit":"a376b4daa9511a185064cf5847bb3cb8a24b7b4a"},{"limit":"ce75dd3abbc8f1be531ac5de559d59df9098020c"}]}]}]}
{"id":"e4f3dad4-cca5-4454-a406-7f31790d4e27","summary":["The mm/mempolicy.c subsystem of the Linux kernel has an out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the '=' character is not replaced with a NUL terminator. This vulnerability exists in all versions of the Linux Kernel from v2.6.26 until commit c7a91bc7c2e17e0a9c8b9745a2cb118891218fd1 (v5.4.18, v5.5.2, v4.9.213, v4.14.170, v4.4.213, v5.6, v4.19.102, v3.16.84)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds write in the mpol_parse_str() function. This function is responsible for parsing memory policy strings. The vulnerability occurs when the function attempts to replace the '=' character with a NUL terminator. If the '=' character is not found, the function will write past the end of the buffer, resulting in an out-of-bounds write.\n\nVulnerabilities of this type are exploited by providing a specially crafted memory policy string that causes the function to write to an invalid memory location. This can lead to a variety of security issues, including privilege escalation and data corruption.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to corrupt system data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006a8b8f059c24672a%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c7a91bc7c2e17e0a9c8b9745a2cb118891218fd1"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e64a13c5369a194d67df"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"095f1fc4ebf36c64fddf9b6db29b1ab5517378e6"},{"limit":"c7a91bc7c2e17e0a9c8b9745a2cb118891218fd1"},{"limit":"732ecd4aad51d336b49b9be431219d173ac826c8"},{"limit":"364474e723933e18639e602a5dec84483b09ab2c"},{"limit":"bc92426ff68b4dfab30920739f8b80a1614fa762"},{"limit":"9bcdb8ba5a3d8634bdbf917b3c7e24d045ad8f5f"},{"limit":"4f0737c4b732f9b63c3b838646990e8f937d3dc4"},{"limit":"f2bf9a6f8c0bb5448bcb67d4653b55faf2962128"},{"limit":"ee0ea94e91498b2c1f57749280d57752326f5928"},{"limit":"569ae81e2ed8eab6c3b99d7364ef129f8c21f193"},{"limit":"c07a3675620503a531070acd55ff42b428ad8cd0"}]}]}]}
{"id":"e44c9358-48ff-468c-9bc1-cdb010a58fd7","summary":["The usblp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver data was not held for the lifetime of the struct usb_interface. This vulnerability exists in all versions of the Linux Kernel from v5.4 until commit 7a759197974894213621aa65f0571b51904733d6 (v4.19.81, v4.4.198, v3.16.80, v5.3.8, v4.14.151, v4.9.198)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the USB printer driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory. This vulnerability could be exploited by an attacker to gain root privileges on a vulnerable system.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory for a buffer. The attacker then writes data to the buffer and frees it. The attacker then uses a pointer to the freed buffer to access or modify data that was previously written to the buffer.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain root privileges on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a759197974894213621aa65f0571b51904733d6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cd24df4d075c319ebfc5"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f6ca4c0594f4f3d4%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"9a31535859bfd8d1c3ed391f5e9247cd87bb7909"},{"limit":"7a759197974894213621aa65f0571b51904733d6"},{"limit":"05e3ff801c1b0ed86721661dd87c7171a29d5376"},{"limit":"b98c86abf7eaf87ff3207c90856e11fe7d97b717"},{"limit":"99c6e67ef3343f4035af06264956c57477e8ee14"},{"limit":"e5e48d279fce3d6536b0f70c786f7e98d8f84e1c"},{"limit":"3e4cf06e1938a358b05048726a341b98852eadb1"},{"limit":"3b73a0e453bde4d6f23a4d090abdb6d02d6a5666"}]}]}]}
{"id":"e1f55e83-b245-45df-a72f-9c4e9ca7ce30","summary":["The net/wan subsystem of the Linux kernel has a double free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when x25_asy_open() fails and its caller frees the memory again. This vulnerability exists in all versions of the Linux Kernel from v4.5 until commit d5c7c745f254c6cb98b3b3f15fe789b8bd770c72 (v4.14.92, v4.19.14, v4.20.1, v5.0, v4.9.149)."],"details":["The patch commit for this vulnerability fixes a double free in the x25_asy_open_tty() function. A double free occurs when memory that has already been freed is freed again. This can lead to a memory corruption vulnerability, which can be exploited by an attacker to gain elevated privileges or execute arbitrary code.\n\nVulnerabilities of type double free are exploited by first allocating a block of memory and then freeing it. The attacker then attempts to free the same block of memory again, which can cause the memory to be overwritten with arbitrary data. This data can then be used to exploit other vulnerabilities in the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain elevated privileges or execute arbitrary code. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5e5e969e525129229052"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b08bc4057e1e273a%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d5c7c745f254c6cb98b3b3f15fe789b8bd770c72"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3b780bed3138c2a8061c218df7e321beec9a6ec9"},{"limit":"d5c7c745f254c6cb98b3b3f15fe789b8bd770c72"},{"limit":"781e26adfdea4e580e04247718010fcedfb9c715"},{"limit":"65b3480236d80d69792b1ac378139459fb79afee"},{"limit":"e792339a10a65e695e7d5321208ac98061847c64"},{"limit":"0ca2635b418cdc1d47091a85f6f4bda46b8da264"}]}]}]}
{"id":"ddca08f6-ed8a-4d2b-8e4b-41202e4d26e9","summary":["The sctp subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when comparing two v4 addresses in a sctp ipv6 socket. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit d625329b06e46bd20baf9ee40847d11982569204 (v4.16.10, v3.16.60, v4.4.133, v4.9.101, v4.14.42)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds write vulnerability in the SCTP protocol implementation in the Linux kernel.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a vulnerable system. The packet can cause the system to write data to an invalid memory location, which can lead to a denial of service or other security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to crash a vulnerable system or execute arbitrary code with kernel privileges.\n\nTo resolve this vulnerability, patch the kernel to the latest version that includes the fix.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cd494c1dd681d4d93ebb"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d625329b06e46bd20baf9ee40847d11982569204"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f35c4b056a7995f4%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1071ec9d453a38023579714b64a951a2fb982071"},{"limit":"d625329b06e46bd20baf9ee40847d11982569204"},{"limit":"f9a670e10d274274fda7fd74220dfd1048dd332e"},{"limit":"d3d4d69d9bbd497a051cf73ce8b4c73444d157f5"},{"limit":"791587096fd13cc853920ae52ac5433e0071b692"},{"limit":"9982c6090d7e23782542f919ebbfdb2f72c1c1d1"},{"limit":"3810bf43ecfb49f00c54cbcdc4f9632b17c4737f"}]}]}]}
{"id":"ddbea153-749f-4baf-aad1-8e8fc745c840","summary":["The ext4 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when remounting with debug_want_extra_isize, as the checks that are performed during a normal mount were not performed. This vulnerability exists in all versions of the Linux Kernel from v4.4 until commit 7bc04c5c2cc467c5b40f2b03ba08da174a0d5fa7 (v5.0.18, v4.9.211, v5.1.4, v4.19.45, v4.14.121, v5.2, v4.4.211)."],"details":["The patch commit for this vulnerability fixes a use-after-free race in the ext4 filesystem. A use-after-free vulnerability occurs when a program frees memory that is still being used, and then later attempts to use that memory again. This can lead to a variety of security problems, including arbitrary code execution.\n\nVulnerabilities of this type are often exploited by attackers who send specially crafted packets to a vulnerable system. These packets can cause the system to free memory that is still being used, and then later attempt to use that memory again. This can lead to the execution of arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain root privileges on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f584efa0ac7213c226b7"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113fd904ee846d0568e088b9%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bc04c5c2cc467c5b40f2b03ba08da174a0d5fa7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e2b911c53584a92266943f3b7f2cdbc19c1a4e80"},{"limit":"7bc04c5c2cc467c5b40f2b03ba08da174a0d5fa7"},{"limit":"2a18c9c76718f77a08177f1fc20007fab2fdafdd"},{"limit":"94143b65f27211a5d51a63caf1a8f076f7156786"},{"limit":"8b83db418206f7428346e060ef7c94a2a93fdbea"},{"limit":"715f547a6299c211a9104105e7ee59c0984acc1e"},{"limit":"3a50e298f0c3b2ff89fbd2c75133edf872aa6dfb"},{"limit":"d1c813850f24780eff793bbfbf4e33214ca81e8d"}]}]}]}
{"id":"dd34e98b-c7dc-4d3b-80da-cc0e2eee6613","summary":["The rdma/ucma subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the rdma_cm layer is used in a multi-threaded environment. This vulnerability exists in all versions of the Linux Kernel from v2.6.20 until commit 7c11910783a1ea17e88777552ef146cace607b3c (v5.7, v5.5.17, v5.4.32, v5.6.4, v4.19.115)."],"details":["The patch commit for this vulnerability fixes a race condition in the RDMA/ucma subsystem that could allow an attacker to cause a denial of service (DoS) or possibly execute arbitrary code.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access a shared resource simultaneously in an unintended way. This can cause the processes or threads to corrupt data or crash, leading to a DoS or other security issue.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit the race condition to cause a DoS by crashing the kernel or to execute arbitrary code by corrupting kernel memory.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c92378b32760a4eef756"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000af6530056e863794%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c11910783a1ea17e88777552ef146cace607b3c"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006d637a0584aa6520%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=68b44a1597636e0b342c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=8458d13b13562abf6b77"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ebb6bc05859ac2cf%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000012a4cd05854a1d0a%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e5579222b6a3edd96522"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=29ee8f76017ce6cf03da"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b358909d8d01556b790b"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6956235342b7317ec564"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=bd034f3fdc0402e942ed"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000001de4b70573d62017%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000003b9c4b0574806070%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1141551246502d056845782e%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=adb15cf8c2798e4e0db4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a366e2056a35c6fd%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c054604ad40010568e8ea21%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=4b628fcc748474003457"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000396c09057a17b6fd%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6b46b135602a3f3ac99e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000055ee31057ce8f277%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"75216638572f53612304c05a374f0246fe1d16da"},{"limit":"7c11910783a1ea17e88777552ef146cace607b3c"},{"limit":"6c70dd6fa0c3fec2047185ab4dd258b79f37ccd2"},{"limit":"bc38d0ee4324ace2ae678836deaae1f6fad52b87"},{"limit":"69eb0ff46c4f4ee3c98158580e5b948d36eaf4fa"},{"limit":"b538f04af4ea3d60ce274bf8107349f71b2298e5"},{"limit":"51795bcf595d9cfbae6e17cdfd02c25db9b3a62c"},{"limit":"466de9a3985cde89089e97c82faa4fc860a4ef58"},{"limit":"abc4ea7f1345398261295345fd9b30243e4f4f8e"}]}]}]}
{"id":"daa2e8e4-ae26-4017-8e61-a2b0d5968291","summary":["The qrtr subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the user passed in too small a buffer for a qrtr_hdr_v1 or qrtr_hdr_v2 struct. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 8ff41cc21714704ef0158a546c3c4d07fae2c952 (v5.8, v5.4.52, v4.19.133, v5.7.9)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read in the qrtr_endpoint_post() function. This function is responsible for processing incoming packets on a qrtr endpoint. The vulnerability occurs when the buffer passed to the function is not large enough to contain the entire packet header. This can lead to the function reading data beyond the end of the buffer, which could potentially lead to arbitrary code execution.\n\nVulnerabilities of this type are often exploited by sending a specially crafted packet that is smaller than the expected size. This causes the function to read data from an invalid memory location, which can then be used to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8ff41cc21714704ef0158a546c3c4d07fae2c952"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b8fe393f999a291a9ea6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f728fc05a90ce9c9%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"194ccc88297ae78d0803adad83c6dcc369787c9e"},{"limit":"8ff41cc21714704ef0158a546c3c4d07fae2c952"},{"limit":"47f304110fb06caec2c52b9428ceeae5453ce78e"},{"limit":"735929cf1e38144eab4a49b074053931f7101b24"},{"limit":"91f8d05b4b56455dedd4539235428eb8ce10b6b6"},{"limit":"a0956a12932c31ee70aeea3e18f2eb5334ed2387"},{"limit":"cd3f29fe2b423b46f2f2a1df1b35da4c9e6ab719"}]}]}]}
{"id":"d8c3707c-272f-4733-9f18-6211aa16aa82","summary":["The usbnet subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the size of the pointer to a structure was checked instead of the structure itself. This vulnerability exists in all versions of the Linux Kernel from v4.8 until commit 54364278fb3cabdea51d6398b07c87415065b3fc (v4.19.68, v4.9.190, v5.2.10, v4.14.140, v5.3)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow vulnerability in the CDC union parser in the Linux kernel.\nVulnerabilities of type integer overflow are exploited by providing an input that is larger than expected, which can cause the program to crash or execute arbitrary code.\nThe security impact of this vulnerability could be that an attacker could execute arbitrary code on a vulnerable system.\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=45a53506b65321c1fe91"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000487b44058fea845c%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54364278fb3cabdea51d6398b07c87415065b3fc"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e4c6fb779498243ec001c5547b3504fe6b1993ec"},{"limit":"54364278fb3cabdea51d6398b07c87415065b3fc"},{"limit":"1213b365921b5dc55ae24e7daed78422e20d6e76"},{"limit":"911a8ca7697b26e95b7ec30b94cd5910bee546ff"},{"limit":"58ab4f8fcd9a0ae6c4399cb4076ba5f26e037436"},{"limit":"487d66ae8f4531cd7a9ed96b370f238fcb0d3021"}]}]}]}
{"id":"d63c31bc-99ac-4e5f-99db-d6bcd34ace64","summary":["The ethtool subsystem of the Linux kernel has a stack overflow vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the bitset from the netlink message is longer than the target bitmap length. This vulnerability exists in all versions of the Linux Kernel from v5.7 until commit a770bf515613c6e12ae904c3593e26016de99448 (v5.10, v5.9.16)."],"details":["The patch commit for this vulnerability fixes a stack overflow in the ethnl_parse_bitset() function in the Linux kernel's ethtool subsystem. This vulnerability could be exploited by a local attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by sending a specially crafted network packet to the target system. The packet contains data that causes the stack overflow, which can then be used to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ed639f05b5553b4a%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a770bf515613c6e12ae904c3593e26016de99448"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9d39fa49d4df294aab93"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"88db6d1e4f6222d22c1c4b4d4d7166cfa9d2fe0e"},{"limit":"a770bf515613c6e12ae904c3593e26016de99448"},{"limit":"d8d50009dadaa7f4d179af59e9796628c7487cf8"}]}]}]}
{"id":"d5b8e961-3fdb-4c9e-8b10-749a07a1ea23","summary":["The Bluetooth subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the hci_conn_hash_flush function was called. This vulnerability exists in all versions of the Linux Kernel from v6.4 until commit ca1fd42e7dbfcb34890ffbf1f2f4b356776dab6f, a2ac591cb4d83e1f2d4b4adb3c14b2c79764650a (v6.3.8)."],"details":["The patch commit for this vulnerability fixes a potential double free vulnerability in the Linux Bluetooth subsystem.\n\nThe hci_conn_unlink function is called by hci_conn_del, which means it should not call hci_conn_del with the input parameter conn again. If it does, conn may have already been released when hci_conn_unlink returns, leading to potential UAF and double-free issues.\n\nVulnerabilities of this type are exploited by first sending a specially crafted message to the Bluetooth subsystem. This message can cause the hci_conn_unlink function to be called with an invalid parameter, which can then lead to the double free of memory.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system or to gain root privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000aa920505f60d25ad%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca1fd42e7dbfcb34890ffbf1f2f4b356776dab6f"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2ac591cb4d83e1f2d4b4adb3c14b2c79764650a"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000484a8205faafe216%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=8bb72f86fc823817bc5d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=690b90b14f14f43f4688"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"06149746e7203d5ffe2d6faf9799ee36203aa8b8"},{"limit":"ca1fd42e7dbfcb34890ffbf1f2f4b356776dab6f"},{"limit":"a2ac591cb4d83e1f2d4b4adb3c14b2c79764650a"},{"limit":"75e35bd4b7935ceed2aacd82f55940e73bf0b63b"},{"limit":"b0167893c00e25a8ac99876e30334138a27e21a1"}]}]}]}
{"id":"d4a706a7-8939-41fa-9940-d7b027dd2082","summary":["The ipv6/sit subsystem of the Linux kernel has a stack overflow vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the user provided an invalid tunnel name. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit b95211e066fc3494b7c115060b2297b4ba21f025 (v4.17)."],"details":["The patch commit for this vulnerability fixes a potential stack overflow vulnerability in the Linux kernel's IPv6 SIT tunnel implementation. The vulnerability is caused by the fact that the ipip6_tunnel_locate() function does not properly validate the length of the tunnel name provided by the user. This could allow an attacker to craft a malicious packet that would cause the kernel to overflow its stack, resulting in a denial of service or potentially even arbitrary code execution.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to a vulnerable system. The packet would contain a malicious tunnel name that is longer than the maximum allowed length. When the kernel attempts to process this packet, it will attempt to copy the tunnel name into a buffer on the stack. If the tunnel name is too long, this will cause the stack to overflow, resulting in a denial of service or potentially even arbitrary code execution.\n\nThe security impact of this vulnerability could be significant. A successful exploit could allow an attacker to gain root privileges on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=d31533b18fc5a7e0cc95941b49a0bf94a7c3c77e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b95211e066fc3494b7c115060b2297b4ba21f025"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"b95211e066fc3494b7c115060b2297b4ba21f025"},{"limit":"03d22b8295389cf42445c28966ebd92f3692b021"},{"limit":"628d5946bb62e21b84ba62ffcdc98483f4bae93e"},{"limit":"9ebe7bd411cedaa0800fd4cd332ee71dadbf19de"},{"limit":"a7309cad9c2e33376a0d7abb9483c05a3007ec85"},{"limit":"afe68da6b60dc0077f407e29f79d81e0f8f0c0c6"},{"limit":"c6415377233302346f7f68e8bda5653338ba1c3d"},{"limit":"e7392359da590d6573fbf0d6f0cb4fafa144c488"},{"limit":"f1f1f94f7d70703baf7d4f966b69601a9042a306"}]}]}]}
{"id":"d329b3d2-877c-46a6-bcd0-56c8877c7379","summary":["The bpf subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a fault injected alloc fails while calling bpf_link_detach. This vulnerability exists in all versions of the Linux Kernel from v5.7 until commit 4c46091ee985ae84c60c5e95055d779fcd291d87 (v5.10.138, v6.0, v5.19.2, v5.18.18, v5.15.61)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's BPF subsystem. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nVulnerabilities of this type are exploited by attackers by sending specially crafted packets to a vulnerable system. The packets trigger the use-after-free vulnerability, which allows the attacker to gain access to sensitive information or execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on a vulnerable system or to steal sensitive information.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"WEB","url":"https://android.googlesource.com/kernel/common/+/3527e3cbb84d8868c4d4e91ba55915f96d39ec3d^!"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-android-bugs/0000000000006d85b305dbbb67ff%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f264bffdfbd5614f3bb2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"af6eea57437a830293eab56246b6025cc7d46ee7"},{"limit":"4c46091ee985ae84c60c5e95055d779fcd291d87"},{"limit":"6336388715afa419cc97d0255bda3bba1b96b7ca"},{"limit":"3527e3cbb84d8868c4d4e91ba55915f96d39ec3d"},{"limit":"be001f9da71eaa3b61e186fb88bde3279728bdca"},{"limit":"1f8ca9c40e6222ce431e9ba5dae3cccce8ef9443"}]}]}]}
{"id":"d1cb6792-f705-41e9-946d-35002071bc81","summary":["The net/ipv6/raw.c subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when sending a raw IPv6 packet. This vulnerability exists in all versions of the Linux Kernel from v2.6.36 until commit a688caa34beb2fd2a92f1b6d33e40cde433ba160 (v4.19)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's IPv6 raw socket implementation.\n\nIn the affected code, the kernel attempts to free a socket buffer (skb) that is still in use by another part of the system. This can lead to a denial of service or even arbitrary code execution if an attacker can exploit the vulnerability.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to a vulnerable system. The packet will trigger the use-after-free vulnerability, which can then be used to gain access to sensitive data or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a vulnerable system or to launch a denial of service attack.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThe vendor has provided an official fix for this vulnerability.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a688caa34beb2fd2a92f1b6d33e40cde433ba160"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=e6ad5d985805141ed3d70fc129748bc234ff99f8"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1789a640f55658d9a54c1868cc3405e4d85dbd8e"},{"limit":"a688caa34beb2fd2a92f1b6d33e40cde433ba160"},{"limit":"08e8e22b6d3ae3689d8c1643d924063f5c93b901"},{"limit":"48c14f2ea5c58268f4ea59da6467c74cdec9e6f2"},{"limit":"4ceb29cf0ee1ce055d43029b9c86692e206424c1"},{"limit":"9db8f411f90eae46da77865d2bb72ad5fb5721b0"}]}]}]}
{"id":"d0675130-3099-41ca-9a24-6c640d631f53","summary":["The sit subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ipip6_dev_free function was called from sit_init_net. This vulnerability exists in all versions of the Linux Kernel from v4.12 until commit e28587cc491ef0f3c51258fdc87fbc386b1d4c59 (v5.16)."],"details":["The patch commit for this vulnerability fixes a potential double free vulnerability in the Linux kernel's sit network device driver. The vulnerability occurs when the sit_init_net() function calls the ipip6_dev_free() function, which frees the sit device's private data structure. However, the sit device's private data structure has already been freed by the register_netdevice() function, which is called before sit_init_net(). This can lead to a double free error, which can be exploited by an attacker to gain control of the kernel.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the sit network device to be initialized. The attacker can then send another packet that will trigger the double free error. This will allow the attacker to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of the kernel and execute arbitrary code. This could allow the attacker to steal sensitive data, install malware, or disrupt system operations.\n\nTo resolve this vulnerability, patch the kernel past the fix commit. The fix commit can be found here: https://git.kernel.org/\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e28587cc491ef0f3c51258fdc87fbc386b1d4c59"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=fa9723e8791d750db841f062cdf8ae8c89ec3005"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=e6ef968b7de35c9d687247e78609659b65d61b22"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=d55284f3ceb5a899631cebcfd3cd8a24915a70a5"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=088c0719afd64a2d7a897e91ca4cbd4f4ce395fb"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"cf124db566e6b036b8bcbe8decbed740bdfac8c6"},{"limit":"e28587cc491ef0f3c51258fdc87fbc386b1d4c59"},{"limit":"6f46c59e60b64620d5d386c8ee2eaa11ebe3b595"},{"limit":"e56b65c1e74d7f706d74b51baba15187be2fb4b5"},{"limit":"4e1797914d8f223726ff6ae5ece4f97d73f21bab"},{"limit":"44a6c846bc3a7efe7d394bab8b2ae3b7f580e190"},{"limit":"ad0ed314d6167b212939e3839428ba0c8bb16adb"}]}]}]}
{"id":"cb5461e3-81d0-4785-ba62-53f248e3bfae","summary":["The mm/mempolicy subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the VMA iterator was not passed through to the underlying call to split_vma(). This vulnerability exists in all versions of the Linux Kernel from v6.1 until commit f4e9e0e69468583c2c6d9d5c7bfc975e292bf188 (v6.2.14, v6.1.27, v6.3)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's memory management subsystem. The vulnerability occurs when the set_mempolicy_home_node() function iterates over a list of VMAs and calls the mbind_range() function on each VMA. The mbind_range() function also iterates over the list of VMAs, and if a VMA is split, the VMA iterator is not passed through to the underlying call to split_vma(). This can result in a use-after-free vulnerability, as the VMA iterator may now point to a stale node in the VMA tree.\n\nVulnerabilities of this type are exploited by first allocating a large amount of memory. The attacker then uses a buffer overflow to overwrite the VMA iterator with a pointer to a malicious function. When the mbind_range() function is called, it will call the malicious function, which can then execute arbitrary code with the privileges of the kernel.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c93feb05f87e24ad%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4e9e0e69468583c2c6d9d5c7bfc975e292bf188"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a7c1ec5b1d71ceaa5186"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"66850be55e8e5f371db2c091751a932a656c5f4d"},{"limit":"f4e9e0e69468583c2c6d9d5c7bfc975e292bf188"},{"limit":"862ea63fad1657e4cf0b2cf285db6fd55fa57ba0"},{"limit":"0078cd1744b789f527845318a7d3d92e8ae7926a"}]}]}]}
{"id":"c71944f6-fb8f-4f5e-a0eb-e36cfde46d42","summary":["The perf subsystem of the Linux kernel has a slab out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the sample_max_stack value is bigger than the global sysctl maximum. This vulnerability exists in all versions of the Linux Kernel from v4.8 until commit 5af44ca53d019de47efe6dbc4003dd518e5197ed (v4.14.37, v4.9.97, v4.16.5, v4.17)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow vulnerability in the Linux kernel's perf subsystem. The vulnerability occurs when the sample_max_stack value is greater than the global sysctl maximum. This can allow an attacker to create an event with a callchain buffer that is larger than the kernel's allocated memory, resulting in a kernel panic.\n\nVulnerabilities of this type are exploited by overflowing an integer with a large value. This can cause the program to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to crash the kernel or execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=7c449856228b63ac951e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af44ca53d019de47efe6dbc4003dd518e5197ed"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1140f656c722960569a3d857%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"97c79a38cd454602645f0470ffb444b3b75ce574"},{"limit":"5af44ca53d019de47efe6dbc4003dd518e5197ed"},{"limit":"66038084560d12457f4dd9e5cfb1d7a7859f70a2"},{"limit":"cf3d902d5af72e333bd83d5961a667752e758b2b"},{"limit":"ac6f0cb331e2ddc5d40b9059908218349064ec5c"}]}]}]}
{"id":"c51b6202-56b6-4250-b0b8-a920142680b3","summary":["The llc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when tricking AF_LLC with non sensible addr->sllc_arphrd. This vulnerability exists in all versions of the Linux Kernel from v2.6.34 until commit a9b1110162357689a34992d5c925852948e5b9fd (v5.8)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's LLC subsystem. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first tricking the victim into using a specially crafted application that sends a malicious packet to the system. This packet will cause the kernel to free memory that is still in use, which can lead to the execution of arbitrary code.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9b1110162357689a34992d5c925852948e5b9fd"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=f297bb2cf9c33ac2648bf5edd6a25ecf0466940f"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"abf9d537fea225af60762640361af7fb233b3103"},{"limit":"a9b1110162357689a34992d5c925852948e5b9fd"},{"limit":"199b03a26488f40fa05c54a1958a63a91bbf5525"},{"limit":"4f7be8373ff51e42dde2d663b5eaf1116ea87cae"},{"limit":"6528c11ce8f1b729922b7b6a34d814cb38cbf024"},{"limit":"a70a667736ede10bbb28121a4ea20eeadbb2af13"},{"limit":"cf2c621c8d5e643eee02eea1d753a8743b742184"},{"limit":"f146ae3cf4e79eb0abb6d701ec158d1605fb3925"},{"limit":"f58328d7d3b5543ba0004c9a0c47d26a8d6bfbad"},{"limit":"fb54ad8f74dd38b5676dc387f4627643930db9b8"}]}]}]}
{"id":"c3760ea7-6213-43b3-8f08-913b9b6deec7","summary":["The bonding subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the return value of register_netdevice() was not checked immediately. This vulnerability exists in all versions of the Linux Kernel from v4.7 until commit c75d1d5248c0c97996051809ad0e9f154ba5d76e (v4.19.135, v5.7.11, v5.8, v4.14.190, v5.4.54)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the bonding driver. The fix checks the return value of the register_netdevice() function before doing anything else. This function is used to register a new network device with the kernel. If the function fails, it could cause a buffer overflow.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the network device. This packet can cause the kernel to allocate more memory than it needs, which can lead to a buffer overflow.\n\nThe security impact of this vulnerability could be that an attacker could execute arbitrary code on the system. This could allow them to take control of the system or install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c75d1d5248c0c97996051809ad0e9f154ba5d76e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=bbc3a11c4da63c1b74d6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000fa7b205ab0dc778%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"005db31d5f5f7c31cfdc43505d77eb3ca5cf8ec6"},{"limit":"c75d1d5248c0c97996051809ad0e9f154ba5d76e"},{"limit":"6ca307f3fa591bc29b67356a501d3de4b106399c"},{"limit":"96b61dc0ce8121f4f286eaf7301737853e1499a0"},{"limit":"6c9d85b0de1f16cceca6d4ffe1636e383ac973cb"},{"limit":"89b4f204ba43a11b8ceea1269350348f2d4801f2"},{"limit":"971041895df95302d6c7bcc1a5281a09b8794803"},{"limit":"d8492c9833ea33be24b70003f980579ba1d8ebd5"}]}]}]}
{"id":"c2a9d2c0-2af3-4e4d-ac58-85989f261f35","summary":["The watch_queue subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a watch is being added to a queue, as the lock on the source's watch list is not taken. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit e64ab2dbd882933b65cd82ff6235d705ad65dbb6 (v5.18.16, v5.19, v5.15.59, v5.10.135)."],"details":["The patch commit for this vulnerability fixes a missing locking in the add_watch_to_object() function. This could allow an attacker to add a watch to a queue, remove a watch from the queue, or destroy the queue, which could lead to a denial of service.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system. The packets can be used to bypass security checks and gain access to sensitive data or system resources.\n\nThe security impact of this vulnerability could be a denial of service or an elevation of privilege. In the worst case, an attacker could gain root access to the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e64ab2dbd882933b65cd82ff6235d705ad65dbb6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000029f85405e4c9fe7f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=03d7b43290037d1f87ca"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c73be61cede5882f9605a852414db559c0ebedfd"},{"limit":"e64ab2dbd882933b65cd82ff6235d705ad65dbb6"},{"limit":"7fa8999b31674dc7697fa37a1eee088767cd84f3"},{"limit":"8a2482fca5214ff6378f47c230388b901301705a"},{"limit":"c9c01dd38975c70e3ec9a4b95c1c9ab66989589c"}]}]}]}
{"id":"c2689f6f-1412-4261-9f7c-9923e584ec70","summary":["The sctp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the active_key for asoc was not updated after the old key was replaced. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit 58acd10092268831e49de279446c314727101292 (v4.19.199, v5.14, v5.10.54, v5.4.136, v5.13.6)."],"details":["The patch commit for this vulnerability fixes an use-after-free issue in the SCTP protocol implementation.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory, then freeing it, and then accessing the memory that was freed. This can allow an attacker to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system with the privileges of the user running the vulnerable application.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b774577370208727d12b"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58acd10092268831e49de279446c314727101292"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a0982305c6e5c9f5%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1b1e0bc9947427ae58bbe7de0ce9cfd591b589b9"},{"limit":"58acd10092268831e49de279446c314727101292"},{"limit":"c1de376423a7759bf4fa25d6a038a4c1e035c9e1"},{"limit":"8eb225873246312660ccd68296959a7b213d0cdd"},{"limit":"b60461696a0b0fdaf240bc365b7983698f88ded2"},{"limit":"50b57223da67653c61e405d0a7592355cfe4585e"}]}]}]}
{"id":"c1b4f3fa-7b6d-4cb7-ac04-bd45752f8560","summary":["The sctp subsystem of the Linux kernel has a kernel infoleak vulnerability. The vulnerability could be exploited by an attacker to leak kernel memory when using the netlink_dump_start function. This vulnerability exists in all versions of the Linux Kernel from v4.7 until commit 633593a808980f82d251d0ca89730d8bb8b0220c (v5.17)."],"details":["The patch commit for this vulnerability fixes a kernel infoleak in the SCTP socket implementation. This vulnerability could allow an attacker to read kernel memory by sending a specially crafted packet to a vulnerable system.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a vulnerable system. The packet is designed to trigger a buffer overflow or other memory corruption vulnerability in the kernel's network stack. This can then be used to read kernel memory or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to read sensitive information from the kernel, such as passwords or encryption keys. They could also use it to execute arbitrary code on the system, which could lead to a complete compromise.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=633593a808980f82d251d0ca89730d8bb8b0220c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=a652ddf168ffc4273a60f6321077e72a156966e8"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"8f840e47f190cbe61a96945c13e9551048d42cef"},{"limit":"633593a808980f82d251d0ca89730d8bb8b0220c"},{"limit":"1502f15b9f29c41883a6139f2923523873282a83"},{"limit":"2d8fa3fdf4542a2174a72d92018f488d65d848c5"},{"limit":"3fc0fd724d199e061432b66a8d85b7d48fe485f7"},{"limit":"41a2864cf719c17294f417726edd411643462ab8"},{"limit":"b7e4d9ba2ddb78801488b4c623875b81fb46b545"},{"limit":"bbf59d7ae558940cfa2b36a287fd1e88d83f89f8"},{"limit":"d828b0fe6631f3ae8709ac9a10c77c5836c76a08"}]}]}]}
{"id":"c023b13e-fcb3-49d0-91d8-7b59274a744e","summary":["The block subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the elevator was not disabled in del_gendisk, as the tag_set might not be alive at that point. This vulnerability exists in all versions of the Linux Kernel from v5.16 until commit 50e34d78815e474d410f342fbe783b18192ca518 (v5.18.8, v5.19)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the Linux kernel's block layer. A use after free vulnerability occurs when a pointer to freed memory is used after it has been freed. This can allow an attacker to access or modify sensitive data or execute arbitrary code.\n\nVulnerabilities of this type are often exploited by attackers to gain root privileges on a system. In this case, the attacker would need to have access to a system with the Linux kernel version 5.18 or later and the affected block device driver loaded.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a system or to execute arbitrary code. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=3e3f419f4a7816471838"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50e34d78815e474d410f342fbe783b18192ca518"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000212fec05de1a16ec%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e155b0c238b20f0a866f4334d292656665836c8a"},{"limit":"50e34d78815e474d410f342fbe783b18192ca518"},{"limit":"f28699fafc047ec33299da01e928c3a0073c5cc6"}]}]}]}
{"id":"be401000-7e41-475d-9f6b-b596afd6167c","summary":["The sctp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the error returned from sctp_auth_asoc_init_active_key() was not handled properly. This vulnerability exists in all versions of the Linux Kernel from v5.14 until commit 022152aaebe116a25c39818a07e175a8cd3c1e11 (v4.19.262, v5.4.220, v6.1, v6.0.3, v5.10.150, v5.19.17, v5.15.75)."],"details":["\n The patch commit for this vulnerability fixes an error handling bug in the SCTP protocol implementation in the Linux kernel. The bug occurs when a new security key is being set for an SCTP association. If an error occurs during the key setup process, the old key is not properly freed, and may be used by the kernel even after it has been replaced. This can lead to a use-after-free vulnerability, which could be exploited by an attacker to gain elevated privileges or execute arbitrary code.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to the target system. The packet would contain data that would trigger the error condition in the kernel, causing the old key to be used after it has been freed. The attacker could then use this vulnerability to gain control of the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain elevated privileges or execute arbitrary code on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=022152aaebe116a25c39818a07e175a8cd3c1e11"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a236dd8e9622ed8954a3"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000212d3205e9984e12%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"58acd10092268831e49de279446c314727101292"},{"limit":"022152aaebe116a25c39818a07e175a8cd3c1e11"},{"limit":"b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40"},{"limit":"f65955340e0044f5c41ac799a01698ac7dee8a4e"},{"limit":"3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d"},{"limit":"19d636b663e0e92951bba5fced929ca7fd25c552"},{"limit":"0f90099d18e3abdc01babf686f41f63fe04939c1"},{"limit":"382ff44716603a54f5fd238ddec6a2468e217612"}]}]}]}
{"id":"bdf9d3e4-d8ab-4921-99a8-1791a3a0bcf2","summary":["The netfilter/ebtables subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the table blob was not properly freed after table replacement. This vulnerability exists in all versions of the Linux Kernel from v3.15 until commit e58a171d35e32e6e8c37cfe0e8a94406732a331f (v5.15.100, v6.1.18, v5.10.173, v6.2.5, v6.3)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's ebtables netfilter subsystem. This vulnerability occurs when a table is replaced with a new table, but the old table's blob is not properly freed. This can lead to a kernel panic or other undefined behavior.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the system. This packet will cause the kernel to allocate a new table and copy the old table's blob into it. The old table's blob is then freed, but the new table still references it. This can lead to a kernel panic or other undefined behavior when the new table is used.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to crash the system or execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e58a171d35e32e6e8c37cfe0e8a94406732a331f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f61594de72d6705aea03"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000866d0e05f4e8be87%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c58dd2dd443c26d856a168db108a0cd11c285bf3"},{"limit":"e58a171d35e32e6e8c37cfe0e8a94406732a331f"},{"limit":"dbb3cbbf03b3c52cb390fabec357f1e4638004f5"},{"limit":"9060abce3305ab2354c892c09d5689df51486df5"},{"limit":"cda0e0243bd3c04008fcd37a46b0269fb3c49249"},{"limit":"3dd6ac973351308d4117eda32298a9f1d68764fd"}]}]}]}
{"id":"bd1825d5-8c35-4789-96ef-636c364cc2fe","summary":["The tls subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the socket is being closed. This vulnerability exists in all versions of the Linux Kernel from v4.13 until commit 32da12216e467dea70a09cd7094c30779ce0f9db, a447da7d00410278c90d3576782a43f8b675d7be (v4.14.57, v4.18, v4.16.18, v4.17.9, v4.17.3, v4.14.52)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's TLS implementation.\n\nVulnerabilities of this type are exploited by first sending a specially crafted message to a vulnerable system. This message will cause the kernel to allocate memory that is not properly freed. When the system attempts to use this memory later, it will cause a crash or other undefined behavior.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on a vulnerable system or to gain access to sensitive information.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006056c8056d0868f8%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000628fe1056c18da7f%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a447da7d00410278c90d3576782a43f8b675d7be"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32da12216e467dea70a09cd7094c30779ce0f9db"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=709f2810a6a05f11d4d3"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5c74af81c547738e1684"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b24d0c056e438d2d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c226690f7b3126c5ee04"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3c4d7559159bfe1e3b94df3a657b2cda3a34e218"},{"limit":"32da12216e467dea70a09cd7094c30779ce0f9db"},{"limit":"a447da7d00410278c90d3576782a43f8b675d7be"},{"limit":"5e8a5c30546f731b20591eb8cffc7db299286d05"},{"limit":"cf3fd8f306f08401ae40eb7de13ef2e94011e706"},{"limit":"7fd98de479ea75144d71862d67eb597c868bf453"},{"limit":"9e416df3a2cb61971c0bbda0f677b9ae547af05f"},{"limit":"30a7a7b04f8b4e38b1af9acda2a4dd533e260ed2"}]}]}]}
{"id":"bbedf742-5242-43a5-b58b-7fa8300fa46a","summary":["The RDMA/ucma subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the error in ucma_create_id() left ctx in the list of contexts belong to ucma file descriptor. This vulnerability exists in all versions of the Linux Kernel from v2.6.20 until commit ed65a4dc22083e73bac599ded6a262318cad7baf (v3.16.57, v4.14.33, v4.1.52, v4.9.93, v3.2.102, v4.16, v4.4.127, v4.15.16)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the RDMA/ucma subsystem. A use-after-free vulnerability occurs when a program frees memory but continues to use it after it has been freed. This can allow an attacker to execute arbitrary code or gain access to sensitive data.\n\nVulnerabilities of this type are exploited by first sending a specially crafted message to the target system. This message will cause the target system to free memory that is still in use. The attacker can then use this memory to execute arbitrary code or gain access to sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code or gain access to sensitive data on the target system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=dcfd344365a56fbebd0f"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed65a4dc22083e73bac599ded6a262318cad7baf"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113f8bce2c792c0566cd1814%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"75216638572f53612304c05a374f0246fe1d16da"},{"limit":"ed65a4dc22083e73bac599ded6a262318cad7baf"},{"limit":"e78759ba4d27ab2f19b285f666887bf4d00b7514"},{"limit":"a7d0333a87b3a9b68c9d4351fbd9e0f76f6ac913"},{"limit":"7825be2b6c326b1ba1b5cf7081c42e1d1046a9ba"},{"limit":"fbd591e549d859079a89bf9c1c53b7eddff0339a"},{"limit":"0b17ac3f080da021b759043ae9ab8dd8bbc5e852"},{"limit":"ac895355571a158c7120c7b9b3ba6a94d2bc803e"},{"limit":"7b22ab5fa34d8b918e4a79e7927fe6af90501675"}]}]}]}
{"id":"b84fd604-a97d-4573-ab44-f2d7b8f7ec36","summary":["The Bluetooth subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a malformed event packet with a large `num_reports` number is received. This vulnerability exists in all versions of the Linux Kernel from v3.19 until commit f7e0e8b2f1b0a09b527885babda3e912ba820798 (v4.9.249, v4.19.164, v5.4.86, v4.14.213, v5.11, v5.10.3, v4.4.249)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the hci_le_direct_adv_report_evt() function. This function is responsible for handling LE Direct Advertising Report events. A malformed event packet with a large `num_reports` number can cause the function to read out of bounds, leading to a potential security vulnerability.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This can be done over a network connection or by physically connecting to the target system. Once the packet is received, the vulnerability can be exploited to gain access to sensitive data or to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to execute arbitrary code on the target system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7e0e8b2f1b0a09b527885babda3e912ba820798"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a876b805abfa77e0%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=24ebd650e20bd263ca01"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2f010b55884efad9c2be572070cb7377a5388fcd"},{"limit":"f7e0e8b2f1b0a09b527885babda3e912ba820798"},{"limit":"50f524549e4ab560c3042fbcd18e11f341b611e7"},{"limit":"df95ea1228cc2c367a06cc2578eb52b406529da6"},{"limit":"7ee2cd49f7220b1069e23a65d3ab59526bda9821"},{"limit":"b260e4a688531d5865e2caead4cccfb2735f5657"},{"limit":"f7a86f0f410228cce316f84433ed2f73652c6579"},{"limit":"61490c481c61ff230da5f6042f353c6c0db0bc0c"}]}]}]}
{"id":"b83db2b5-5340-44bc-9c98-8ee0224ba7f5","summary":["The smack subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the vsscanf function was used to parse a smack label. This vulnerability exists in all versions of the Linux Kernel from v3.5 until commit a6bd4f6d9b07452b0b19842044a6c3ea384b0b88 (v4.19.140, v5.7.16, v4.9.233, v5.9, v4.14.194, v5.8.2, v4.4.233, v5.4.59)."],"details":["The patch commit for this vulnerability fixes a buffer overflow in the Smack subsystem of the Linux kernel. The vulnerability occurs when the vsscanf() function is used to parse a string containing a Smack label. The vsscanf() function does not properly check the length of the string, which can lead to a buffer overflow.\n\nVulnerabilities of this type are exploited by providing a specially crafted Smack label that is longer than the buffer allocated to store it. This can cause the kernel to overwrite memory outside of the buffer, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a22c6092d003d6fe1122"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a6bd4f6d9b07452b0b19842044a6c3ea384b0b88"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d282bd05ab0bf532%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f7112e6c9abf1c70f001dcf097c1d6e218a93f5c"},{"limit":"a6bd4f6d9b07452b0b19842044a6c3ea384b0b88"},{"limit":"f4d455a73deb4313587ce66bf1969ab5817097ac"},{"limit":"674992659a97d1a19295038d7e2aafca35d09813"},{"limit":"68d2e38fe2be9d0a60a344c816e28f4979e71d2e"},{"limit":"95e77519f48645f73e375461a3a1e9402130da7c"},{"limit":"5edf79a812a0a2e03a5433b19cb63caffb0b1836"},{"limit":"32fecc76dfdda9f134de11c3f2df3338a6d3abf6"},{"limit":"fd9ff27063dd473219a7be89b5d8576c8b70b13d"},{"limit":"820defebf4ead19c96ecc36a16dba85f315c0931"},{"limit":"12917b448aa665cfa032f37925a10ae5f43bee35"},{"limit":"cdb83ad0c45b4c718ba46e6982f6d1eb5958d54b"}]}]}]}
{"id":"b6de8934-70f0-45c9-88fa-088b7a187501","summary":["The firmware_loader subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a fw_priv object has been freed but hasn't been removed from the pending list. This vulnerability exists in all versions of the Linux Kernel from v5.7 until commit 75d95e2e39b27f733f21e6668af1c9893a97de5e (v4.19.203, v5.14, v5.4.140, v5.10.58, v5.13.10)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's firmware loader. A use-after-free vulnerability occurs when a piece of memory that has been freed is still accessed by the program. This can lead to a variety of security issues, including arbitrary code execution.\n\nVulnerabilities of this type are often exploited by attackers by sending specially crafted packets to a vulnerable system. The packets can be used to trigger the use-after-free vulnerability, which can then be used to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on a vulnerable system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75d95e2e39b27f733f21e6668af1c9893a97de5e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000540c0405ba3e9dff%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=de271708674e2093097b"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"bcfbd3523f3c6eea51a74d217a8ebc5463bcb7f4"},{"limit":"75d95e2e39b27f733f21e6668af1c9893a97de5e"},{"limit":"67cf0fbcac0d42d4d4686cddc1e39f465bbfec37"},{"limit":"c14a54675db7131791402fa22fb0fa6da1f5fb66"},{"limit":"d09639528b66b5c7c20dc8f7fb8928aacabd40bb"},{"limit":"ecb739cf15a9bae040ce6b60209b78b92512d120"}]}]}]}
{"id":"b576b5db-16cd-4293-9933-c35cdf1239da","summary":["The seccomp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the listener fd was installed and then the filter was freed out from underneath it. This vulnerability exists in all versions of the Linux Kernel from v5.0 until commit 7a0df7fbc14505e2e2be19ed08654a09e1ed5bf6 (v5.1, v5.0.14)."],"details":["\n The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the seccomp subsystem.\n\nVulnerabilities of type use-after-free are exploited by first allocating a memory buffer, then freeing it, and then using the freed memory buffer after it has been freed. This can lead to arbitrary code execution if the freed memory buffer is used to store executable code.\n\nThe security impact of this vulnerability could be arbitrary code execution if an attacker can trigger the use-after-free vulnerability. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a0df7fbc14505e2e2be19ed08654a09e1ed5bf6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8f45a0584e69ea9%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b562969adb2e04af3442"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"6a21cc50f0c7f87dae5259f6cfefe024412313f6"},{"limit":"7a0df7fbc14505e2e2be19ed08654a09e1ed5bf6"},{"limit":"00ddbaed26634eaa8841f692e238f6994b4f261f"}]}]}]}
{"id":"b4816659-12da-4e2c-96be-88073d10b6ac","summary":["The seg6 subsystem of the Linux kernel has a slab-out-of-bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the SRH is encoded in the Reduced way. This vulnerability exists in all versions of the Linux Kernel from v5.7 until commit bb986a50421a11bf31a81afb15b9b8f45a4a3a11 (v5.7.8, v5.8)."],"details":["\n The patch commit for this vulnerability fixes a potential slab-out-of-bounds vulnerability in the Linux kernel's SRv6 implementation.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. The packet contains an invalid SRH header, which causes the kernel to allocate an incorrect amount of memory for the SRH. This can lead to a denial of service attack or, in some cases, arbitrary code execution.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to crash the kernel or execute arbitrary code on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb986a50421a11bf31a81afb15b9b8f45a4a3a11"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000dd891a05a56369b8%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e8c028b62439eac42073"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0cb7498f234e4e7d75187a8cae6c7c2053f2488a"},{"limit":"bb986a50421a11bf31a81afb15b9b8f45a4a3a11"},{"limit":"6c72bf22589a076a9e2653c5eeebd80f730d50e0"},{"limit":"1d31a0986aadc064ab8e2963a956ffc94ba1e90c"}]}]}]}
{"id":"b2eb7d04-5df8-4ebe-be5b-15a6ea07717e","summary":["The bpf subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the bpf_jit_free function was called on a bpf_prog_pack that had not been finalized. This vulnerability exists in all versions of the Linux Kernel from v5.18 until commit 1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d (v5.19.2, v6.0, v5.18.18)."],"details":["\n The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the Linux kernel's bpf subsystem.\n\nVulnerabilities of type use-after-free are exploited by first causing a program to free memory that is still in use, and then accessing that memory after it has been freed. This can allow an attacker to execute arbitrary code or gain other privileges on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code or gain other privileges on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007646bd05d7f81943%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000073b3e805d7fed17e%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d24d2a2b0a81dd5e9bb99aeb4559ec9734e1416f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1022a5498f6f745c3b5fd3f050a5e11e7ca354f0"},{"limit":"1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d"},{"limit":"60e66074812dde9cde3d99cdd3caa9e40f1a4516"},{"limit":"f91ce608a79c0db3e72bd63c23e011a9ebc31505"}]}]}]}
{"id":"b29a2d36-58ea-416e-b960-96943c793bcc","summary":["The fbcon subsystem of the Linux kernel has a global out of bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the user font height or width is changed. This vulnerability exists in all versions of the Linux Kernel from v5.9 until commit ec0972adecb391a8d8650832263a4790f3bfb4df (v4.14.199, v5.4.67, v4.9.237, v4.4.237, v5.8.11, v4.19.147)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds read vulnerability in the Linux kernel's fbcon driver. The vulnerability occurs when the fbcon driver attempts to read data from a user-supplied font that is larger than the maximum allowed size. This can be exploited by an attacker to read sensitive information from the kernel's memory.\n\nVulnerabilities of this type are exploited by providing a specially crafted user-supplied font that is larger than the maximum allowed size. When the fbcon driver attempts to read from this font, it will read data from outside of the allocated memory, which can lead to the disclosure of sensitive information.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to read sensitive information from the kernel's memory, such as passwords or encryption keys.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec0972adecb391a8d8650832263a4790f3bfb4df"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b38b1ef6edf0c74a8d97"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000024be1505ad487cbb%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"39b3cffb8cf3111738ea993e2757ab382253d86a"},{"limit":"ec0972adecb391a8d8650832263a4790f3bfb4df"},{"limit":"ebb11c9c737c76924aa15dda84d46999882fbb7d"},{"limit":"73d58890be304f94f6787a83fab4455534edac72"},{"limit":"d31eccab7abd41e9d198c0f4f226d937cc7bbd58"},{"limit":"76fe92986c5c2fff36d8fb83e86332113b6c1725"},{"limit":"cc86580e17c0e4fc3bdc1cebf30be9b6d747314c"},{"limit":"f9300df2f7add904ee364f358e07097946c0b42a"}]}]}]}
{"id":"b14a326c-a039-4172-a898-db890b344cba","summary":["The io_uring subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the request was left on the waitqueue mistakenly. This vulnerability exists in all versions of the Linux Kernel from v5.18 until commit d89a4fac0fbc6fe5fc24d1c9a889440dcf410368 (v5.17.14)."],"details":["The patch commit for this vulnerability fixes an issue where the io_uring subsystem could incorrectly leave a request on the waitqueue after it had been completed. This could lead to a use-after-free vulnerability, which could be exploited by an attacker to gain elevated privileges.\n\nVulnerabilities of this type are exploited by first sending a malicious request to the io_uring subsystem. This request will cause the subsystem to allocate a new request object and add it to the waitqueue. The attacker can then use a race condition to free the request object before it is removed from the waitqueue. This will leave the waitqueue in an inconsistent state, which can be exploited to gain elevated privileges.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to gain root privileges or execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006a354705dad2387e%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=09ad4050dd3a120bfccd"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d89a4fac0fbc6fe5fc24d1c9a889440dcf410368"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"91eac1c69c202d9dad8bf717ae5b92db70bfe5cf"},{"limit":"d89a4fac0fbc6fe5fc24d1c9a889440dcf410368"},{"limit":"ddb263337cec2f0e21416e5a6c6386c019a6ab32"}]}]}]}
{"id":"af717ca3-42e5-4d93-b2f7-bd2128d25f66","summary":["The rdma/cma subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the state is not idle and resolve_prepare_src() overwrites the src_addr. This vulnerability exists in all versions of the Linux Kernel from v5.10 until commit 22e9f71072fa605cbf033158db58e0790101928d (v5.16.12, v5.15.26, v5.10.103, v5.17)."],"details":["\n The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the Linux kernel's RDMA/CMA implementation. This vulnerability could allow an attacker to execute arbitrary code on the kernel by sending a specially crafted message to a vulnerable system.\n\nVulnerabilities of this type are exploited by sending a message to a vulnerable system that contains specially crafted data. This data can then be used to corrupt the memory of the kernel, allowing the attacker to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the kernel, which could allow them to take control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c94a3675a626f6333d74"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22e9f71072fa605cbf033158db58e0790101928d"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c3eace05d24f0189%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"732d41c545bb359cbb8c94698bdc1f8bcf82279c"},{"limit":"22e9f71072fa605cbf033158db58e0790101928d"},{"limit":"00265efbd3e5705038c9492a434fda8cf960c8a2"},{"limit":"d350724795c7a48b05bf921d94699fbfecf7da0b"},{"limit":"5b1cef5798b4fd6e4fd5522e7b8a26248beeacaa"}]}]}]}
{"id":"ad3def4e-15fb-4625-9859-5952f681e312","summary":["The net/rtnetlink subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the rtnl_create_link() function is called with an invalid MTU value. This vulnerability exists in all versions of the Linux Kernel from v4.10 until commit d836f5c69d87473ff65c06a6123e5b2cf5e56f5b (v5.5)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow vulnerability in the rtnetlink subsystem. The fix ensures that the IFLA_MTU attribute is validated before being used to create a new network device.\n\nVulnerabilities of this type are exploited by providing an invalid value for the IFLA_MTU attribute, which can cause the kernel to crash. In the worst case, this could lead to a denial of service attack.\n\nThe security impact of this vulnerability could be significant, as it could allow an attacker to crash the kernel or even gain root privileges. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=24e7fdb26d37ba956d9b7bec2663bfbbdda0930d"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d836f5c69d87473ff65c06a6123e5b2cf5e56f5b"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"61e84623ace35ce48975e8f90bbbac7557c43d61"},{"limit":"d836f5c69d87473ff65c06a6123e5b2cf5e56f5b"},{"limit":"888934af187cd7168545711027db64006e7dad9d"},{"limit":"be1a2be7a7b0ed5a758fd8decc39386ba3b5d556"},{"limit":"cc93dcd31ebbae7795412a779db5f712d262f7cf"},{"limit":"e841252840c48e9a0e5add9d82796b1d55c0f653"}]}]}]}
{"id":"ab2c4557-9530-4805-ac7e-4fd4f0c6c35b","summary":["The tipc subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when using the tipc_udp_xmit() function. This vulnerability exists in all versions of the Linux Kernel from v4.5 until commit c3bcde026684c62d7a2b6f626dc7cf763833875c (v5.1.16, v4.14.132, v4.19.57, v5.2, v4.9.185)."],"details":["\n The patch commit for this vulnerability fixes a potential buffer overflow in the Linux kernel's TIPC udp tunnel implementation. The vulnerability exists because the udp_tunnel(6)_xmit_skb() function does not properly check if the tunnel device is valid before updating its statistics. This can lead to an attacker being able to overwrite arbitrary kernel memory, which could be used to execute arbitrary code or gain root privileges.\n\nVulnerabilities of this type are often exploited by sending a specially crafted packet to the target system. The packet will contain data that is designed to trigger the buffer overflow, which will then allow the attacker to execute arbitrary code or gain root privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code or gain root privileges on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c4c4b2bb358bb936ad7e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a43d8d4e7e8a7a9e149e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008ab73d058a787e2c%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000730ebf057edb3569%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a47c5f4c6c00fc1ed16e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a9e23ea2aa21044c2798"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9d4c12bfd45a58738d0a"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000001990a6057edb3931%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000066aa5f0581b6effe%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0290d2290a607e035ba1"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ecb2f8d3ea23fcbb273bcdcbde50c1cbc343f2d3"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000352b7e057cc0a13f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=1519ea6b53568c83a3426f1ec76330144c43d071"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3bcde026684c62d7a2b6f626dc7cf763833875c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b8814107823b7b5db841b2a9539edd212b8bb952"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000960cb60581fd746d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=a2a092a90708e3fb449df4f236eb68b1a1b206a7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"039f50629b7f860f36644ed1f34b27da9aa62f43"},{"limit":"c3bcde026684c62d7a2b6f626dc7cf763833875c"},{"limit":"2f973fe470fb3cd31636afc133d42019d6108ff1"},{"limit":"2bbb6b547fbe43cf6cbfdbb9e964c4ca51fed8eb"},{"limit":"1688b6aef2eb83dbfe6f9e5b0cb491535255a158"},{"limit":"cf9513b45f6408f12e84fca6a7bf83f62ac9d1bc"}]}]}]}
{"id":"a9ac5df7-bcda-4e05-b86c-e34d6735f406","summary":["The ext4 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ext4_find_extent function was used with bigalloc and inline. This vulnerability exists in all versions of the Linux Kernel from v6.2 until commit 835659598c67907b98cd2aa57bb951dfaf675c69 (v6.2.15, v5.15.111, v6.4, v6.3.2, v6.1.28, v5.10.180, v5.4.243)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the ext4 file system. This vulnerability occurs when an ext4 file system is using the bigalloc feature and the inline data feature is enabled. The vulnerability allows an attacker to read arbitrary data from the ext4 file system.\n\nVulnerabilities of this type are exploited by sending a specially crafted request to the ext4 file system. This request can cause the ext4 file system to free memory that is still being used. The attacker can then use this memory to read arbitrary data from the ext4 file system.\n\nThe security impact of this vulnerability could be significant. An attacker could use this vulnerability to read sensitive data from the ext4 file system, such as passwords or credit card numbers.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=835659598c67907b98cd2aa57bb951dfaf675c69"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=bf4bb7731ef73b83a3b4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000fb09de05f11a626d%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"131294c35ed6f777bd4e79d42af13b5c41bf2775"},{"limit":"835659598c67907b98cd2aa57bb951dfaf675c69"},{"limit":"770b0613637f59f3091dda1ff0c23671a5326b9c"},{"limit":"40566def189c513be2c694681256d7486cc6e368"},{"limit":"96d440bee177669dc0acedca0abd73bae6a9be8b"},{"limit":"a34f6dcb78c654ab905642c1b4e7e5fbb4f0babe"},{"limit":"11c87c8df2cae1d6be83c07e59fef0792de73482"},{"limit":"14da044725a3ab10affa3566d29c15737c0e67a4"}]}]}]}
{"id":"a9303e8e-2a44-44c2-b293-0279637bc755","summary":["The net/tls subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when calling accept on a TCP socket with a TLS ulp attached, as the ulp context is freed while a socket is destroyed, so after one of the sockets is released, the second second will trigger a use after free when it tries to access the ulp context attached to it. This vulnerability exists in all versions of the Linux Kernel from v4.13 until commit d91c3e17f75f218022140dee18cf515292184a8f (v4.15, v4.14.16)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the Linux kernel's TLS implementation. Vulnerabilities of this type are exploited by first allocating a resource, then freeing it and then using it again later. This can lead to arbitrary code execution if the resource is used in a way that allows an attacker to control its contents.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=904e7cd6c5c741609228"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/089e08282cc00b286905625a2281%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d91c3e17f75f218022140dee18cf515292184a8f"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3c4d7559159bfe1e3b94df3a657b2cda3a34e218"},{"limit":"d91c3e17f75f218022140dee18cf515292184a8f"},{"limit":"a022bbe393fbe3a1f471ee94d846be03f7fe2136"}]}]}]}
{"id":"a8c3f1f6-6fdd-491d-8bfe-c2c3046396b6","summary":["The block subsystem of the Linux Kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when using certain cgroup configurations because the bdi of the inode wasn't always freed after inode_detach_wb. This vulnerability exists in all versions of the Linux Kernel from v4.2 until commit 889c05cc5834a1eef2dbe1e639cfd7a81c4f4c6d (v5.15)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the Linux kernel's block device layer. This vulnerability occurs when the inode_detach_wb function references the \"main\" bdi of the inode, which can cause a use after free when using certain cgroup configurations.\n\nVulnerabilities of type use after free are exploited by first allocating a resource and then freeing it. The attacker then continues to use the resource after it has been freed, which can lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f899f205c982f8b0%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=889c05cc5834a1eef2dbe1e639cfd7a81c4f4c6d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=1fb38bb7d3ce0fa3e1c4"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"52ebea749aaed195245701a8f90a23d672c7a933"},{"limit":"889c05cc5834a1eef2dbe1e639cfd7a81c4f4c6d"}]}]}]}
{"id":"a7040bfb-9a52-4533-8ed5-a7fc2d5076ab","summary":["The tipc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tsk->group was freed after the socket lock was dropped. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 143ece654f9f5b37bedea252a990be37e48ae3a5 (v4.20, v4.19.14)."],"details":["The patch commit for this vulnerability fixes a potential NULL pointer dereference in the TIPC networking protocol. The fix checks the value of the tsk->group pointer before using it, which prevents a NULL pointer dereference from occurring if the pointer is freed after the socket lock is released.\n\nVulnerabilities of this type are exploited by sending a specially crafted message to the target system. The message contains a pointer that is later dereferenced by the target system, causing the NULL pointer dereference. This can lead to a denial of service or other security issues.\n\nThe security impact of this vulnerability could be a denial of service or other security issues. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=10a9db47c3a0e13eb31c"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000f05cb057ca3dad0%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=143ece654f9f5b37bedea252a990be37e48ae3a5"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"27bd9ec027f396457d1a147043c92ff22fc4c71e"},{"limit":"143ece654f9f5b37bedea252a990be37e48ae3a5"},{"limit":"dc6c13d5d5b47c8a1c0570176a3ad5887dc63b00"}]}]}]}
{"id":"a4f858fb-a5ef-4e06-af9b-9bd9b3ad325b","summary":["The net/tls subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tls_err_abort() function was called with a negative error code. This vulnerability exists in all versions of the Linux Kernel from v2.6.34, v4.17 until commit 68b6dea802cea0dbdd8bd7ccc60716b5a32a5d8a, da353fac65fede6b8b4cfe207f0d9408e3121105 (v5.14.16, v4.14.256, v5.16, v4.19.218, v5.10.80, v5.15, v5.14.19, v5.4.157, v5.15.3, v5.10.77, v4.9.291, v5.4.160, v4.4.293)."],"details":["The patch commit for this vulnerability fixes a race condition in the pcrypt crypto parallelization wrapper.\n\nVulnerabilities of type race condition are exploited by sending crafted input to a vulnerable system.\nThe attacker can then cause the system to execute arbitrary code with the privileges of the user running the vulnerable program.\n\nThe security impact of this vulnerability could be critical.\nAn attacker could use this vulnerability to take control of a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=68b6dea802cea0dbdd8bd7ccc60716b5a32a5d8a"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da353fac65fede6b8b4cfe207f0d9408e3121105"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b187b77c8474f9648fae"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b503bc05cb0ba623%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"5068c7a883d1694f0fb3631b664827644153cd08"},{"introduced":"c46234ebb4d1eee5e09819f49169e51cfc6eb909"},{"limit":"68b6dea802cea0dbdd8bd7ccc60716b5a32a5d8a"},{"limit":"da353fac65fede6b8b4cfe207f0d9408e3121105"},{"limit":"fb657a4e125d282a4fd8bbae10876b58c932121c"},{"limit":"af51aa2b858600e4f61c426b8996ff2139ec5acd"},{"limit":"5401e8894f3f4806c700343e50ae305e413be495"},{"limit":"8c1f8ee59477737e19414010fa7f4f8698124b50"},{"limit":"f3dec7e7ace38224f82cf83f0049159d067c2e19"},{"limit":"e0cfd5159f314d6b304d030363650b06a2299cbb"},{"limit":"fca288ae3d058a4b795bdc5bb154b8ae5566636d"},{"limit":"e41473543f75f7dbc5d605007e6f883f1bd13b9a"},{"limit":"d1e4d44821c3238355d2acf7603a08342b32f22a"},{"limit":"71ec65c7000425b2d7570a78ed9f42e3844169b1"},{"limit":"8cf265bafd334d943db50b32d2170df73343d26c"}]}]}]}
{"id":"a356ec95-88b9-403e-ae20-c5867c410b1c","summary":["The net subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a device name is destroyed while the device is still in use. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit e08ad80551b4b33c02f2fce1522f6c227d3976cf (v5.6)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's netdevice subsystem. This vulnerability could allow an attacker to execute arbitrary code on the kernel by sending a specially crafted packet to a network interface.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a network interface that causes the kernel to free memory that is still in use. This can then be used to overwrite other kernel memory and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the kernel. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=841c993f9f817343076270df761c6b8ef3bc116d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=f0472911e298321407c36d64ed4ca6082d2e5fba"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=4e573205fe493d6ccfea6a68feb96bb68df62d38"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=98026a213eb876853bdf863dd319d617b6614bc6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=0fbc196372c111b424b43f4f004b4f4c2ca878de"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ef4ee6c949f4fedd6c9a646f63f4eefec018566b"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=08e208f050294509ab8e18439a8809bc54d91957"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=242116e45aad680d3c0f380ba48a6ecd119665e4"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=af5f951ddaa29e341490de756afb056e1c52307c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=0b6dd59ca478c42517171884a6aa0329337c4915"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b0bb3a2a2b5b5ff6d9674070bee13a672a4ac5db"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=fdfff73811dbcf7ddd181268dd7ee7d19cafad56"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=60001d9c3a3813dd9c17a37944d6f4ca34c6672e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e08ad80551b4b33c02f2fce1522f6c227d3976cf"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"36fbf1e52bd3ff8a5cb604955eedfc9350c2e6cc"},{"limit":"e08ad80551b4b33c02f2fce1522f6c227d3976cf"},{"limit":"453c6a72ccea37b4d5e14d9fb14a01888ddedfab"},{"limit":"8c1a9009168ae9a44c0fb139791891a009875bbf"}]}]}]}
{"id":"a26df893-134c-4457-a0af-cf9595206723","summary":["The netfilter/nf_tables subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the flowtable hooks are not properly unregistered. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit 6069da443bf65f513bb507bb21e2f87cfb1ad0b6 (v5.16.12, v5.15.26, v5.17)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's netfilter subsystem. This vulnerability occurs when a flowtable is destroyed, but its hooks are not unregistered. This can lead to a malicious user being able to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the system. This packet will cause the flowtable to be destroyed, but its hooks will not be unregistered. The malicious user can then send another packet that triggers one of the flowtable's hooks. This will cause the kernel to execute arbitrary code in the context of the malicious user.\n\nThe security impact of this vulnerability could be severe. A malicious user could use it to execute arbitrary code on the system, which could lead to a complete compromise of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6069da443bf65f513bb507bb21e2f87cfb1ad0b6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c0069f05d38f279d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e918523f77e62790d6d9"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ff4bf2f42a40e7dff28379f085b64df322c70b45"},{"limit":"6069da443bf65f513bb507bb21e2f87cfb1ad0b6"},{"limit":"8ffb8ac3448845f65634889b051bd65e4dee484b"},{"limit":"b4fcc081e527aa2ce12e956912fc47e251f6bd27"}]}]}]}
{"id":"9fc1d260-ed55-4b8c-8f03-a192f0399ad3","summary":["The net/packet subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the packet is too big. This vulnerability exists in all versions of the Linux Kernel from v4.11 until commit eb73190f4fbeedf762394e92d6a4ec9ace684c88 (v4.18)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the Linux kernel's packet reception code. This vulnerability could allow an attacker to execute arbitrary code on the system with kernel privileges.\n\nVulnerabilities of this type are often exploited by sending a specially crafted packet to the target system. The packet is designed to trigger a buffer overflow in the packet reception code, which can then be used to overwrite memory and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain full control of the target system, which could then be used to steal sensitive data, install malware, or disrupt services.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=6363a526e7fb768fb443c8d7615e16f75c2fee1d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=cf7393b4bd452eebfbd5ce0a7de3f4db51c46aed"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb73190f4fbeedf762394e92d6a4ec9ace684c88"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2b6867c2ce76c596676bec7d2d525af525fdc6e2"},{"limit":"eb73190f4fbeedf762394e92d6a4ec9ace684c88"},{"limit":"2f59e1e852e80e70af5bf9d3bd96f39309071904"},{"limit":"6c2d8d7adb6370496654e36ce05e84202fb27d70"},{"limit":"c85df6eb6e86d38f3e0374e0557a4912427585f9"},{"limit":"ba2ce02e0584e130c8c61c65e3c1a17fde012193"},{"limit":"97336793121e944c6dbd80d3902e637db484152c"},{"limit":"97c37ac70d8cca44f8010e776dd3e87689801fc9"},{"limit":"e8f022fd94c99f3c07532f9b1a426aad02167ffa"}]}]}]}
{"id":"9d18a28e-4203-4ba0-a3b0-0376e5e3c381","summary":["The kobject subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when kobject_uevent(KOBJ_REMOVE) is called twice. This vulnerability exists in all versions of the Linux Kernel from v2.6.25 until commit c03a0fd0b609e2f5c669c2b7f27c8e1928e9196e (v3.16.74, v5.1.6, v4.19.47, v4.14.123, v5.2, v5.0.20)."],"details":["\n The patch commit for this vulnerability fixes a use-after-free vulnerability in the kobject_uevent() function. This vulnerability occurs when the kobject_uevent() function is called twice after the memory allocation fault injection has made kobject_uevent() from device_del() from input_unregister_device() fail. This can lead to a use-after-free vulnerability, which can be exploited by an attacker to gain elevated privileges.\n\nVulnerabilities of this type are exploited by injecting a memory allocation fault into the kobject_uevent() function. This can be done by sending a specially crafted packet to the kernel. Once the memory allocation fault has been injected, the kobject_uevent() function will be called twice, which can lead to a use-after-free vulnerability.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain elevated privileges on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f648cfb7e0b52bf7ae32"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c03a0fd0b609e2f5c669c2b7f27c8e1928e9196e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009ce64e0574fe896e%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0f4dafc0563c6c49e17fe14b3f5f356e4c4b8806"},{"limit":"c03a0fd0b609e2f5c669c2b7f27c8e1928e9196e"},{"limit":"29af8f36ea8b83eed0608d86fae1ff51d0b2728b"},{"limit":"2472b70889d535d56ae284345a1c51a725943504"},{"limit":"1e073f27b47c6be13940c984c461d08129aeb7f2"},{"limit":"bc75207a54dd4da58fef57466574f0d43e8d739c"},{"limit":"ce4390fb196b7d11993368f000673a3d5c015452"}]}]}]}
{"id":"9cbff86e-d66a-4f35-9e31-3ff16579dcc1","summary":["The afs subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the cell was not properly removed from the proc list. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 (v5.10, v5.9.2, v5.8.17)."],"details":["\n The patch commit for this vulnerability fixes a potential race condition in the AFS cell database management code. The vulnerability could allow an attacker to cause a denial of service by repeatedly removing a cell from the database, which could eventually lead to the proc list being removed.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. The packets can be crafted to exploit a weakness in the way the target system handles certain types of input, such as user input or network traffic.\n\nThe security impact of this vulnerability could be a denial of service. An attacker could use this vulnerability to prevent the target system from functioning properly.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=1ecc2f9d3387f1d79d42"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b9f2ac05b05ae349%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b994ecf2b023f14832c1"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000012d56705afd05d8b%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000057f8db05b05abc47%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000002b775d05b00bfdee%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0e0db88e1eb44a91ae8d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=2d0585e5efcd43d113c2"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e32a8b05b01f808a%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=18d51774588492bf3f69"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e82e1a05afd0605d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a5e4946b04d6ca8fa5f3"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"989782dcdc91a5e6d5999c7a52a84a60a0811e56"},{"limit":"1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6"},{"limit":"ab5faad5bd334e1a21e56318098025dc8cc004b4"},{"limit":"72ba8ec11f5f9eeb4f58c61a136cb783a3ce84e1"}]}]}]}
{"id":"9bc624ee-71cd-4f4b-8e28-30499c548bf7","summary":["The can/j1939 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ECTS requests a block with size and offset spanning two TP blocks. This vulnerability exists in all versions of the Linux Kernel from v5.4 until commit cd3b3636c99fcac52c598b64061f3fe4413c6a12 (v5.8.4, v5.7.18, v5.4.61, v5.9)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's CAN J1939 protocol implementation.\n\nA use-after-free vulnerability occurs when a program frees memory that is still being used, and then later attempts to access that memory. This can lead to arbitrary code execution or other serious security issues.\n\nIn this case, the vulnerability occurs when the CAN J1939 protocol implementation attempts to read data from a memory location that has already been freed. This can be exploited by an attacker to execute arbitrary code or to corrupt data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5322482fe520b02aea30"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd3b3636c99fcac52c598b64061f3fe4413c6a12"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005b5fc7059aa1df89%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"9d71dd0c70099914fcd063135da3c580865e924c"},{"limit":"cd3b3636c99fcac52c598b64061f3fe4413c6a12"},{"limit":"60be1488a3ae1350c0f629ef7956d9192cf6cba9"},{"limit":"cf3b3ffb272c6146da2c6f9afa59980a7aa78ef0"},{"limit":"020e7fe9b151ffd7826e336d90bccc290d2e416a"},{"limit":"e4abf63fb71f5ed2b316f5337fabbb17e75739eb"},{"limit":"ec46f0bd33567e1f81c1bee3c6cd8d71965ef039"},{"limit":"4e4cb1fdd489a5b8b4be87d14957acb5cff96aaf"}]}]}]}
{"id":"9b573dd4-4240-4ee3-a3fd-e3c7eab37001","summary":["The staging/wlan-ng subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the memset() function was used to initialize the hfa384x struct. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit fea22e159d51c766ba70473f473a0ec914cc7e92 (v4.14.199, v4.19.146, v5.8.10, v5.9, v4.9.237, v4.4.237, v5.4.66)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read in the prism2sta_probe_usb() function. This function is responsible for initializing the prism2sta USB device. The out-of-bounds read occurs when the function attempts to read data from an endpoint that does not exist. This could allow an attacker to read sensitive data from the kernel or to execute arbitrary code.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the affected system. These packets can cause the system to read data from an invalid memory location, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to read sensitive data from the kernel or to execute arbitrary code. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fea22e159d51c766ba70473f473a0ec914cc7e92"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f1976205aba77811%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=22794221ab96b0bab53a"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"faaff9765664009c1c7c65551d32e9ed3b1dda8f"},{"limit":"fea22e159d51c766ba70473f473a0ec914cc7e92"},{"limit":"7b26d4dd6ffac0c79a5bcd306f8618063e0ad123"},{"limit":"75ee09f3b745726be256394a08a301c00d8d0320"},{"limit":"5a023e34ee966b4e082dff5ed2b390584fb9bfca"},{"limit":"aae6cad8cb712f40aaafa8c23e4ec72e2f5e6962"},{"limit":"c570a3d660a2c5a21d2f3b1212bee0d33b03b215"},{"limit":"0a0b6ac0e4b2102c0c6fa673793b1409405bbbea"}]}]}]}
{"id":"9b41ab5c-06bf-4b94-a72a-ab74e24fb0fb","summary":["The tipc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the skb_unshare() function was used in tipc_buf_append() because it drops a reference count on the old skb unconditionally, so in the failure case, we end up freeing the skb twice here. This vulnerability exists in all versions of the Linux Kernel from v5.9 until commit ed42989eab57d619667d7e87dfbd8fe207db54fe (v5.10, v4.19.153, v4.9.241, v5.4.73, v4.4.241, v4.14.203, v5.9.2, v5.8.17)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the tipc_buf_append() function of the Linux kernel's TIPC networking protocol.\n\nVulnerabilities of type use-after-free are exploited by first allocating a memory buffer, then freeing it, and then using it again after it has been freed. This can allow an attacker to execute arbitrary code on the system with the privileges of the user running the vulnerable program.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system with the privileges of the user running the vulnerable program. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e96a7ba46281824cc46a"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000fe183705b0b1eb20%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed42989eab57d619667d7e87dfbd8fe207db54fe"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ff48b6222e65ebdba5a403ef1deba6214e749193"},{"limit":"ed42989eab57d619667d7e87dfbd8fe207db54fe"},{"limit":"3a4e7ac9fd56d8e34a274a9dad3dc67b564278f4"},{"limit":"26217e062f976fc4e2b7b8b6981a6d119435ea51"},{"limit":"7d31e5722cbf4e24bb893ed56705bcce6950f6cb"},{"limit":"a7d0ffde99d5f30182f03b414a9e6930d9f67f27"},{"limit":"bd6cdb5f53b8467c11f2a935f6c213ea257c8ab8"},{"limit":"cdc27eb1f52fe17857496df266da248cdb158d3f"},{"limit":"77cffe70bcd906f6c806c5686a28bbd09a5b698e"}]}]}]}
{"id":"9a78dd99-6c2c-4cf5-bd80-6a867793de74","summary":["The l2tp subsystem of the Linux kernel has a slab out of bounds write and use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when an arbitrary socket is accepted. This vulnerability exists in all versions of the Linux Kernel from v2.6.35 until commit 17cfe79a65f98abe535261856c5aef14f306dff7 (v4.16)."],"details":["The patch commit for this vulnerability fixes a potential vulnerability in the Linux kernel's L2TP implementation. The fix ensures that only UDP sockets are accepted as L2TP tunnels, preventing an attacker from using a RAW socket to bypass security restrictions.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system. The packets can be used to execute arbitrary code on the system or to gain access to sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of a vulnerable system or to steal sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=63fac1a987fb08f242a98a35578b3eb14c7a9a93"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=8393c021d960cd9b36203efd312343a26d011997"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17cfe79a65f98abe535261856c5aef14f306dff7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"fd558d186df2c13a22455373858bae634a4795af"},{"limit":"17cfe79a65f98abe535261856c5aef14f306dff7"},{"limit":"8e16f75441958445ac75cf044e96145fa6c18035"},{"limit":"2d5b0ed04c5ab5e0bd7626b27161ea055e578963"},{"limit":"2e017ead9b03445338877e951334cda71ac84b65"},{"limit":"8e903f5083908ee9a087f270099c8b0e92cd343b"},{"limit":"4d2a62907278533789973df7b28f404c17b3988c"},{"limit":"84fc2d7c220324000afb3559d9b4a0cea7066004"},{"limit":"cab9db13999c148a075a629180610c4700e46054"},{"limit":"bdb1a295ee5897b938b0decf360236e40bbe3a1c"}]}]}]}
{"id":"9978d30a-e9c0-4763-9e66-60a6137ee0e0","summary":["The packet subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the packet was shorter than the ll reserved space, as skb->mac_len may exceed skb->len after skb_mac_reset_len. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit 993675a3100b16a4c80dfd70cbcde8ea7127b31d (v4.18)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the packet_snd function in the Linux kernel. This vulnerability could allow an attacker to execute arbitrary code on the system by sending a specially crafted packet.\n\nVulnerabilities of this type are exploited by sending a packet with a length that is larger than the maximum allowed length. This causes the packet to be stored in an area of memory that is not properly allocated, which can lead to a buffer overflow.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993675a3100b16a4c80dfd70cbcde8ea7127b31d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=0540b60313a5559f649e9940e45c9a320c885806"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba"},{"limit":"993675a3100b16a4c80dfd70cbcde8ea7127b31d"},{"limit":"01a8ef2f327a6fe5075ee5027c9fa02df42c1c4e"},{"limit":"4770fdc633650794717f5f1c2011a8c570e09cce"},{"limit":"75425326b88ccdbcdecc652b1f6f672c0bd286d0"},{"limit":"a2186f729d694c7d510d175ec59dd7b6298641d6"}]}]}]}
{"id":"95fe0008-0a4b-4275-a9b7-393f7f45ee1d","summary":["The crypto/vmac subsystem of the Linux kernel has a slab out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when multiple threads concurrently use the same \\\"vmac(aes)\\\" transform through AF_ALG. This vulnerability exists in all versions of the Linux Kernel from v2.6.32 until commit bb29648102335586e9a66289a1d98a0cb392b6e5 (v4.9.121, v4.19, v4.17.16, v3.18.119, v4.4.149, v3.16.62, v4.14.64, v4.18.2)."],"details":["\n The patch commit for this vulnerability fixes a race condition in the VMAC hash algorithm that could allow an attacker to crash the kernel.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access the same data or resource at the same time in an unintended way. This can cause the kernel to crash or produce incorrect results.\n\nThe security impact of this vulnerability could be denial of service or data corruption. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f7b199056ebfc5ef%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=264bca3a6e8d645550d3"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb29648102335586e9a66289a1d98a0cb392b6e5"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f1939f7c56456d22a559d2c75156e91912a2e97e"},{"limit":"bb29648102335586e9a66289a1d98a0cb392b6e5"},{"limit":"55c689bd3d1c7c5ccddea1aac75ed67e5af8464a"},{"limit":"990e47782e40868c425f19e26ef7f049f828a9e1"},{"limit":"81ad8a8e866755385a216cebbb9ae54ad0b31ea2"},{"limit":"335e988310f9bf17b94001945f0c6985e54c88b4"},{"limit":"217adca3b54b81a8d5e194022f3895d9cecb5c8d"},{"limit":"58a60fc8e062fd61859c5aa7a0756d20517961b3"},{"limit":"e7aefb13e61c52e025c510bc6372dc08edbdf27b"}]}]}]}
{"id":"94d9a9e0-556c-4748-b406-10ece52b179e","summary":["The keys subsystem of the Linux kernel has a slab out of bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when parsing ASN.1 data values. This vulnerability exists in all versions of the Linux Kernel from v3.7 until commit 2eb9eabf1e868fda15808954fb29b0f105ed65f1 (v4.14)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read during ASN.1 parsing.\n\nASN.1 is a standard for encoding data structures. It is used in many\ndifferent protocols, including X.509 certificates and SSH.\n\nThe vulnerability is that the length of an ASN.1 data value isn't validated\nin the case where it is encoded using the short form. This can cause the\ndecoder to read past the end of the input buffer, which can lead to\narbitrary code execution.\n\nVulnerabilities of this type are often exploited by sending a specially\ncrafted ASN.1 data structure to a vulnerable server. The server will then\nattempt to decode the data structure, which will cause it to read past the\nend of the input buffer and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker\ncould exploit it to execute arbitrary code on a vulnerable server.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2eb9eabf1e868fda15808954fb29b0f105ed65f1"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=76b1f877893d053ac5d62d6ccaad2d6c0d28f161"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"42d5ec27f873c654a68f7f865dcd7737513e9508"},{"limit":"2eb9eabf1e868fda15808954fb29b0f105ed65f1"},{"limit":"5148d5b12d2aa505dd622b79caae40b8886adaab"},{"limit":"5a3b40184c18e8bf3797d5850ffab9026f2f304c"},{"limit":"618b930317fbea5561f9e5b07b26468d595ec110"},{"limit":"c5db4fc4850b64d4b7b2f551c9c439c2d38b422b"},{"limit":"cb14a0dd1f74fc2eb2125d200ef785685fc1098a"},{"limit":"ef2518bac6306b00cae25b6f9232d73ebe3804e9"}]}]}]}
{"id":"91e82e64-0985-403b-9518-ebf8ac42d1e1","summary":["The tipc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the skb_cb->bytes_read was still accessed after calling tsk_advance_rx_queue() to free the skb in tipc_recvmsg(). This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit cc19862ffe454a5b632ca202e5a51bfec9f89fd2 (v5.14.7, v5.4.148, v5.10.68, v4.19.207)."],"details":["The patch commit for this vulnerability fixes an use-after-free issue in the tipc_recvmsg function. This function is responsible for receiving messages on a TIPC socket. The vulnerability occurs when the skb_cb->bytes_read field is accessed after the tsk_advance_rx_queue() function has been called to free the skb. This can lead to a kernel panic.\n\nVulnerabilities of this type are exploited by sending a specially crafted message to a TIPC socket. This message will cause the skb_cb->bytes_read field to be accessed after the skb has been freed, resulting in a kernel panic.\n\nThe security impact of this vulnerability could be severe. A malicious user could exploit this vulnerability to crash the kernel or execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e6741b97d5552f97c24d"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000017e9a105c768f7a0%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc19862ffe454a5b632ca202e5a51bfec9f89fd2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f4919ff59c2828064b4156e3c3600a169909bcf4"},{"limit":"cc19862ffe454a5b632ca202e5a51bfec9f89fd2"},{"limit":"bd02719fe29c9514c7cec70040b71af13e549e11"},{"limit":"79ab38864d5ea49f46c771be0d3f4db3231e37d2"},{"limit":"ee3ffd56b40ea6e5128502d03b49ffb53a09c7f6"},{"limit":"ba099fe50c0aeb682382facbefc5d6aaa83e7226"}]}]}]}
{"id":"9166d848-481e-4171-9394-72df9e7e3f71","summary":["The net/sched subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the action insertions are not committed together. This vulnerability exists in all versions of the Linux Kernel from v4.19 until commit 0fedc63fadf0404a729e73a35349481c8009c02f (v5.8.15, v5.4.71, v5.9)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the net_sched subsystem of the Linux kernel.\n\nVulnerabilities of this type are exploited by first allocating a memory object, then freeing it, and then using it again after it has been freed. This can lead to a variety of security issues, including data corruption and privilege escalation.\n\nIn this case, the vulnerability is caused by a failure to properly check whether an action has been successfully inserted into the global IDR before freeing it. This can lead to a use-after-free when another process frees the action after it has been inserted into the IDR.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to corrupt kernel memory or escalate their privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=205989e750599f129037ec08fb5cedbbd1e5f134"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e6ed0205afc0287c%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fedc63fadf0404a729e73a35349481c8009c02f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=2287853d392e4b42374a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=99845d9d7da6f50ed85d1d0c52259abd36b118a2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0190c1d452a91c38a3462abdd81752be1b9006a8"},{"limit":"0fedc63fadf0404a729e73a35349481c8009c02f"},{"limit":"03b7311c2d351647c43ab9c4451e1e2b782c4252"},{"limit":"22e6625babfc1fe349032cd46237085b91aae076"}]}]}]}
{"id":"9082d314-209a-421f-8198-569989011cbf","summary":["The tcp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tcp_rtx_queue_unlink() function is called. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 2bec445f9bf35e52e395b971df48d3e1e5dc704a (v5.5)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the TCP stack.\n\nA use-after-free vulnerability occurs when a program frees memory that is still being used, and then later attempts to access that memory. This can lead to a variety of security problems, including data corruption, privilege escalation, and denial of service.\n\nIn this case, the vulnerability occurs in the tcp_rtx_queue_unlink() and tcp_rtx_queue_unlink_and_free() functions. These functions are responsible for removing packets from the TCP retransmission queue.\n\nThe vulnerability occurs when a packet is removed from the queue, but the pointer to the packet is not updated. This can lead to a situation where the program attempts to access the packet after it has been freed, which can cause a variety of problems.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to corrupt data, escalate privileges, or cause a denial of service.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=4fa11e2f5ab9a65a32c8366d39d0915b433b48af"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2bec445f9bf35e52e395b971df48d3e1e5dc704a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=7be8b464a3a27e6dc5c73d3ffe3b56dc0cf51e52"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"50895b9de1d3e0258e015e8e55128d835d9a9f19"},{"limit":"2bec445f9bf35e52e395b971df48d3e1e5dc704a"},{"limit":"9bbde0825846002c6931f41fbbd71eeb848ca0e1"},{"limit":"69486bfa064e77895392be3ad6a7b29d22556668"},{"limit":"5b7b87aee7ee21d3a62753e95fc243844d802a7b"}]}]}]}
{"id":"8e7f02f7-1712-42c2-a30c-3a69a3c7f9a5","summary":["The ntfs3 subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the index header is corrupted or malicious. This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit ab84eee4c7ab929996602eda7832854c35a6dda2 (v6.2.15, v5.15.111, v6.4, v6.3.2, v6.1.28)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the ntfs3 filesystem's index header. This vulnerability could be exploited by a malicious user to cause a kernel panic or other system instability.\n\nVulnerabilities of this type are exploited by providing a malicious file system image that contains invalid data. When the kernel attempts to read from this data, it will cause a segmentation fault or other error.\n\nThe security impact of this vulnerability could be significant. A malicious user could use it to cause a denial of service attack or to gain root privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000eed81005ef24ecc9%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9c2811fd56591639ff5f"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab84eee4c7ab929996602eda7832854c35a6dda2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"82cae269cfa953032fbb8980a7d554d60fb00b17"},{"limit":"ab84eee4c7ab929996602eda7832854c35a6dda2"},{"limit":"114204d25e1dffdd3a0c1cfbba219afd344f4b4f"},{"limit":"9163a5b4ed290da4a7d23fa92533e0e81fd0166e"},{"limit":"4a034ece7e2877673d9085d6e7ed45e6ee40b761"},{"limit":"c58ea97aa94f033ee64a8cb6587d84a9849b6216"}]}]}]}
{"id":"878c72a8-1ad8-4d8d-8b46-b8cfe9e9644b","summary":["The ntfs3 subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the value of __le32 used is greater than the value of __le32 total in struct INDEX_HDR. This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit b8c44949044e5f7f864525fdffe8e95135ce9ce5 (v6.2.15, v5.15.111, v6.4, v6.3.2, v6.1.28)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read (OOB read) vulnerability in the Linux kernel's NTFS3 file system driver.\n\nVulnerabilities of this type are exploited by sending specially crafted data to a vulnerable system. This can cause the system to read data from an incorrect location in memory, which can lead to arbitrary code execution or other serious security issues.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain root privileges on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d882d57193079e379309"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e1f8d005ef0cbed8%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8c44949044e5f7f864525fdffe8e95135ce9ce5"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"82cae269cfa953032fbb8980a7d554d60fb00b17"},{"limit":"b8c44949044e5f7f864525fdffe8e95135ce9ce5"},{"limit":"cd7e1d67924081717c5c96ead758a1a77867689a"},{"limit":"4bf3b564e27a518f158a83d5e1a50064ed6136a0"},{"limit":"17048287ac79abd33b275ac3b5738285d406481b"},{"limit":"a7e5dba10ba1402dd6c2f961a70320770865c4a5"}]}]}]}
{"id":"873465c3-78ab-46f6-aafe-354aee78d778","summary":["The netfilter subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the map->members was freed by ip_set_free() right before using it in mtype_ext_cleanup() again. This vulnerability exists in all versions of the Linux Kernel from v3.13 until commit c120959387efa51479056fd01dc90adfba7a590c (v5.4.14, v4.9.211, v5.5, v3.16.83, v4.14.167, v4.19.98, v4.4.211)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netfilter subsystem. A use-after-free vulnerability occurs when a program frees memory but continues to use it after it has been freed. This can allow an attacker to execute arbitrary code or gain access to sensitive data.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory, then freeing it, and then using it again. This can be done by tricking the program into freeing memory that it does not own, or by freeing memory that is still in use.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code or gain access to sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=4c3cc6dbe7259dbf9054"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c120959387efa51479056fd01dc90adfba7a590c"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f744e0059bcd8216%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"40cd63bf33b21ef4d43776b1d49c605f876fe32c"},{"limit":"c120959387efa51479056fd01dc90adfba7a590c"},{"limit":"071b66b3808260ab35b725fc9f7e5466637a2b9e"},{"limit":"629ae6077258ed01dc5ee66b242cb0c87593c0cb"},{"limit":"7253498cc2446dd92d5342bea99ef4af5d71916f"},{"limit":"eeb17d5f629494b463dd0075d992d816dc90432b"},{"limit":"dcefdeff4de8a95f546455a25bc9ea328b778230"},{"limit":"b7e18348617f7e7f93409860a1aedd543ba91e3d"},{"limit":"2afd32b8dfccece89f08cce9f00fa513ff0446ef"}]}]}]}
{"id":"86fe112b-e842-413b-bd2e-703ffd5b0b7c","summary":["The genetlink subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the family->attrbuf is not protected by any lock on the genl_family_rcv_msg_doit() code path. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit bf64ff4c2aac65d680dc639a511c781cf6b6ec08 (v5.7.10, v5.8)."],"details":["\n The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's genetlink subsystem.\n\nVulnerabilities of this type are exploited by sending a specially crafted network packet to a vulnerable system. This can cause the system to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=736bcbcb11b60d0c0792"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000009e7b05a8c33d11%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a9000405a8ffe8f1%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=520f8704db2b68091d44"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=80cad1e3cb4c41cde6ff"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f7e03b05a8c33c97%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bf64ff4c2aac65d680dc639a511c781cf6b6ec08"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c96e4dfb32f8987fdeed"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000069c84c05a907f415%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=3039ddf6d7b13daf3787"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b8269a05a8aeda77%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"057af70713445fad2459aa348c9c2c4ecf7db938"},{"limit":"bf64ff4c2aac65d680dc639a511c781cf6b6ec08"},{"limit":"54e5e458698fa3cc736627a8219a4d3c436a0418"},{"limit":"42253b65c673a656209845b8a49d70124585bdda"}]}]}]}
{"id":"8538365e-8539-492c-9bd1-53f1aa445de6","summary":["The net/ipv6/route subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ip6_route_mpath_notify function was called. This vulnerability exists in all versions of the Linux Kernel from v4.11 until commit f7225172f25aaf0dfd9ad65f05be8da5d6108b12 (v4.18)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's IPv6 routing code.\n\nA use-after-free vulnerability occurs when a piece of memory that has been freed is still used by the program. This can allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are often exploited by attackers by sending specially crafted packets to the target system. The packets can be crafted to trigger the use-after-free vulnerability, which can then be used to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system, which could allow them to take control of the system or install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThe vendor has provided an official fix for this vulnerability. The fix can be found in the following commit:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3530550233200000\n\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7225172f25aaf0dfd9ad65f05be8da5d6108b12"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=45cf4865bc441624c0bea42d8e9dbdc2a8a0fa14"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3b1137fe74829e021f483756a648cbb87c8a1b4a"},{"limit":"f7225172f25aaf0dfd9ad65f05be8da5d6108b12"},{"limit":"57d6f87ac3619b980248972b386a8bfd8f045275"}]}]}]}
{"id":"8515343b-a5c9-4fe5-9b01-5e77bd059935","summary":["The smc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the smc->clcsock was released before unhashing the smc sock, as a parallel smc_diag_dump() may be still reading smc->clcsock. This vulnerability exists in all versions of the Linux Kernel from v4.16 until commit 26d92e951fe0a44ee4aec157cabb65a818cc8151 (v4.20.4, v4.19.17, v5.0)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's SMC subsystem. This vulnerability occurs when the SMC subsystem releases a socket before unhashing it, which can allow a malicious user to access sensitive data or execute arbitrary code.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This packet can cause the target system to free memory that is still in use, which can lead to a variety of security issues.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain root access on a target system or to steal sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e3132895630f957306bc"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000644f7e057e7748d6%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f183880570be89ba%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000fbad1405711f113c%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=78abe3d0dfad196959b1246003366e2610775ea6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=fbd1e5476e4c94c7b34e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=26d92e951fe0a44ee4aec157cabb65a818cc8151"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0bf2e01269f1274b4b03"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"51f1de79ad8ed3555fd01ae8fd432691d397684b"},{"limit":"26d92e951fe0a44ee4aec157cabb65a818cc8151"},{"limit":"8dc262df0c6f304657a0d6db071a7287390307af"},{"limit":"4fa151046fdb214e933e49d20ddd8ec3db914871"}]}]}]}
{"id":"825ce132-498d-4087-a654-e8c28ab6a926","summary":["The apparmor subsystem of the Linux kernel has a stack-out-of-bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the apparmor policy is changed. This vulnerability exists in all versions of the Linux Kernel from v4.11 until commit 250f2da49cb8e582215a65c03f50e8ddf5cd119c (v4.14.84, v4.20, v4.19.5)."],"details":["The patch commit for this vulnerability fixes an uninitialized value in aa_split_fqname. This could lead to an out-of-bounds read.\n\nVulnerabilities of this type are exploited by providing an invalid input that causes the application to read data from an unintended location. This could allow an attacker to read sensitive information from the kernel or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=250f2da49cb8e582215a65c03f50e8ddf5cd119c"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000091f2660576c17fab%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=61e4b490d9d2da591b50"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3b0aaf5866bf92a3e47627a02ed5e1be6d7cc110"},{"limit":"250f2da49cb8e582215a65c03f50e8ddf5cd119c"},{"limit":"c8a1685aa3cb6209c26da50f10364a9842fe2fda"},{"limit":"d0a636aa44f9e7cbac2a90e191bc0ad840b10b9e"}]}]}]}
{"id":"81a99ddc-6a6a-4235-8817-225a5054f05d","summary":["The fscache subsystem of the Linux kernel has a slab-out-of-bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the length of the cache volume key is greater than 127. This vulnerability exists in all versions of the Linux Kernel from v5.17 until commit 9f0933ac026f7e54fe096797af9de20724e79097 (v6.1, v6.0.11)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read vulnerability in the fscache subsystem.\n\nOut-of-bounds read vulnerabilities occur when an application attempts to read data from a memory location that is outside of its allocated memory space. This can lead to sensitive data being leaked or arbitrary code being executed.\n\nIn this case, the vulnerability occurs when the fscache subsystem attempts to read the volume name from a cache entry. If the volume name is longer than 127 characters, the value of a->key[0] will be less than 0. This will cause the klen variable to be much larger than 255 after type conversion, which will result in an out-of-bounds read.\n\nThe security impact of this vulnerability could be significant. An attacker could exploit this vulnerability to read sensitive data from the kernel or to execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f0933ac026f7e54fe096797af9de20724e79097"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a5d1ac05e76a23bb%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a76f6a6e524cf2080aa3"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"62ab63352350e881ae693a8236b35d7d0516c78b"},{"limit":"9f0933ac026f7e54fe096797af9de20724e79097"},{"limit":"a751898a460ebaeb531b7dbebfb98c49a6c330e4"}]}]}]}
{"id":"80f93f21-437f-4552-9337-27b748a20232","summary":["The tipc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the packet was dropped on error and then freed again. This vulnerability exists in all versions of the Linux Kernel from v4.9 until commit acb4a33e9856d5fa3384b87d3d8369229be06d31 (v4.14.92, v4.20, v4.9.149, v4.19.14)."],"details":["The patch commit for this vulnerability fixes a double kfree_skb() in the tipc_udp_xmit() function. This could lead to a use-after-free vulnerability, which could be exploited by an attacker to execute arbitrary code on the system.\n\nVulnerabilities of type use-after-free are exploited by first allocating a buffer of memory, then writing data to that buffer. The attacker then frees the buffer, but continues to use the data that was written to it. This can lead to a variety of security problems, including arbitrary code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e3e546057cafb90b%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acb4a33e9856d5fa3384b87d3d8369229be06d31"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=eae585ba2cc2752d3704"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ef20cd4dd1633987bcf46ac34ace2c8af212361f"},{"limit":"acb4a33e9856d5fa3384b87d3d8369229be06d31"},{"limit":"336e822a0d48a65cd1d8ab6b5671ec737fb65c56"},{"limit":"b66ecc4f0b36597ee993b93f3a3a161f8309bab4"},{"limit":"3009452fb260459deff51533f284dd0d004cbbac"}]}]}]}
{"id":"80ea0641-d5b1-4ffc-a4c2-f53b794d96a2","summary":["The smack subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the task's credentials structure was freed without locking, which could allow multiple tasks to share the same credentials structure. This vulnerability exists in all versions of the Linux Kernel from v4.4 until commit beb4ee6770a89646659e6a2178538d2b13e2654e (v4.19.139, v5.4.58, v4.9.233, v5.7.15, v5.9, v4.14.194, v4.4.233, v5.8.1)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's smackfs subsystem. A use-after-free vulnerability occurs when a program frees memory that is still being used, which can allow an attacker to execute arbitrary code.\n\nVulnerabilities of this type are exploited by first allocating a large amount of memory. The attacker then frees the memory while it is still being used, and then overwrites the freed memory with code that they control. When the program attempts to use the freed memory, it will execute the attacker's code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on a victim's system, which could lead to the theft of sensitive data or the installation of malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=beb4ee6770a89646659e6a2178538d2b13e2654e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e6416dabb497a650da40"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000279c705a799ae31%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"38416e53936ecf896948fdeffc36b76979117952"},{"limit":"beb4ee6770a89646659e6a2178538d2b13e2654e"},{"limit":"415988b1eba2f7dee97612086954b3d0782767e5"},{"limit":"1ac55c8875fe49db86e454acfa8aaef01c0135a7"},{"limit":"a963ddc8fffada154a87ca407fdfc850618ba49b"},{"limit":"5ec142a2e9e6542372f80c42184c8dfb97c69f14"},{"limit":"c9ed4e46ab77d5948faebc6656230a46db02654e"},{"limit":"67b4be302ca89d49cacc37373049b421b8bcec4e"},{"limit":"5f5fb7cea82859673397ff07fa2bca4e9dfd3a97"},{"limit":"cd417f1a17d91ea0a8b1d42b0da09353f82f9626"},{"limit":"2bec2c3c129f9e6b9b2767c254cedbe6b550cd55"},{"limit":"698080a23ea543b9e6b68c354571d6d804eab8df"}]}]}]}
{"id":"8077b224-eac8-4387-869e-8d6408892b82","summary":["The crypto subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ChaCha20 algorithms or the ARM bit-sliced AES-XTS algorithms access an uninitialized IV pointer when the input is empty. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit 2b4f27c36bcd46e820ddb9a8e6fe6a63fa4250b8 (v4.15)."],"details":["The patch commit for this vulnerability fixes a potential NULL pointer dereference vulnerability in the Linux kernel's crypto API. The vulnerability occurs when an application uses the skcipher_walk_virt() function to process an empty input buffer. In this case, the IV pointer is not initialized, and the skcipher_walk_virt() function attempts to dereference it, resulting in a NULL pointer dereference.\n\nVulnerabilities of this type are exploited by sending an empty input buffer to a vulnerable application. This can be done by using a specially crafted network packet or by exploiting a buffer overflow vulnerability in an application that uses the skcipher_walk_virt() function.\n\nThe security impact of this vulnerability could be severe. A malicious attacker could exploit this vulnerability to execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b4f27c36bcd46e820ddb9a8e6fe6a63fa4250b8"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b80f9804c9c52325a0fd34df04f5c05bc238a23d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=d841d0560a2b94da20b7330b7941bb5f52daebcb"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0cabf2af6f5ac3c88cb106c4e06087a5a39b8e1e"},{"limit":"2b4f27c36bcd46e820ddb9a8e6fe6a63fa4250b8"},{"limit":"29082870f58a9b0c793bea745de52a07c74f09aa"}]}]}]}
{"id":"7e471401-899e-4c9e-89ac-d221bb859f4f","summary":["The net/ipv4/udp_tunnel.c subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a gtp_encap_enable_socket call is made. This vulnerability exists in all versions of the Linux Kernel from v4.7 until commit 940ba14986657a50c15f694efca1beba31fa568f (v5.5)."],"details":["The patch commit for this vulnerability fixes a potential vulnerability in the GTP protocol implementation in the Linux kernel. The fix ensures that only SOCK_DGRAM UDP sockets are accepted by the GTP protocol, which prevents malicious users from using RAW sockets and fooling GTP into using them as standard SOCK_DGRAM UDP sockets.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system. These packets can cause the system to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b53aed2f936728226c331a4dc0b4f89d742fda9c"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=940ba14986657a50c15f694efca1beba31fa568f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=fb7ed6c3b2a69045e6b84a4ef30816f0f48791a9"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"459aa660eb1d8ce67080da1983bb81d716aa5a69"},{"limit":"940ba14986657a50c15f694efca1beba31fa568f"},{"limit":"3410eb22b6bbfa3f842bfa9e09337567507148d6"},{"limit":"45c1ba2f26bff75de88b7f4d3df4026f935b6f76"},{"limit":"4f0996db42deebaf7e58dc01a6e197dfa562aa9d"},{"limit":"6cbb9683d7437f9c1ae96a7a8e3add38e0ed2560"},{"limit":"d3b5ecceea7dc3ce36c5306b3e45bd75cd192291"}]}]}]}
{"id":"7e2e7297-dd13-4313-a721-906ba3520944","summary":["The net/rtnetlink subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the rtnetlink_rcv_msg function is called. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit 44bfa9c5e5f06c72540273813e4c66beb5a8c213 (v5.6)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the rtnetlink subsystem. The fix ensures that the IFLA_ALT_IFNAME attribute is nul terminated before it is copied into a userspace buffer.\n\nBuffer overflow vulnerabilities are exploited by sending a specially crafted packet to a vulnerable system. The packet contains data that is larger than the buffer that is supposed to store it. When the system attempts to copy the data into the buffer, it overwrites adjacent memory locations. This can allow an attacker to execute arbitrary code on the system or to gain access to sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to steal sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=27ae1ae5c54e09f8c86dd9428df048e7886be6dc"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=d8a28f332e6e688cd5bd1ea54f1d503197ce8945"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ebdff5806ffa85d72b4de2c63478fc4557302450"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=46af6f72642c8a5f54720f9e7ffadce314564372"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44bfa9c5e5f06c72540273813e4c66beb5a8c213"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=95c5fc174e0c18651c02474215faa6f955141db9"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=fa1beec9e289d95d138ecfba35ed20e102166056"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=cca595b4a0bc40e856ed359c9aabc94d6dca1bd7"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=589697e4c5206661852fa9c1cb2beefe953dfed8"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=389b56ff60e5a29548b601e5852f79dc916c710f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=440bd455ada801e22b505ea2d43e052357b79470"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=1367bd8acc38681ca86e3bedd1b7c8b6082af124"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=93ce54bba70dd1f0a7227ae5c8d0a669ddcdbec9"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"36fbf1e52bd3ff8a5cb604955eedfc9350c2e6cc"},{"limit":"44bfa9c5e5f06c72540273813e4c66beb5a8c213"},{"limit":"4e03f37aa6096d0e1f6daccafe46da16f6a9abee"},{"limit":"a8d2610a4413066faa15b3d47b6342eba4600b19"}]}]}]}
{"id":"7cc7054e-c65e-40f7-8941-20dc9f6d6550","summary":["The rxrpc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the rxrpc_peer record was freed while still holding a reference on the rxrpc_local record. This vulnerability exists in all versions of the Linux Kernel from v4.13, v4.17 until commit 55f6c98e3674ce16038a1949c3f9ca5a9a99f289, 9ebeddef58c41bd700419cdcece24cf64ce32276 (v4.19.82, v5.4, v5.3.9)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's rxrpc subsystem.\n\nVulnerabilities of this type are exploited by first allocating a resource, such as a memory buffer, and then freeing it. However, the code that frees the resource does not properly check to ensure that all references to the resource have been released. This can allow an attacker to continue to use the resource after it has been freed, which can lead to a variety of security problems.\n\nIn this case, the vulnerability occurs in the rxrpc_put_peer() function. This function is responsible for freeing a rxrpc_peer structure, which represents a remote peer in an rxrpc connection. The function does not properly check to ensure that all references to the rxrpc_peer structure have been released before freeing it. This can allow an attacker to continue to use the rxrpc_peer structure after it has been freed, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain access to sensitive information or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b9be979c55f2bea8ed30"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55f6c98e3674ce16038a1949c3f9ca5a9a99f289"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ebeddef58c41bd700419cdcece24cf64ce32276"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f6a13b059132aa6c%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1159d4b496f57d5b8ee27c8b90b9d01c332e2e11"},{"introduced":"2baec2c3f854d1f79c7bb28386484e144e864a14"},{"limit":"55f6c98e3674ce16038a1949c3f9ca5a9a99f289"},{"limit":"9ebeddef58c41bd700419cdcece24cf64ce32276"},{"limit":"9b7fc03b4cdbfb668b6891967105258691c6d3b5"},{"limit":"63e93bdd123f48249c1c361b173b1e1e0914c5ec"},{"limit":"8d9c4a9b867771efbddd6a7d5df6c284babbbd04"},{"limit":"e8e51ce79c157188e209e5ea0afaf6b42dd76104"}]}]}]}
{"id":"7aeea20b-cc5c-4323-b642-b5da835eaf5d","summary":["The net/sched subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when replacing ingress or clsact Qdiscs, for example, the old Qdisc (\\\"@old\\\") could access the same miniq_{in,e}gress pointer(s) concurrently with the new Qdisc (\\\"@new\\\"). This vulnerability exists in all versions of the Linux Kernel from v2.6.12, v5.3 until commit c7cfbd115001f94de9e4053657946a383147e803, 84ad0af0bccd3691cb951c2974c5cb2c10594d4a (v5.15.116, v6.3.7, v6.1.33, v6.4, v4.19.285, v5.10.183, v6.1.35, v5.4.246, v6.3.9)."],"details":["The patch commit for this vulnerability fixes a bug in the Linux kernel's network scheduler that could allow an attacker to cause a denial of service (DoS) attack.\n\nThe vulnerability is caused by a race condition in the code that handles ingress and clsact Qdiscs. These Qdiscs are used to control traffic on network interfaces. The race condition occurs when a new Qdisc is being created while an old Qdisc is still being destroyed. This can cause the new Qdisc to overwrite data that the old Qdisc is still using, resulting in a DoS attack.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a network interface. The packets trigger the race condition, which causes the new Qdisc to overwrite data that the old Qdisc is still using. This can cause the network interface to stop working, resulting in a DoS attack.\n\nThe security impact of this vulnerability could be significant. A DoS attack could prevent a network from functioning properly, which could lead to loss of productivity and revenue.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006cf87705f79acf1a%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b53a9c0d1ea4ad62da8b"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7a096d579e8e2bd8b8ff34d5ef3093cd9bf3f13b"},{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"c7cfbd115001f94de9e4053657946a383147e803"},{"limit":"84ad0af0bccd3691cb951c2974c5cb2c10594d4a"},{"limit":"5f67d33c01b3527910e678e07aa1d8f0bc806ea4"},{"limit":"4ba62831247717dcd3878f4f65883a52d7e298f1"},{"limit":"89a0f4dcae43941d3193bc56ae573f74483fd06d"},{"limit":"79f44ff3a75c30d10cd62cebf4c82c919bb55374"},{"limit":"1efc22ce4a6952d7cf7d543a497d8018ef41ccd9"},{"limit":"cff0af3d1364b6f3a841ac89d30321610961e4d0"},{"limit":"ea3f336f717a8f9236ed50959781c8caa56fa4b8"},{"limit":"1b0163b2dc3b5b1f20ceecf04f11e2ba6b3066ca"}]}]}]}
{"id":"7a237b48-b907-4c3e-9a6c-c8c58e5305d4","summary":["The ntfs subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ntfs_listxattr() function is called. This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit 3c675ddffb17a8b1e32efad5c983254af18b12c2 (v6.5)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds vulnerability in the Linux kernel's NTFS file system driver. This vulnerability occurs when the ntfs_listxattr() function is called on a file with an invalid extended attribute (EA). In this case, the ea->name_len field is 0, which causes the Add2Ptr() function to visit invalid memory. This can lead to a kernel panic or other undefined behavior.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted file to a victim system. When the victim opens the file, the vulnerability is triggered and the kernel panics or crashes.\n\nThe security impact of this vulnerability could be significant. A malicious actor could exploit this vulnerability to crash a victim system or gain unauthorized access to its files.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ea3c3105ef377a12%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9fcea5ef6dc4dc72d334"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c675ddffb17a8b1e32efad5c983254af18b12c2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"be71b5cba2e6485e8959da7a9f9a44461a1bb074"},{"limit":"3c675ddffb17a8b1e32efad5c983254af18b12c2"}]}]}]}
{"id":"764b7d1d-338f-454e-b3db-f2d306a4ce4d","summary":["The packet subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when another thread was managing to change po->rollover while packet_getsockopt() was processing PACKET_ROLLOVER_STATS command. This vulnerability exists in all versions of the Linux Kernel from v4.2 until commit 509c7a1ecc8601f94ffba8a00889fefb239c00c6 (v4.14)."],"details":["The patch commit for this vulnerability fixes a race condition in the packet_getsockopt() function that could allow an attacker to cause a denial of service (kernel panic) or possibly execute arbitrary code.\n\nVulnerabilities of type race condition are exploited by having two or more threads access a shared resource at the same time and causing the threads to interfere with each other.\n\nThe security impact of this vulnerability could be a denial of service or possibly execution of arbitrary code. The most likely case is that the vulnerability would be used to cause a denial of service.\n\nTo resolve this vulnerability, patch the kernel to the version that includes the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=509c7a1ecc8601f94ffba8a00889fefb239c00c6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=e156a232c04f562480a0394f4f06372e1fe4061d"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"a9b6391814d5d6b8668fca2dace86949b7244e2e"},{"limit":"509c7a1ecc8601f94ffba8a00889fefb239c00c6"},{"limit":"57ffb0ecf367b584183943fbaba770c0929a89d3"},{"limit":"d552c8c5007afe1a614f8bc92507d8789aa70307"},{"limit":"e186faf27b12f5466e060a5f3ea1a667f1b5bd04"}]}]}]}
{"id":"716d77ed-59a4-4c78-a6e2-e05c359d0fcc","summary":["The fuse subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the request was freed before it was finished being processed. This vulnerability exists in all versions of the Linux Kernel from v4.2 until commit bc78abbd55dd28e2287ec6d6502b842321a17c87 (v4.19.3, v4.20, v4.18.20, v4.14.82, v4.4.164, v4.9.138)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's FUSE file system implementation. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nVulnerabilities of this type are exploited by first sending a specially crafted request to the vulnerable system. This request will cause the system to free memory that is still being used, allowing the attacker to access or modify that memory. The attacker can then use this access to gain control of the system or to steal sensitive information.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of the system or to steal sensitive information. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000001e09780575bc189a%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=4e975615ca01f2277bdd"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc78abbd55dd28e2287ec6d6502b842321a17c87"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"46c34a348b0ac74fc9646de8ef0c5b8b29f09da9"},{"limit":"bc78abbd55dd28e2287ec6d6502b842321a17c87"},{"limit":"f7e709c59e587b996d1ab9d9f2957fc24f613d1b"},{"limit":"d94b3a2375cbbd55e6961c7b0dd1f8a75ebc8e10"},{"limit":"7574afe0cfc0e103f309a721880d195f38b292e0"},{"limit":"e8e17b1be3e804ae552677c8159825718d29f68a"},{"limit":"7996b1c0eaefc5745c982301ca483f99555842e4"}]}]}]}
{"id":"70e74fbb-1d79-4d3b-b940-9178ef4ce69a","summary":["The l2tp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the dst cache is freed multiple times. This vulnerability exists in all versions of the Linux Kernel from v3.2 until commit 6d37fa49da1e8db8fb1995be22ac837ca41ac8a8 (v4.19, v4.9.123, v4.17.18, v3.16.62, v4.14.66, v4.18.4, v3.18.120, v4.4.151)."],"details":["The patch commit for this vulnerability fixes a race condition in the Linux kernel's L2TP implementation. This race condition could allow an attacker to cause a denial of service (DoS) or potentially execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. The packets exploit the race condition to cause the kernel to free memory that is still in use, which can lead to a DoS or arbitrary code execution.\n\nThe security impact of this vulnerability could be significant. A successful exploit could allow an attacker to take control of the target system or prevent it from functioning properly.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ea6a3225be87d7228976b8088945fb6da3c92fc4"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d37fa49da1e8db8fb1995be22ac837ca41ac8a8"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9824322d106666c1f8ebeb8fa329b91dea75b390"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=05f840f3b04f211bad55"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"71b1391a41289735676be02e35239e5aa9fe6ba6"},{"limit":"6d37fa49da1e8db8fb1995be22ac837ca41ac8a8"},{"limit":"4ea1da6d1c60e294c86fc07c8dfb1980d203525e"},{"limit":"4aef9b0fffd2295b1c523ebf43ca6b46e9cc8ffa"},{"limit":"46be8e4471d7159dc4ce14289d2f244956754ba9"},{"limit":"ae7d506b72db2f7c1e37233fecd05393767e2dcb"},{"limit":"719710e960a5f6bfa0852ffc1af9ad6bb125511d"},{"limit":"1bc83bf2342f247af788b807d7039b02231297a5"},{"limit":"996e65d8fb23fc6c65e8ab38e0d87f69b6e9d498"}]}]}]}
{"id":"6f97c920-7138-4192-8135-7938d08d9cc6","summary":["The bpf subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when allocating a map with 0xfffffffd entries out of a userns. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1 (v4.9.77, v4.4.112, v4.14.14)."],"details":["The patch commit for this vulnerability fixes an overflow in the max_entries field of the bpf_map_def structure. This could allow an attacker to allocate a map with an invalid number of entries, which could lead to a denial of service or other security issues.\n\nVulnerabilities of this type are exploited by providing an invalid value for a field that is used to calculate the size of a buffer. This can cause the buffer to be allocated with an incorrect size, which can lead to data corruption or other problems.\n\nThe security impact of this vulnerability could be a denial of service or other security issues. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d2f5524fb46fd3b312ee"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b0efb8e572d01bce1ae0"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c06de30df3d1605626b941b%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113f9226e3e3ef05626b94f0%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=61d23c95395cc90dbc2b"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0d363c942452cca68c01"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a114abbd0c75d1905626bd8ed%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6c15e9744f75f2364773"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a114fcf2ce7d12705626b943d%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113ac5e2eb4e0705626b94c0%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"b2157399cc9898260d6031c5bfe45fe137c1fbe7"},{"limit":"bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1"},{"limit":"67c05d9414512e1f9040d29e37e3d5533d8c51dd"},{"limit":"095b0ba360ff9a86c592c1293602d42a9297e047"},{"limit":"820ef2a0e54c4bed27758e393d09157d0d48c94c"}]}]}]}
{"id":"6f6b2607-e8ab-401a-92e6-94313b8e08b4","summary":["The usb/gadget subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the gadget core sets dev->driver to NULL between the test and the dereference of dev->driver. This vulnerability exists in all versions of the Linux Kernel from v3.1 until commit 16b1941eac2bd499f065a6739a40ce0011a3d740 (v5.10.108, v4.14.273, v4.19.236, linux, v4.9.308, v5.16.17, v5.15.31, v5.4.187)."],"details":["The patch commit for this vulnerability fixes a use-after-free bug in the Linux kernel's USB gadget driver. The bug occurs when the gadget driver sets the udc->dev.driver field to NULL, which can then be dereferenced after it has been freed. This can lead to a kernel panic or other system instability.\n\nVulnerabilities of this type are exploited by first sending a specially crafted USB device to the target system. The device will then exploit the use-after-free bug to gain root privileges on the system.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain root privileges on the target system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005a991a05a86970bb%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=348b571beb5eeb70a582"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16b1941eac2bd499f065a6739a40ce0011a3d740"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2ccea03a8f7ec93641791f2760d7cdc6cab6205f"},{"limit":"16b1941eac2bd499f065a6739a40ce0011a3d740"},{"limit":"2015c23610cd0efadaeca4d3a8d1dae9a45aa35a"},{"limit":"609a7119bffe3ddd7c93f2fa65be8917e02a0b7e"},{"limit":"00bdd9bf1ac6d401ad926d3d8df41b9f1399f646"},{"limit":"4325124dde6726267813c736fee61226f1d38f0b"},{"limit":"e2d3a7009e505e120805f449c832942660f3f7f3"},{"limit":"27d64436984fb8835a8b7e95993193cc478b162e"},{"limit":"2282a6eb6d4e118e294e43dcc421e0e0fe4040b5"}]}]}]}
{"id":"6e9e2bfe-fe98-4bb0-b7c6-29bcd811553c","summary":["The neigh subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when iterating over pneigh structures. This vulnerability exists in all versions of the Linux Kernel from v2.6.37 until commit f3e92cb8e2eb8c27d109e6fd73d3a69a8c09e288 (v5.2)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's neighbour subsystem. This vulnerability could allow an attacker to read arbitrary kernel memory, which could lead to privilege escalation or other attacks.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the kernel to allocate a new neighbour structure, but the structure will not be properly initialized. The attacker can then use this structure to read arbitrary kernel memory.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to read sensitive information from the kernel, such as passwords or encryption keys. They could also use it to gain root privileges or execute arbitrary code on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3e92cb8e2eb8c27d109e6fd73d3a69a8c09e288"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=c112d4b50c3b9c37b8afa2bcef8e4fe217bbddc9"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=3087ab5e780e6c242118b2f47a0f093c6015de1a"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"767e97e1e0db0d0f3152cd2f3bd3403596aedbad"},{"limit":"f3e92cb8e2eb8c27d109e6fd73d3a69a8c09e288"},{"limit":"a7d1e0ea831ddc40b889c06fe448bea3898a5e6a"},{"limit":"753aa75560899f79795bffb2f5d5784f2a5bcbf0"},{"limit":"d97ce9c779ac98da71e2639cb13ea04e46c94912"},{"limit":"103835df6821a57edf1ec5e0b33b379fa37dd35f"},{"limit":"c55ce1da3d25c851b878af036ac804a36a03061a"},{"limit":"1bad37d8251ba2c47ad91913a8a51f52ffe2874b"}]}]}]}
{"id":"6e69622d-3784-4059-a795-e4e06ca66001","summary":["The f2fs subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the atomic write aborts were not properly synchronized. This vulnerability exists in all versions of the Linux Kernel from v5.19 until commit a46bebd502fe1a3bd1d22f64cedd93e7e7702693 (v6.1.18, v6.3, v6.2.5)."],"details":["The patch commit for this vulnerability fixes a race condition between atomic write aborts in the f2fs file system.\nVulnerabilities of type race condition are exploited by sending crafted input to a program that is not properly handling concurrent access.\nThe security impact of this vulnerability could be data corruption or denial of service.\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=823000d23b3400619f7c"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a46bebd502fe1a3bd1d22f64cedd93e7e7702693"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000099fc4705f1192c71%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3db1de0e582c358dd013f3703cd55b5fe4076436"},{"limit":"a46bebd502fe1a3bd1d22f64cedd93e7e7702693"},{"limit":"102b82708c1523b36d421cb8687746906069bc17"},{"limit":"b7724360714642099cec907f54f42e55f5325453"}]}]}]}
{"id":"6d5b11c2-3871-4a2a-b0eb-2aa43641a574","summary":["The qrtr subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the socket was not properly detached from the qrtr, as otherwise skb->sk may still reference the socket when skb is released in tun->queue. This vulnerability exists in all versions of the Linux Kernel from v4.18 until commit af9f691f0f5bdd1ade65a7b84927639882d7c3e5 (v5.7.12, v5.4.55, v4.19.136, v5.8)."],"details":["The patch commit for this vulnerability fixes a use-after-free (UAF) vulnerability in the Linux kernel's qrtr subsystem. The vulnerability occurs when a socket is released without first detaching it from its associated queue. This can lead to a situation where the socket's sk_wq field still points to the queue, even though the socket has been freed. This can be exploited by an attacker to gain access to sensitive data or to execute arbitrary code.\n\nVulnerabilities of type UAF are exploited by first allocating a resource (such as a socket) and then freeing it without first ensuring that all references to the resource have been removed. This can leave the resource in a state where it can be accessed by an attacker.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to execute arbitrary code. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=af9f691f0f5bdd1ade65a7b84927639882d7c3e5"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000014e30705aaec3cc5%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6720d64f31c081c2f708"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"28fb4e59a47d7f1f0c7a26d2ed3a671c26158536"},{"limit":"af9f691f0f5bdd1ade65a7b84927639882d7c3e5"},{"limit":"e36c0c74826d3c34dd3aef60724c8df86f03c18f"},{"limit":"b7d3d6df72a85552a4c6f3a8e5611a7847425314"},{"limit":"4b864ae664966e490cdf91ff8bbce6377c5552db"},{"limit":"f2ce9ac238828b16c9d89f7a2a8613869359c985"},{"limit":"f88a85cc9fde754f2cd485a4b48c4bcf8032c5c8"}]}]}]}
{"id":"6cc680c4-4c42-408d-a84d-85c6e3d67789","summary":["The net subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a packet with a transport header extending beyond skb_headlen(skb) is received. This vulnerability exists in all versions of the Linux Kernel from v2.6.34 until commit 9274124f023b5c56dc4326637d4f787968b03607 (v5.7)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow vulnerability in the Linux kernel's GSO (Generic Segmentation Offload) implementation. GSO is a feature that allows network drivers to offload the task of splitting large packets into smaller ones to the network hardware.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. The packet is designed to cause the kernel to allocate a buffer that is larger than necessary. When the kernel attempts to copy data from the packet into the buffer, it will overwrite adjacent memory locations. This can lead to a variety of security problems, including privilege escalation and data corruption.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system or to corrupt critical system files. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=a8e52aea23a08661ca01bb5346bb78d35df76b50"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=1f0cb39636774fcacd954ab0bd24a0ebf086e4e0"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9274124f023b5c56dc4326637d4f787968b03607"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b231d3cdebf3228503a8f04ebe17404ec0129e1b"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"bfd5f4a3d605e0f6054df0b59fe0907ff7e696d3"},{"limit":"9274124f023b5c56dc4326637d4f787968b03607"},{"limit":"f12aa513fe47e910bed3526e57ae1ce6c9412e24"},{"limit":"a0c23ec2171f98e401504bb6b789410f1646a686"},{"limit":"7bbf73e918be8ade6dcf790195186fc027aa86a9"},{"limit":"803f899ed5b70c6911af25430d4b20c88977329f"},{"limit":"65f84d3ee69601813886e6669331b969ef2bdd57"},{"limit":"87e0c4f6ad0e678310764dba8a0cf2418811ab1a"}]}]}]}
{"id":"6ae0ced4-1e90-4c10-a7fb-54f2dc21d535","summary":["The minix filesystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the maximum file size is too large. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit 270ef41094e9fa95273f288d7d785313ceab2ff3 (v4.19.140, v5.7.16, v4.9.233, v5.9, v4.14.194, v5.8.2, v4.4.233, v5.4.59)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow vulnerability in the minix filesystem. The vulnerability occurs when the maximum file size is read directly from the on-disk superblock and isn't validated itself. This can lead to out-of-bounds memory accesses when accessing indirect index blocks.\n\nVulnerabilities of this type are exploited by providing a specially crafted file that causes the maximum file size to be set to a very large value. This can then be used to access memory that is outside of the bounds of the file, which can lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000034e65105a42dcc5e%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6e056ee473568865f3e6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c7d9ec7a1a7272dd71b3"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=270ef41094e9fa95273f288d7d785313ceab2ff3"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000004af71905a50c973a%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=3b7b03a0c28948054fb5"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006e87c405a6187d76%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"270ef41094e9fa95273f288d7d785313ceab2ff3"},{"limit":"954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d"},{"limit":"1f91bd267b6222c092dcc42d8b5a262214ca2172"},{"limit":"0900097ef667097b0a4afb0155a4f5add77ece19"},{"limit":"4f72f9b4861cee3fa881bef6e850f0f2d0b3e338"},{"limit":"48fcd08b90e39ab10043eef61f729a2e26864e08"},{"limit":"a25ca5ea23ed88e4bacaba54e225bf7d73643d98"},{"limit":"2e91bbf598b284e27d57bd77a37f8764dcf64d93"},{"limit":"b4fc51a4d14a5ae8705696420b2d92a4a6d1fc24"},{"limit":"db1f4c745a91c3988c57cefb125c7a01711de5e2"},{"limit":"c929fdd9b7ac92ad546eb4eea6ae76e6f2969e75"}]}]}]}
{"id":"69a6b11a-e35c-470a-b47f-acaa0ee774bf","summary":["The staging/rtl8712 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver was doing clean up stuff in 2 different places which can run concurrently. This vulnerability exists in all versions of the Linux Kernel from v3.3 until commit e9e6aa51b2735d83a67d9fa0119cf11abef80d99 (v5.13.10, v5.10.58, v5.14)."],"details":["\n The patch commit for this vulnerability fixes an error handling bug in the rtl8712 driver. The driver was incorrectly cleaning up resources when a firmware load failed. This could lead to a use-after-free vulnerability, which could be exploited by an attacker to gain elevated privileges.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the driver to attempt to load a firmware image that is not properly signed. The driver will then attempt to clean up the resources that were allocated for the firmware image, even though the image was never loaded. This can lead to a use-after-free vulnerability, which can be exploited by an attacker to gain elevated privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a target system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9e6aa51b2735d83a67d9fa0119cf11abef80d99"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cc699626e48a6ebaf295"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000087b4c305c6f8a243%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008678f205c77a1b93%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5872a520e0ce0a7c7230"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"8c213fa59199f9673d66970d6940fa093186642f"},{"limit":"e9e6aa51b2735d83a67d9fa0119cf11abef80d99"},{"limit":"faec2c68ea5fa6c237723467156ae29637527781"},{"limit":"9f57b942c4f3e3082aea6140ef81d51dd982d2b2"}]}]}]}
{"id":"69079c62-5db3-4aff-8fb7-19f4016c780d","summary":["The exfat subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the cluster number is not within valid range in exfat_clear_bitmap() and exfat_set_bitmap(). This vulnerability exists in all versions of the Linux Kernel from v5.7 until commit 64ba4b15e5c045f8b746c6da5fc9be9a6b00b61d (v5.10.120, v5.15.45, v5.18.2, v5.19, v5.17.13)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds read vulnerability in the exfat filesystem. The fix adds a check to ensure that the cluster number passed to the exfat_clear_bitmap() and exfat_set_bitmap() functions is within the valid range.\n\nVulnerabilities of this type are exploited by passing an invalid cluster number to the affected function, which can cause the function to read data from outside of the allocated memory. This can lead to the disclosure of sensitive information or the execution of arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain root privileges or to access sensitive information on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-android-bugs/000000000000528e8a05dcd3d934%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a4087e40b9c13aad7892"},{"type":"WEB","url":"https://android.googlesource.com/kernel/common/+/82f723b8a5adf497f9e34c702a30ca7298615654^!"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1e49a94cf707204b66a3fb242f2814712c941f52"},{"limit":"64ba4b15e5c045f8b746c6da5fc9be9a6b00b61d"},{"limit":"2193286402df2d9c53294f7a858d5e6fd7346e08"},{"limit":"82f723b8a5adf497f9e34c702a30ca7298615654"},{"limit":"7c58b14b6f9cde9f69e7fa053ab73f6e013a7131"},{"limit":"c504167adc3248095a905fa0700a9693897cb5ed"}]}]}]}
{"id":"68a58f70-5eff-4bc4-8b3b-32fea1a71eaa","summary":["The netfilter subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when registering a netfilter hook. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit 56763f12b0f02706576a088e85ef856deacc98a0 (v5.17)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netfilter subsystem.\n\nA use-after-free vulnerability occurs when a program frees memory that is still being used, and then later attempts to access that memory. This can lead to arbitrary code execution or other serious security issues.\n\nIn this case, the vulnerability occurs in the __nf_register_net_hook() function. This function is responsible for registering netfilter hooks, which are used to intercept and modify network traffic.\n\nThe vulnerability occurs when the function frees memory that is still being used by the nf_hook_entries_get_hook_ops() function. This can lead to an attacker being able to execute arbitrary code or cause other serious security issues.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code or cause other serious security issues.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56763f12b0f02706576a088e85ef856deacc98a0"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=5f78045f24cd5965ee29bb7fe106904e42f80d52"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2420b79f8c18a75ee2417cace381f4604b9b4365"},{"limit":"56763f12b0f02706576a088e85ef856deacc98a0"},{"limit":"05f7927b25d2635e87267ff6c79db79fb46cf313"},{"limit":"49c24579cec41e32f13d57b337fd28fb208d4a5b"},{"limit":"5a8076e98dde17224dd47283b894a8b1dbe1bc72"},{"limit":"8b0142c4143c1ca297dcf2c0cdd045d65dae2344"},{"limit":"bd61f192a339b1095dfd6d56073a5265934c2979"},{"limit":"bdd8fc1b826e6f23963f5bef3f7431c6188ec954"}]}]}]}
{"id":"6897392d-14c5-4d01-9150-9bb01f09caa2","summary":["The block subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the disk->ev was freed twice. This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit 99d8690aae4b2f0d1d90075de355ac087f820a66 (v5.16.3, v5.15.17, v5.17)."],"details":["The patch commit for this vulnerability fixes an error unwinding issue in the device_add_disk function. This function is responsible for adding a disk to the system. The fix ensures that the disk is properly freed when an error occurs during the addition process.\n\nVulnerabilities of this type are exploited by sending specially crafted input to the system. This can cause the system to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on the system or to execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b1ef3205d318ff2c%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=28a66a9fbc621c939000"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99d8690aae4b2f0d1d90075de355ac087f820a66"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"83cbce9574462c6b4eed6797bdaf18fae6859ab3"},{"limit":"99d8690aae4b2f0d1d90075de355ac087f820a66"},{"limit":"c4e1577ccb7b8f6917144a63931960923a236453"},{"limit":"7be5c25e31556f44bf7c4a2079184dcc93768c5d"}]}]}]}
{"id":"63da6db8-b660-4371-9862-fb2442253931","summary":["The p9 subsystem of the Linux kernel has a double free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the sysfs_slab_add() function failed. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit 757fed1d0898b893d7daa84183947c70f27632f3 (v4.14.218, v5.4.94, v4.4.254, v4.9.254, v4.19.172, v5.11, v5.10.12)."],"details":["\n The patch commit fixes a double-free vulnerability in the Linux kernel's slub memory allocator. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first allocating a large amount of memory from the slub allocator. The attacker then frees the memory, but does not actually release it. This causes the slub allocator to create a new slab cache for the freed memory. The attacker can then use this new slab cache to allocate memory that is not properly initialized. This memory can then be used to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=757fed1d0898b893d7daa84183947c70f27632f3"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d0bd96b4696c1ef67991"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000672eda05b9e291ff%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"dde3c6b72a16c2db826f54b2d49bdea26c3534a2"},{"limit":"757fed1d0898b893d7daa84183947c70f27632f3"},{"limit":"c27a2a1ecf699ed8d77eafa59ae28d81347eac20"},{"limit":"08b227d9f380aff229fe7eb3e43c0d90ac14ec38"},{"limit":"ab98f2e2620d42d6bd08142611046ee928c08e54"},{"limit":"bf5eb7d21ab01c12c35df05dddd15f9f2ad5ba71"},{"limit":"4c3134adf3391ffc8ac959be83ea8b6c56342cc3"},{"limit":"690f6da58e6bb85432b6ee96e635a32fa0cdd8b1"}]}]}]}
{"id":"6300509b-3e2e-4d28-ad79-6517c4fe55ad","summary":["The mm/madvise subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the madvise_willneed function is called. This vulnerability exists in all versions of the Linux Kernel from v5.4 until commit 7867fd7cc44e63c6673cd0f8fea155456d34d0de (v5.4.64, v5.8.8, v5.9)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's madvise() system call.\n\nVulnerabilities of this type are exploited by first allocating a memory region using mmap(), then calling madvise() to change the memory's access permissions. The attacker then frees the memory using munmap(), but still retains a pointer to it. Finally, the attacker uses the pointer to access the freed memory, which can lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system with the privileges of the user who called madvise().\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b90df26038d1d5d85c97"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7867fd7cc44e63c6673cd0f8fea155456d34d0de"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e44b7d05ad6624df%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"692fe62433d4ca47605b39f7c416efd6679ba694"},{"limit":"7867fd7cc44e63c6673cd0f8fea155456d34d0de"},{"limit":"9b4a9e89f6e87516edd5e5a610abe15d1cad5ec9"},{"limit":"f4fa8d937edf7cf6acd394957e5c58fb09024ac3"}]}]}]}
{"id":"62b8d31d-d76e-418d-a08f-fab2982dd209","summary":["The can/bcm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the bcm op was not properly freed. This vulnerability exists in all versions of the Linux Kernel from v4.10 until commit (v4.14.264, v4.4.302, v4.9.300)."],"details":["\n The patch commit for this vulnerability fixes a race condition in the Linux kernel's netfilter subsystem. This race condition could allow a local attacker to execute arbitrary code on the kernel.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access the same data at the same time. This can cause the data to be corrupted, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the kernel, which could allow them to take control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit. The vendor has provided an official fix for this vulnerability.\n```\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5ca851459ed04c778d1d"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-lts-bugs/000000000000dbd9fd05b164d889%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=632881680ba0fab07a47157e9db3a029710abbac"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"a06393ed03167771246c4c43192d9c264bc48412"}]}]}]}
{"id":"6197876e-75c4-4a95-90e6-6e166df98b34","summary":["The tracepoint subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a tracepoint callback was not properly removed from the array of callbacks. This vulnerability exists in all versions of the Linux Kernel from v2.6.28 until commit befe6d946551d65cddbd32b9cb0170b0249fd5ed (v5.11.3, v4.9.259, v5.10.20, v5.4.102, v4.4.259, v4.14.223, v5.12, v4.19.178)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the Linux kernel's tracepoint subsystem.\n\nVulnerabilities of type use-after-free are exploited by first freeing a memory region that is still in use, and then re-using that memory region for a different purpose. This can allow an attacker to execute arbitrary code or gain other privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code or gain other privileges on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=83aa762ef23b6f0d1991"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000cf2beb05b23d328f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d29e58bb557324e55e5e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=befe6d946551d65cddbd32b9cb0170b0249fd5ed"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000004500b05b31e68ce%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"97e1c18e8d17bd87e1e383b2e9d9fc740332c8e2"},{"limit":"befe6d946551d65cddbd32b9cb0170b0249fd5ed"},{"limit":"5d8daeb5b793b38d7d0be4a673566e07bbeb5e50"},{"limit":"7a77bf015ede8aa4ef303638cf24fc9399221e3c"},{"limit":"e59e0ced076313e3c5357650921bfa03d1cdd7af"},{"limit":"ccbdf0c8704edd813a9aa257f676b81b9c1754c4"},{"limit":"8a40ca0c8b9fa66e165f6019ccc63a10a95766e1"},{"limit":"75f4d0fb87a578c7483ebe881f283dea12ee396d"},{"limit":"dc782e5a4d4cd20e5c365532b85be53696f0c320"}]}]}]}
{"id":"616f6660-d0e7-4f56-b877-e4d4623cf5d7","summary":["The Bluetooth subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the mgmt_pending_remove() function was called twice. This vulnerability exists in all versions of the Linux Kernel from v6.0 until commit 029bde79fb7969dcd9a4b2940efc06e9404a9df1 (v6.1)."],"details":["The patch commit for this vulnerability fixes a double free vulnerability in the Bluetooth subsystem of the Linux kernel. A double free vulnerability occurs when a program frees the same memory twice, which can lead to a memory corruption and potentially arbitrary code execution.\n\nVulnerabilities of this type are often exploited by attackers to gain control of a victim's system. In this case, the attacker could use the vulnerability to execute arbitrary code on the victim's system, which could allow them to steal sensitive data, install malware, or take control of the system.\n\nThe security impact of this vulnerability could be severe. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3cfbc6ac22d62d0a06be9ce2996ba9fed75436cd"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=915a8416bf15895b8e07"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d010b705e66d8520%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c"},{"limit":"029bde79fb7969dcd9a4b2940efc06e9404a9df1"}]}]}]}
{"id":"5ebd70eb-2daf-4d34-b9c8-a1da9e162269","summary":["The netfilter/ebtables subsystem of the Linux kernel has a out of bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the padding wasn't considered during computation of ->buf_user_offset. This vulnerability exists in all versions of the Linux Kernel from v2.6.34 until commit e608f631f0ba5f1fc5ee2e260a3a35d13107cbfe (v4.4.208, v4.14.162, v5.4.8, v5.5, v3.16.83, v4.19.93, v4.9.208)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds write vulnerability in the netfilter ebtables compat code.\n\nVulnerabilities of this type are exploited by providing malicious input that causes the program to write data to an area of memory that it is not allowed to access. This can lead to a variety of problems, including data corruption, privilege escalation, and denial of service.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to crash the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e608f631f0ba5f1fc5ee2e260a3a35d13107cbfe"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f68108fed972453a0ad4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000cd9e600599b051e5%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"81e675c227ec60a0bdcbb547dc530ebee23ff931"},{"limit":"e608f631f0ba5f1fc5ee2e260a3a35d13107cbfe"},{"limit":"cd5f9ef5a5ab4ebf62895773f23a0acd5d7020e5"},{"limit":"315f24df6b96f42b8af958cc2b1391c5453a8be4"},{"limit":"751e2557dec2138de64ef9d63078305b051ca04a"},{"limit":"69bb99133686bf9b8c7b5143c0bc2ae23d6cd63b"},{"limit":"9a6c2819cb43b3844ccddb009b92b6350973ca0f"},{"limit":"b54ba0dc0d2f0829510797f5128d0ceb0a6c4f7d"},{"limit":"35b61a14c3493f89dba313d1ed8cf39b21d48cd5"}]}]}]}
{"id":"5e1562bb-aab4-406a-936e-241d9fa0cbed","summary":["The iommufd subsystem of the Linux kernel has a slab use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the iopt_area_contig_done() function is called outside the iova_rwsem. This vulnerability exists in all versions of the Linux Kernel from v6.2 until commit dbe245cdf5189e88d680379ed13901356628b650 (v6.5)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the iommufd subsystem. The vulnerability occurs when an iterator is used to iterate over a list of areas, and the iterator is not properly invalidated after the list is modified. This can lead to a situation where the iterator is used to access an area that has already been freed, resulting in a use-after-free vulnerability.\n\nVulnerabilities of this type are exploited by first allocating a large amount of memory. The attacker then uses a technique called heap spraying to overwrite the contents of the memory with code that will execute when the memory is freed. When the memory is freed, the attacker's code will be executed, giving them control of the system.\n\nThe security impact of this vulnerability could be significant. An attacker could use this vulnerability to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6c8d756f238a75fc3eb8"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000905eba05fe38e9f2%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"51fe6141f0f64ae0bbc096a41a07572273e8c0ef"},{"limit":"dbe245cdf5189e88d680379ed13901356628b650"}]}]}]}
{"id":"5c7ee66d-98cb-4d72-b0f5-32f5e5c50230","summary":["The xfrm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the hlist_del_rcu function was called on the about to be reinserted policy. This vulnerability exists in all versions of the Linux Kernel from v5.0 until commit fd709721352dd5239056eacaded00f2244e6ef58 (v5.2.6, v5.3)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's xfrm subsystem. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the kernel to free some memory that is still in use. The attacker can then send another packet that will cause the kernel to use this freed memory, which will lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be very high. An attacker could use it to gain root privileges on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d028b30588fed102%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0165480d4ef07360eeda"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd709721352dd5239056eacaded00f2244e6ef58"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1548bc4e0512700cf757192c106b3a20ab639223"},{"limit":"fd709721352dd5239056eacaded00f2244e6ef58"},{"limit":"af7ab21bd5ef62e9ac61f128a910f120f9bbf084"}]}]}]}
{"id":"5b86a4b4-158f-472b-be01-1fc7b1ac45d1","summary":["The Bluetooth subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when connecting the same socket twice consecutively in sco_sock_connect(). This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit 7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2 (v5.15.46, v5.10.121, v5.4.198, v4.9.318, v5.18.3, v4.14.283, v5.19, v5.17.14, v4.19.247)."],"details":["The patch commit for this vulnerability fixes a race condition in the Bluetooth SCO socket code that could lead to a use-after-free.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system.\n\nThe security impact of this vulnerability could be arbitrary code execution on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b2725705ca78de29%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=2bef95d3ab4daa10155b"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e1dee2c1de2b4dd00eb44004a4bda6326ed07b59"},{"limit":"7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2"},{"limit":"6f55fac0af3531cf60d11369454c41f5fc81ab3f"},{"limit":"537f619dea4e3fa8ed1f8f938abffe3615794bcc"},{"limit":"390d82733a953c1fabf3de9c9618091a7a9c90a6"},{"limit":"99df16007f4bbf9abfc3478cb17d10f0d7f8906e"},{"limit":"7d61dbd7311ab978d8ddac1749a758de4de00374"},{"limit":"9de3dc09e56f8deacd2bdbf4cecb71e11a312405"},{"limit":"36c644c63bfcaee2d3a426f45e89a9cd09799318"},{"limit":"65d347cb39e2e6bd0c2a745ad7c928998ebb0162"}]}]}]}
{"id":"5b55a240-9e51-4cdf-8d6e-4312168ffffc","summary":["The ptr_ring subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ->producer pointer is beyond the new size at the end of the operation. This vulnerability exists in all versions of the Linux Kernel from v4.8 until commit aff6db454599d62191aabc208930e891748e4322 (v4.14.92, v4.19.14, v4.20.1, v5.0, v4.9.149)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds access in the ptr_ring subsystem. Vulnerabilities of this type are exploited by sending specially crafted input that causes the program to access memory outside of its allocated space. This can lead to a variety of problems, including data corruption, privilege escalation, and denial of service.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to take control of the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=8993c0fa96d57c399735"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aff6db454599d62191aabc208930e891748e4322"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008fe18f05711982f1%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"5d49de532002f02755decd1758aac53063a68625"},{"limit":"aff6db454599d62191aabc208930e891748e4322"},{"limit":"6e36567284cf05217d67dfeb49161bb33ce16363"},{"limit":"e553166251bfd189758f3da6ba540ebdc32ac917"},{"limit":"ce8ec03171c65dc5c48955e19182865ce2ed4fc7"},{"limit":"618cdf94999b4de3dccfca50a819b95794a4703d"}]}]}]}
{"id":"5b13be11-42a2-4993-895f-eabb59c59c84","summary":["The netfilter subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the skb_to_full_sk function was not used in ip6_route_me_harder. This vulnerability exists in all versions of the Linux Kernel from v4.4 until commit 7d98386d55a5afaa65de77e1e9197edeb8a42079 (v4.16)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the netfilter subsystem. The fix ensures that the skb_to_full_sk function is used to convert an skb to a full sk before attaching it to a netfilter hook. This vulnerability could be exploited by an attacker to overflow the sk_buff structure and execute arbitrary code on the system. The security impact of this vulnerability could be critical, as it could allow an attacker to take control of the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d98386d55a5afaa65de77e1e9197edeb8a42079"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=677213f43db415c6da8fdfc1130b13cf16a581a6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=52da8b3e29345da11271b7e521554d695ea3ac4d"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ca6fb06518836ef9b65dc0aac02ff97704d52a05"},{"limit":"7d98386d55a5afaa65de77e1e9197edeb8a42079"},{"limit":"9131a1b3d9c8fc22c3c2f5115f06c7c4332860a4"},{"limit":"baf882cbcc4373a96990b28612b923b33c5518c4"}]}]}]}
{"id":"5a363e41-3ee4-4a89-8216-df90c4b0fa42","summary":["The net/tun subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tun file was destroyed before the device, as NAPIs live in struct tun_file and can get destroyed before the netdev. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 3b9bc84d311104906d2b4995a9a02d7b7ddab2db (v5.15.53, v4.19.251, v5.19, v5.4.204, v5.18.10, v5.10.129)."],"details":["The patch commit for this vulnerability fixes a race condition between the tun file and device destruction. This could allow an attacker to cause a denial of service (DoS) by triggering the race condition and causing the tun device to be destroyed.\n\nVulnerabilities of type race condition are exploited by sending specially crafted packets to the target system. The packets trigger the race condition, which causes the target system to crash or become unresponsive.\n\nThe security impact of this vulnerability could be a denial of service (DoS). An attacker could exploit this vulnerability to cause the target system to crash or become unresponsive.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=4ff468adb0f7d9c6b2920bade92175d47dfbab1e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b75c138e9286ac742647"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005115d105e1fee003%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b9bc84d311104906d2b4995a9a02d7b7ddab2db"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"943170998b200190f99d3fe7e771437e2c51f319"},{"limit":"3b9bc84d311104906d2b4995a9a02d7b7ddab2db"},{"limit":"a8cf919022373c97a84fe596bbea544f909c485d"},{"limit":"bec1be0a745ab420718217e3e0d9542a75108989"},{"limit":"8145f77d38de4f88b8a69e1463f5c09ba189d77c"},{"limit":"8661d4b8faa2f7ee7a559969c0a7c57f077b1728"},{"limit":"82e729aee59acefe135fceffadcbc5b86dd4f1b9"}]}]}]}
{"id":"5909380a-e049-4729-b24e-a54ff2b2fa1d","summary":["The ovl subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a crafted file handle is used with open_by_handle_at. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit 522f6e6cba6880a038e2bd88e10390b84cd3febd (v5.6.19, v5.8, v5.7.3)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds access warning in the ovl_check_fb_len() function. This function is used to check the validity of a file handle, and the out-of-bounds access could allow an attacker to read or write arbitrary data from the kernel.\n\nVulnerabilities of this type are exploited by crafting a malicious file handle that triggers the out-of-bounds access. This can be done by using a tool such as syzbot, which can automatically generate malicious file handles.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to read or write arbitrary data from the kernel, which could lead to privilege escalation or other attacks.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=61958888b1c60361a791"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522f6e6cba6880a038e2bd88e10390b84cd3febd"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005fd9aa05a6441365%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"cbe7fba8edfc8cb8e621599e376f8ac5c224fa72"},{"limit":"522f6e6cba6880a038e2bd88e10390b84cd3febd"},{"limit":"f0fd6069899572ac2aea7b4ef3406eec5056b99c"},{"limit":"35635c806608842b40a8dd8b0dc0329670bfa460"},{"limit":"59c79f3957450ca093f4928415fafa9e463ee030"},{"limit":"f82fc97da482a3598941673b1d30cd16b04d467b"}]}]}]}
{"id":"55197967-aae3-45d5-8e93-eda59cb4a30d","summary":["The hid/hid-thrustmaster subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the number of endpoints does not match the expected number. This vulnerability exists in all versions of the Linux Kernel from v5.13 until commit fc3ef2e3297b3c0e2006b5d7b3d66965e3392036 (v5.15.29, v5.17, v5.16.15)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the hid-thrustmaster driver. This vulnerability occurs when the driver attempts to access an endpoint array that may contain fewer endpoints than it expects. This can lead to an out-of-bounds read of memory, which could be exploited by an attacker to gain access to sensitive data or execute arbitrary code.\n\nVulnerabilities of this type are often exploited by injecting malicious code into a vulnerable system. This can be done by sending specially crafted packets to a vulnerable system or by exploiting a vulnerability in a third-party library that is used by the vulnerable system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d181a205d874c066%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=35eebd505e97d315d01c"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c49c33637802a2c6957a78119eb8be3b055dd9e9"},{"limit":"fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"},{"limit":"56185434e1e50acecee56d8f5850135009b87947"},{"limit":"3ffbe85cda7f523dad896bae08cecd8db8b555ab"}]}]}]}
{"id":"534757a3-db2d-4cfe-be3b-3775b38e9fdf","summary":["The NFC/port100 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the port100_send_complete function accesses devm allocated memory which will be freed on probe failure. This vulnerability exists in all versions of the Linux Kernel from v3.13 until commit f80cfe2f26581f188429c12bd937eb905ad3ac7b (v5.10.106, v4.14.272, v5.4.185, v5.16.15, v4.19.235, v5.15.29, v5.17, v4.9.307)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's NFC port100 driver.\n\nA use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory. In this case, the vulnerability occurs when the port100 driver frees memory that is still being used by a USB urb. This can allow an attacker to control the execution of code on the kernel, which could lead to a denial of service or privilege escalation.\n\nVulnerabilities of this type are exploited by first identifying a piece of memory that is allocated and then freeing it. The attacker then uses a technique called double-free to free the memory again, even though it is still being used. This can cause the program to crash or, in some cases, execute arbitrary code.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to gain control of the kernel and execute arbitrary code, which could lead to a denial of service or privilege escalation.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=16bcb127fb73baeecb14"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000cb6dd805d9b8cbb8%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f80cfe2f26581f188429c12bd937eb905ad3ac7b"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0347a6ab300a1532c298823408d6e51ccf4e4f45"},{"limit":"f80cfe2f26581f188429c12bd937eb905ad3ac7b"},{"limit":"2b1c85f56512d49e43bc53741fce2f508cd90029"},{"limit":"7194737e1be8fdc89d2a9382bd2f371f7ee2eda8"},{"limit":"205c4ec78e71cbf561794e6043da80e7bae6790f"},{"limit":"0e721b8f2ee5e11376dd55363f9ccb539d754b8a"},{"limit":"b1db33d4e54bc35d8db96ce143ea0ef92e23d58e"},{"limit":"cd2a5c0da0d1ddf11d1f84e9c9b1949f50f6e161"},{"limit":"32e866ae5a7af590597ef4bcff8451bf96d5f980"}]}]}]}
{"id":"5310e33d-21f3-46ff-ba25-0461f94599ac","summary":["The KVM subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the resolved slot was invalid. This vulnerability exists in all versions of the Linux Kernel from v3.19 until commit b6467ab142b708dd076f6186ca274f14af379c72 (v5.4.36, v5.7, v5.6.8, v4.9.221, v4.14.178, v4.4.221, v4.19.119)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds memory access in the KVM memslot lookup code.\nVulnerabilities of this type are exploited by first sending a specially crafted guest kernel image to the KVM hypervisor.\nThe guest kernel image will then trigger the out-of-bounds memory access, which can lead to arbitrary code execution on the host system.\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain full control of the host system.\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d889b59b2bb87d4047a2"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000003b14e805a2b8eaca%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b6467ab142b708dd076f6186ca274f14af379c72"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"9c1a5d38780e652275aa55362dbee0d7e827e069"},{"limit":"b6467ab142b708dd076f6186ca274f14af379c72"},{"limit":"878127ac8b7013d7d7fad9d160654da5b6195902"},{"limit":"8d384516304a759bc03499692e80cc52e45f426d"},{"limit":"2b187baca3cda087adee1e0039ccd8975ef5a7ef"},{"limit":"80aca27ad896354fb2edf991beb2d8ef477767de"},{"limit":"cf8b99fba3a3cef403161f925e036d92654d33ef"},{"limit":"ba46d6dcee90f57964d446c281ef53dea027f42d"},{"limit":"cab530f87ac1eabe03f5b7f531a2e8bd5bf8936e"},{"limit":"a57c01c563153419e6579a3e87f8a5d738977a48"}]}]}]}
{"id":"529617d9-ea50-4b5e-b5c1-fd341c69ffbe","summary":["The io_uring subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the io_uring_show_fdinfo function was used to dump the fdinfo sqe offsets. This vulnerability exists in all versions of the Linux Kernel from v6.1 until commit 00927931cb630bbf8edb6d7f4dadb25139fc5e16 (v6.0.3)."],"details":["The patch commit for this vulnerability fixes an off-by-one error in the calculation of the offsets for the submission queue entries (SQEs) in the fdinfo structure. This could allow an attacker to corrupt kernel memory and potentially execute arbitrary code.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system. The packets are designed to cause the kernel to incorrectly calculate the offsets for the SQEs, which can then be used to overwrite kernel memory.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on a vulnerable system, which could lead to a complete compromise of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e5198737e8a2d23d958c"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009b01b805eaa8eda8%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00927931cb630bbf8edb6d7f4dadb25139fc5e16"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3b8fdd1dc35e395d19efbc8391a809a5b954ecf4"},{"limit":"00927931cb630bbf8edb6d7f4dadb25139fc5e16"},{"limit":"5ecafa5a5889e25bb0be840ee71eba2677cdd05e"}]}]}]}
{"id":"51f66323-3b54-429b-b2f0-84f485589f08","summary":["The netrom subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the heartbeat timer is fired and nr_heartbeat_expiry() calls nr_destroy_socket(), where a socket has SOCK_DESTROY or a listening socket has SOCK_DEAD. This vulnerability exists in all versions of the Linux Kernel from v5.14 until commit 409db27e3a2eb5e8ef7226ca33be33361b3ed1c9 (v6.2, v5.10.166, v4.19.272, v5.4.231, v6.1.9, v4.14.305, v5.15.91)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netrom protocol implementation. This vulnerability could be exploited by an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the kernel to allocate memory for a new socket. The attacker can then send another packet that will cause the kernel to free the memory for the socket, even though it is still in use. This can lead to the execution of arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000818d1b05f284b967%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5fafd5cfe1fc91f6b352"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=88f46d476b5956fa1aea6f6199bf212274820379"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=409db27e3a2eb5e8ef7226ca33be33361b3ed1c9"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"517a16b1a88bdb6b530f48d5d153478b2552d9a8"},{"limit":"409db27e3a2eb5e8ef7226ca33be33361b3ed1c9"},{"limit":"7de16d75b20ab13b75a7291f449a1b00090edfea"},{"limit":"fe9b9e621cebe6b7e83f7e954c70f8bb430520e5"},{"limit":"d2d3ab1b1de3302de2c85769121fd4f890e47ceb"},{"limit":"51e394c6f81adbfe7c34d15f58b3d4d44f144acf"},{"limit":"a31caf5779ace8fa98b0d454133808e082ee7a1b"},{"limit":"e666990abb2e42dd4ba979b4706280a3664cfae7"}]}]}]}
{"id":"51235c8d-1b3f-4825-890a-495f92e3f509","summary":["The net_sched subsystem of the Linux kernel has an invalid free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the alloc_hash field of the tcindex_entry structure is not updated after the hash allocation. This vulnerability exists in all versions of the Linux Kernel from v5.6 until commit 0d1c3530e1bd38382edef72591b78e877e0edcd3 (v4.19.114, v4.4.218, v4.9.218, v4.14.175, v5.4.29, v5.5.14)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds access in the net_sched subsystem.\nVulnerabilities of this type are exploited by sending specially crafted packets to the system.\nThe security impact of this vulnerability could be a denial of service or privilege escalation.\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000034513e05a05cfc23%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000490abd05a05fa060%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d1c3530e1bd38382edef72591b78e877e0edcd3"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=dcc34d54d68ef7d2d53d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c72da7b9ed57cde6fca2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"599be01ee567b61f4471ee8078870847d0a11e8e"},{"limit":"0d1c3530e1bd38382edef72591b78e877e0edcd3"},{"limit":"c4453d2833671e3a9f6bd52f0f581056c3736386"},{"limit":"bd3ee8fb6371b45c71c9345cc359b94da2ddefa9"},{"limit":"0d9de05e85b8e98a7443700b391abfc477e7d2fd"},{"limit":"9f8b6c44be178c2498a00b270872a6e30e7c8266"},{"limit":"c1d946e89edc1c6a795d2bd574f3983933cba227"},{"limit":"d6cdc5bb19b595486fb2e6661e5138d73a57f454"},{"limit":"d23faf32e577922b6da20bf3740625c1105381bf"},{"limit":"557d015ffb27b672e24e6ad141fd887783871dc2"}]}]}]}
{"id":"50b0186e-17a9-49cf-9158-98d6db9417ea","summary":["The qmi_wwan subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver accessed the id->driver_info pointer as a long instead of a pointer. This vulnerability exists in all versions of the Linux Kernel from v5.2 until commit 904d88d743b0c94092c5117955eab695df8109e8 (v4.19.57, v5.1.16)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read in the qmi_wwan driver. This vulnerability could allow an attacker to read sensitive information from kernel memory.\n\nOut-of-bounds reads occur when a program attempts to read data from a memory location that is outside of its allocated space. This can happen when a program does not properly check the bounds of an array or when it uses a pointer that is not properly initialized.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to read sensitive information from kernel memory, such as passwords, encryption keys, or other confidential data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b68605d7fadd21510de1"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=904d88d743b0c94092c5117955eab695df8109e8"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008f19f7058c10a633%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e4bf63482c309287ca84d91770ffa7dcc18e37eb"},{"limit":"904d88d743b0c94092c5117955eab695df8109e8"},{"limit":"4d750447128f20c74fb89b3bdff8fc7fb7ccdec9"},{"limit":"5267bb9c170d2b99e3cfdb8b60704e375e942266"},{"limit":"3726d8d0b60f1e55067e907635bc16012e5b5810"}]}]}]}
{"id":"4ff2d199-8497-4b13-a3b4-98973a30584e","summary":["The io_uring subsystem of the Linux kernel has an invalid free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the uring_lock is held during iowq cancel. This vulnerability exists in all versions of the Linux Kernel from v5.11 until commit 792bb6eb862333658bf1bd2260133f0507e2da8d (v5.10.77)."],"details":["The patch commit for this vulnerability fixes a deadlock in the Linux kernel's io_uring subsystem. The deadlock occurs when an async cancel request is made while the uring_lock is held, which can happen when the request is made from inline execution. The fix delays the cancel request to task_work, so that it is executed from a clean context and does not need to acquire the lock.\n\nVulnerabilities of this type are exploited by sending an async cancel request to a kernel object that is already being used by another thread. This can cause the kernel to deadlock, preventing other threads from accessing the object.\n\nThe security impact of this vulnerability could be significant. A malicious actor could use it to prevent other users from accessing kernel objects, or to cause a denial of service.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"WEB","url":"https://android.googlesource.com/kernel/common/+/3f2c12ec8a3f992c528c7ad83f7272122dfe8d84^!"},{"type":"WEB","url":"http://b/203960486"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=59d8a1f4e60c20c066cf"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c07e6719511e77c4b289f62bfe96423eb6ea061d"},{"limit":"792bb6eb862333658bf1bd2260133f0507e2da8d"},{"limit":"3f2c12ec8a3f992c528c7ad83f7272122dfe8d84"},{"limit":"e38abe94cc16932c334873c2fc7b20c7cce75728"}]}]}]}
{"id":"4f831b46-048f-4efb-b2e7-93acec50af50","summary":["The net/sched subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the size of memory allocation is computed using cp->hash, which is set again after the allocation. This vulnerability exists in all versions of the Linux Kernel from v3.18 until commit 599be01ee567b61f4471ee8078870847d0a11e8e (v5.5.3, v4.4.214, v5.4.19, v4.19.103, v5.6, v4.14.171, v4.9.214)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds (OOB) access in the cls_tcindex subsystem of the Linux kernel.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the system. The packets can cause the kernel to access memory that it is not allowed to access, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=1ded87aaa45744294d181c527d61e98fa6198c21"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=599be01ee567b61f4471ee8078870847d0a11e8e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=35d4dea36c387813ed31"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000dd5dba059cd6facc%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"331b72922c5f58d48fd5500acadc91777cc31970"},{"limit":"599be01ee567b61f4471ee8078870847d0a11e8e"},{"limit":"dd8142a6fa5270783d415292ec8169f4ea2a5468"},{"limit":"2c66ff8d08f81bcf8e8cb22e31e39c051b15336a"},{"limit":"478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5"},{"limit":"73c29d2f6f8ae731b1e09051b69ed3ba2319482b"},{"limit":"91219da53176f4c4c6d4a2038155beee40fd147c"},{"limit":"b974ac51f5834a729de252fc5c1c9de9efd79b45"},{"limit":"509ed5da5fec4216f98ed1eacf6da492ec92e01d"},{"limit":"6cb448ee493c8a514c9afa0c346f3f5b3227de85"}]}]}]}
{"id":"4e955f89-c6e5-4254-ae37-2ff24e3ff5e5","summary":["The tipc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the socket was not properly detached from the tipc, as otherwise a parallel tipc_sk_fill_sock_diag() could still read it after the socket was freed. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit 0a3b8b2b215f9e84b82ae97df71292ccfd92b1e7 (v4.19, v4.18.10)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the TIPC socket implementation. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory. In this case, the vulnerability occurs when the tipc_release() function frees the sk_socket structure without first detaching it from the sk structure. This could allow an attacker to read or modify data that was previously stored in the sk_socket structure.\n\nVulnerabilities of this type are often exploited by attackers to gain access to sensitive information or to execute arbitrary code on the target system. The security impact of this vulnerability could be severe, as it could allow an attacker to take control of the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=48804b87c16588ad491d"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000eec8990574fc94e2%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a3b8b2b215f9e84b82ae97df71292ccfd92b1e7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c30b70deb5f4861f590031c33fd3ec6cc63f1df1"},{"limit":"0a3b8b2b215f9e84b82ae97df71292ccfd92b1e7"},{"limit":"73da60476f94492ef330351cbe04a6685861cd20"}]}]}]}
{"id":"4b6d9cf7-bc85-4f66-8a59-2aa058d202e8","summary":["The sch_cbq subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the TCA_CBQ_WRROPT was not validated. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit e9789c7cc182484fc031fd88097eb14cb26c4596 (v5.4)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow in the cbq_normalize_quanta() function in the Linux kernel's sch_cbq scheduler. This vulnerability could allow a malicious user to cause a denial of service (system crash) or potentially execute arbitrary code on the system.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to the system. The packet would contain an invalid value for the TCA_CBQ_WRROPT parameter, which would cause the cbq_normalize_quanta() function to overflow and crash.\n\nThe security impact of this vulnerability could be significant. A malicious user could use it to cause a denial of service (system crash) or potentially execute arbitrary code on the system.\n\nTo resolve this vulnerability, you should update your kernel to the latest version that includes the fix.\n\nThe vendor has provided an official fix for this vulnerability. You can find the fix in the following commit:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=600515565335000000000\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=70d05c46d18c01bba7dcd332cf71100c66d1ae76"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9789c7cc182484fc031fd88097eb14cb26c4596"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"e9789c7cc182484fc031fd88097eb14cb26c4596"},{"limit":"1f35e1a1dcb65d81d3268d22cc3cd934ead6c77d"},{"limit":"2e9b0c5d7ab814d29deb29aa7c9fd321d871fdbb"},{"limit":"392053bb232878e7ffd7257816bbce13c531a727"},{"limit":"3aa452bf9baa11cf99a8913eaf0ed98a06cf6493"},{"limit":"47715490ac6d7c5087e8ef2288ef68899cf9e027"},{"limit":"68aa587290eb3865c629c3e57d2fc604c0be7fd1"},{"limit":"74e2a311a2262d1cf604ce92429eb045e5bee7e4"}]}]}]}
{"id":"48d824db-233a-4701-81b7-10960ef154e5","summary":["The erofs subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the logical length of an uncompressed pcluster is longer than its physical length. This vulnerability exists in all versions of the Linux Kernel from v4.19 until commit c505feba4c0d76084e56ec498ce819f02a7043ae (v6.1.2, v6.2, v6.0.16)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the erofs filesystem. This vulnerability occurs when an attacker can provide an image with an invalid extent length, which can lead to the freeing of memory that is still in use.\n\nVulnerabilities of this type are exploited by providing an attacker-controlled input that is used to corrupt the memory of a running program. This can allow the attacker to execute arbitrary code on the system or to gain elevated privileges.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c505feba4c0d76084e56ec498ce819f02a7043ae"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000041127805ef10446a%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"02827e1796b33f1794966f5c3101f8da2dfa9c1d"},{"limit":"c505feba4c0d76084e56ec498ce819f02a7043ae"},{"limit":"dc8b6bd587b13b85aff6e9d36cdfcd3f955cac9e"},{"limit":"40c73b2ea9611b5388807be406f30f5e4e1162da"}]}]}]}
{"id":"47b84bb5-4b8c-4871-b481-0a67cb7c22b7","summary":["The Yama subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a pid has died before taking the rcu lock, in which case we can't walk the ancestry list as it may be detached. This vulnerability exists in all versions of the Linux Kernel from v3.4 until commit 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 (v3.18.133, v4.20.4, v4.19.17, v4.9.152, v4.4.172, v5.0, v3.16.66, v4.14.95)."],"details":["The patch commit for this vulnerability fixes a potential race condition in the Yama Linux kernel security module. The vulnerability could allow an attacker to gain root privileges by exploiting a race condition between the pid death notification and the ancestry list walk.\n\nVulnerabilities of type race condition are exploited by sending a specially crafted packet to the target system. This can cause the system to execute unintended code or crash.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain root privileges. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000004904df0578b7d3da%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9474f4e7cd71a633fa1ef93b7daefd44bbdfd482"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a9ac39bf55329e206219"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2d514487faf188938a4ee4fb3464eeecfbdcf8eb"},{"limit":"9474f4e7cd71a633fa1ef93b7daefd44bbdfd482"},{"limit":"b955a2c75675102b8270fd06c6c2730913994ce7"},{"limit":"41c13bfcc4cdeac537c060a5156a688c69d9c6a5"},{"limit":"4fd72a17760fa68385906c58efb9d3ba96488101"},{"limit":"e08323f75b56dfd97711e2bfda3582bb42a5ceab"},{"limit":"a49be9dcb1ec051d86158e2823a3ddef49992d24"},{"limit":"0c8a56a6fa056db65e66873a1b597c51559049b2"},{"limit":"d90b262c51ce9baa7ec0086a2cc252062a96d606"}]}]}]}
{"id":"456f4b8a-d0dd-4831-a974-f35fc3ccbaaa","summary":["The bpf subsystem of the Linux kernel has a vmalloc out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ringbuf area is created by mapping allocated pages. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit b293dcc473d22a62dc6d78de2b15e4f49515db56 (v5.10.99, v5.16.8, v5.15.22, v5.17)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds access vulnerability in the Linux kernel's BPF ring buffer implementation.\n\nVulnerabilities of this type are exploited by providing an invalid pointer to a function that expects a valid pointer. This can be done by either directly providing an invalid pointer or by using a buffer overflow to overwrite a pointer with an invalid value.\n\nThe security impact of this vulnerability could be arbitrary code execution if an attacker can control the data that is passed to the BPF ring buffer.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000a9b7d05d6ee565f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5ad567a418794b9b5983"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b293dcc473d22a62dc6d78de2b15e4f49515db56"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"457f44363a8894135c85b7a9afd2bd8196db24ab"},{"limit":"b293dcc473d22a62dc6d78de2b15e4f49515db56"},{"limit":"6304a613a97d6dcd49b93fbad31e9f39d1e138d6"},{"limit":"d578933f6226d5419af9306746efa1c693cbaf9c"},{"limit":"5e457aeab52a5947619e1f18047f4d2f3212b3eb"}]}]}]}
{"id":"455c7da2-82cb-4f69-bdbd-60cd10e37895","summary":["The netfilter/ebtables subsystem of the Linux kernel has a stack overflow vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the strlcpy() function is used on a user-space provided string. This vulnerability exists in all versions of the Linux Kernel from v2.6.34 until commit 94c752f99954797da583a84c4907ff19e92550a4 (v3.16.60, v4.9.110, v3.18.115, v4.14.54, v4.4.139, v4.17)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the ebtables netfilter subsystem. The fix ensures that the strlcpy() function is not used on user-space provided strings, as it can try to read beyond the buffer's end, if the latter is not NULL terminated.\n\nVulnerabilities of this type are exploited by providing a malicious user-space string that is longer than the buffer that is intended to store it. This can cause the function to read beyond the end of the buffer, which can lead to arbitrary code execution or other serious security issues.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system or to gain other sensitive information. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=4e42a04e0bc33cb6c087"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ba10e2056aa5686c%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=94c752f99954797da583a84c4907ff19e92550a4"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"81e675c227ec60a0bdcbb547dc530ebee23ff931"},{"limit":"94c752f99954797da583a84c4907ff19e92550a4"},{"limit":"9257151618971b19a555c8f7dc767a6ef7198221"},{"limit":"f81f7e53d33248772d4cd121662c27b2ac038da3"},{"limit":"db73501ebc3ad56b94aa5adb7365a9a4d5313523"},{"limit":"8268afc568de4f84e2ea29640ea7229b32b47639"},{"limit":"ab0b00d4fd147ba3100337e7c9849f9a37224b02"}]}]}]}
{"id":"42d1dbe0-03b3-476d-89da-56325ec3c223","summary":["The drm/shmem-helper subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the GEM object was prematurely freed. This vulnerability exists in all versions of the Linux Kernel from v5.2 until commit 24013314be6ee4ee456114a671e9fa3461323de8 (v6.0.13, v5.15.83, v5.10.159, v5.4.227, v6.1)."],"details":["The patch commit for this vulnerability fixes an errant put in the error path of drm_gem_shmem_mmap(). This could lead to a use-after-free vulnerability, which could be exploited by an attacker to gain elevated privileges or execute arbitrary code.\n\nVulnerabilities of this type are often exploited by injecting malicious code into a vulnerable system through a carefully crafted exploit. Once the malicious code is executed, it can be used to gain elevated privileges or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain control of a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c8ae65286134dd1b800d"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24013314be6ee4ee456114a671e9fa3461323de8"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000685c4605d0e47dad%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2194a63a818db71065ebe09c8104f5f021ca4e7b"},{"limit":"24013314be6ee4ee456114a671e9fa3461323de8"},{"limit":"83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942"},{"limit":"585a07b820059462e0c93b76c7de2cd946b26b40"},{"limit":"586847b98e20ab02212ca5c1fc46680384e68a28"},{"limit":"6a4da05acd062ae7774b6b19cef2b7d922902d36"}]}]}]}
{"id":"41315d03-0ec8-40ba-80d6-0a341533d9c0","summary":["The perf/core subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the event is freed after the task is freed. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 1cf8dfe8a661f0462925df943140e9f6d1ea5233 (v5.1.21, v5.2.4, v4.19.62, v5.3)."],"details":["\n The patch commit for this vulnerability fixes a race condition between close() and fork() in the Linux kernel's perf subsystem. This race condition could allow an attacker to execute arbitrary code on the kernel by causing a process to be freed while it is still in use by another process.\n\nVulnerabilities of type use-after-free are exploited by first allocating a memory buffer, then freeing it before it is fully used. This can be done by calling the free() function on a pointer that is still being used by another part of the program. When the program attempts to use the memory buffer after it has been freed, it will cause a segmentation fault and the program will crash.\n\nThe security impact of this vulnerability could be severe. If an attacker is able to execute arbitrary code on the kernel, they could gain full control of the system. This could allow them to steal sensitive data, install malware, or even take control of the system remotely.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ccdf0605708a9ccc%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cf8dfe8a661f0462925df943140e9f6d1ea5233"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a24c397a29ad22d86c98"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"82d94856fa221b5173eefd56bcd1057c037e9b07"},{"limit":"1cf8dfe8a661f0462925df943140e9f6d1ea5233"},{"limit":"e11aaff1c38e8511682a6203df36c53bde43ce5e"},{"limit":"4a5cc64d8a8a0f937e6d857faf571966c903341d"},{"limit":"539f1257906624abdcc81aeb91276791e543bfac"}]}]}]}
{"id":"40db0382-2108-44c3-bad4-11a39bf74ed3","summary":["The netfilter/ipv6 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ipv6 header was reallocated and the pointer to the header was not reloaded. This vulnerability exists in all versions of the Linux Kernel from v3.7 until commit b078556aecd791b0e5cb3a59f4c3a14273b52121 (v3.16.57, v4.4.122, v4.15.10, v3.18.100, v4.1.51, v4.14.27, v4.16, v4.9.88)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netfilter IPv6 NAT implementation. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to modify or delete data that was previously freed.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. The packet can cause the target system to free memory that is still being used, which can then be exploited by the attacker to modify or delete data.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to modify or delete data on the target system, or to execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b078556aecd791b0e5cb3a59f4c3a14273b52121"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/f403045d9c20167d2e056584867a%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=10005f4292fc9cc89de7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"58a317f1061c894d2344c0b6a18ab4a64b69b815"},{"limit":"b078556aecd791b0e5cb3a59f4c3a14273b52121"},{"limit":"9a98d66730b71387c2611c28bf9ceaed17dc2621"},{"limit":"a6b736068c452e175f414dad337077663c637078"},{"limit":"e8cd5a8ea2ddef2cfe22aa42abeea00c9daec5b4"},{"limit":"39f154faecc23e42190a41e6225060c39092d1f8"},{"limit":"ccab18a66fbe5987eb4ed31dc6814c21413bea38"},{"limit":"60962e98c38a563b22df67b3e55fd88837d53b83"},{"limit":"214f6efcaa61fc2ec8682aee94aa87938e157fe6"}]}]}]}
{"id":"3fef6f55-dec3-48f2-80ec-9a8f7abc9e9b","summary":["The staging/rtl8712 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver accessed released firmware in ->ndo_open() callback. This vulnerability exists in all versions of the Linux Kernel from v3.3 until commit c052cc1a069c3e575619cf64ec427eb41176ca70 (v5.10.79, v5.15.2, v5.14.18, v5.16)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the rtl8712 driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nVulnerabilities of this type are exploited by first allocating memory, then freeing it and then using it again. This can be done by tricking the program into freeing memory that it is still using, or by freeing memory that is still being pointed to by another pointer.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000779cb105ceb65376%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c55162be492189fb4f51"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c052cc1a069c3e575619cf64ec427eb41176ca70"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"8c213fa59199f9673d66970d6940fa093186642f"},{"limit":"c052cc1a069c3e575619cf64ec427eb41176ca70"},{"limit":"a65c9afe9f2f55b7a7fb4a25ab654cd4139683a4"},{"limit":"befd23bd3b17f1a3f9c943a8580b47444c7c63ed"},{"limit":"c430094541a80575259a94ff879063ef01473506"}]}]}]}
{"id":"3e61ddb4-db83-40df-8039-36fc75ed435e","summary":["The USB/serial/io_edgeport subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the interrupt-URB completion handler accessed data[position + 1] beyond the boundary of the buffer. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit 57aa9f294b09463492f604feaa5cc719beaace32 (v4.19.114, v5.7, v5.6.1, v4.4.218, v4.9.218, v4.14.175, v5.4.29, v5.5.14)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the interrupt-URB completion handler of the io_edgeport USB serial driver.\n\nSlab-out-of-bounds vulnerabilities are exploited by overflowing a buffer and then accessing data outside of the buffer. This can lead to arbitrary code execution or other serious security issues.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ce3eed05a184efe9%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=37ba33391ad5f3935bbd"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57aa9f294b09463492f604feaa5cc719beaace32"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"57aa9f294b09463492f604feaa5cc719beaace32"},{"limit":"ef6b96d2a23a44eb8a515e8ef43e847a9f044e8a"},{"limit":"a0dbf15833272256ecb60afc2a58d26a62d22fb1"},{"limit":"052849e8698348b9f01ba10714ce5debe767b781"},{"limit":"a2f1111f2728a057d7524575f6d6945f4218cccd"},{"limit":"0ce98b53358dab3fdba0aa66c73512ae89e3fc3e"},{"limit":"de5908f481f3bf77112a9318828f88aeb5483a9c"},{"limit":"e68fb968fdd1d6f8c8558907edf1ce0b33a8108c"},{"limit":"4554eba1fe4edffe9b1bd349c4b7698958a9ab54"},{"limit":"f32219427ca18bbf3cf1463549cd8b0c5576e5a6"},{"limit":"3dcb168c4672ceaec93de9bc1ab49231379cff82"}]}]}]}
{"id":"3e3b7f13-46c7-43d8-aae6-54543cb53b3d","summary":["The l2tp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tunnel object is destroyed and its refcount hits zero. This vulnerability exists in all versions of the Linux Kernel from v3.9 until commit 28f5bfb819195ad9c2eb9486babe7b0e4efe925f (v3.16.57, v4.16, v4.15.8)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's L2TP implementation. The vulnerability occurs when a tunnel object is destroyed, but its reference count is not decremented before it is removed from the tunnel list. This can allow an attacker to access or modify data that they should not have access to.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This packet can cause the target system to free memory that is still in use, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to execute arbitrary code on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1146011cab066a0562dcbc8b%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=347bd5acde002e353a36"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9df43faf09bd400f2993"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6e6a5ec8de31a94cd015"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28f5bfb819195ad9c2eb9486babe7b0e4efe925f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=19c09769f14b48810113"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113fe268b2b5350562de05c1%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1140f336336d920562e8eb62%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/089e082cecb862872e056427fdcd%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f8ccac0e44934ff9414b31cc3167a5c828afec73"},{"limit":"28f5bfb819195ad9c2eb9486babe7b0e4efe925f"},{"limit":"549ddc83ad5e42123bdbc4baf5b3651739e35136"},{"limit":"dd1642285fba72f7079cfb4e1bd553d7be13ba33"}]}]}]}
{"id":"3dc25e91-18b2-46a3-bf5a-df04802a1e7e","summary":["The fs subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the inode was freed and then updated in the i_io_list. This vulnerability exists in all versions of the Linux Kernel from v6.1 until commit 4e3c51f4e805291b057d12f5dda5aeb50a538dc4 (v5.15.81, v6.0.11)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the Linux kernel's file system code.\n\nVulnerabilities of this type are exploited by first allocating a file system object, such as an inode, and then freeing it. The attacker then attempts to use the freed object after it has been freed, which can lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6ba92bd00d5093f7e371"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000037b96205eabe49b5%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"cbfecb927f429a6fa613d74b998496bd71e4438a"},{"limit":"4e3c51f4e805291b057d12f5dda5aeb50a538dc4"},{"limit":"8ce9b1c97fcec906c3386277a33da19e240c3624"},{"limit":"fe2f36b33019b6b37b0702c4b154bbbdc3464dc1"}]}]}]}
{"id":"3a7004a6-e312-43be-8300-ee3ec3641ffd","summary":["The sctp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the sctp_auth_init_hmacs() error path is used. This vulnerability exists in all versions of the Linux Kernel from v2.6.24 until commit d42ee76ecb6c49d499fc5eb32ca34468d95dbc3e (v5.9)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the SCTP protocol implementation in the Linux kernel.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to a vulnerable system. This packet can cause the system to free memory that is still in use, which can then be used to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=cbb289816e728f56a4e2c1b854a3163402fe2f88"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d42ee76ecb6c49d499fc5eb32ca34468d95dbc3e"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1f485649f52929d9937b346a920a522a7363e202"},{"limit":"d42ee76ecb6c49d499fc5eb32ca34468d95dbc3e"},{"limit":"1e33ef76e155925b9ea4ad053eeb4a5dbfb6d811"},{"limit":"4b4471a89e1cc27be9179480a735979fa420216f"},{"limit":"9360901e714d702d3a89ec29d7159d1578764565"},{"limit":"9775dd63d526c54c2a2d11155916e05f6ef7d14f"},{"limit":"a813aaee68809b5fc3935ec5ccf7cdba75a9c792"},{"limit":"fb3681c20fbfb990860cb9a19fbe96882298c21a"}]}]}]}
{"id":"39165c92-ce81-4eac-857f-b67b709b6408","summary":["The fscache subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the index_key_len is not divisible by 4 and is larger than the size of the inline key. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit fa520c47eaa15b9baa8ad66ac18da4a31679693b, 1ff22883b0b2f7a73eb2609ffe879c9fd96f6328 (v4.19, v4.18.18)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read in the fscache subsystem. This vulnerability could allow an attacker to read arbitrary kernel memory, which could lead to privilege escalation or other attacks.\n\nVulnerabilities of this type are exploited by first sending a specially crafted message to the target system. This message will cause the kernel to allocate a buffer that is larger than necessary. The attacker can then use this buffer to read arbitrary kernel memory.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to read sensitive information from the kernel, such as passwords or encryption keys. They could also use it to gain root privileges or execute arbitrary code on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1ff22883b0b2f7a73eb2609ffe879c9fd96f6328"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a95b989b2dde8e806af8"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f98bc70570885526%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa520c47eaa15b9baa8ad66ac18da4a31679693b"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ec0328e46d6e5d0f17372eb90ab8e333c2ac7ca9"},{"limit":"fa520c47eaa15b9baa8ad66ac18da4a31679693b"},{"limit":"1ff22883b0b2f7a73eb2609ffe879c9fd96f6328"},{"limit":"9ccc817d3fb0466300528e9152b00e5a1d187e8c"},{"limit":"fc7f79df0f2a5cc781e7e8617b7448e51157311a"}]}]}]}
{"id":"3822758e-1289-46f6-9561-0ca7bb356692","summary":["The ppp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the PPPIOCDETACH ioctl is used to close a file descriptor before f_count has reached 0. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit af8d3c7c001ae7df1ed2b2715f058113efc86187 (v3.16.60, v4.17)."],"details":["\n The patch commit for this vulnerability fixes the PPPIOCDETACH ioctl which effectively tries to \"close\" the given ppp file before f_count has reached 0. This is a bad idea because it can lead to a use-after-free vulnerability.\n\nVulnerabilities of this type are exploited by first sending a malicious packet to the target system. This packet will cause the target system to execute arbitrary code.\n\nThe security impact of this vulnerability could be that an attacker could execute arbitrary code on the target system. This could allow the attacker to take control of the target system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=16363c99d4134717c05b"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=af8d3c7c001ae7df1ed2b2715f058113efc86187"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/f403043d0f18f879cc056648a875%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"af8d3c7c001ae7df1ed2b2715f058113efc86187"},{"limit":"4675fb410d04191762139bd1811d31e2ec1b8790"}]}]}]}
{"id":"36a2f585-82b2-4c6f-85ce-ed7458a6b9f2","summary":["The net/tls subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in tls_set_sw_offload(). This vulnerability exists in all versions of the Linux Kernel from v5.2 until commit 9381fe8c849cfbe50245ac01fc077554f6eaa0e2 (v5.18)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds bug in the Linux kernel's TLS implementation. The bug occurs when the TLS library attempts to memcpy() 16 bytes of data into a 12-byte buffer, which can lead to a kernel panic.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system. When the system attempts to process the packets, it will crash due to the out-of-bounds memory access.\n\nThe security impact of this vulnerability could be significant. A remote attacker could exploit this vulnerability to crash a vulnerable system or execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9381fe8c849cfbe50245ac01fc077554f6eaa0e2"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=02617ac69815ae324053c954118c2dc7ba0e59b2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f295b3ae9f5927e084bd5decdff82390e3471801"},{"limit":"9381fe8c849cfbe50245ac01fc077554f6eaa0e2"},{"limit":"2304660ab6c425df64d95301b601424c6a50f28b"},{"limit":"29be1816cbab9a0dc6243120939fd10a92753756"},{"limit":"2b7d14c105dd8f6412eda5a91e1e6154653731e3"},{"limit":"589154d0f18945f41d138a5b4e49e518d294474b"},{"limit":"6e2f1b033b17dedda51d465861b69e58317d6343"}]}]}]}
{"id":"3671abbb-f3f8-4bee-89ac-457bcb60de11","summary":["The hfs subsystem of the Linux kernel has a slab out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the length of an HFS filename is much larger than the maximum length of an HFS filename. This vulnerability exists in all versions of the Linux Kernel from v2.6.14 until commit c53ed55cb275344086e32a7080a6b19cb183650b (v5.15.86, v4.14.303, v6.2, v5.10.163, v4.9.337, v4.19.270, v6.1.2, v6.0.16, v5.4.229)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds write (OOB write) vulnerability in the HFS filesystem implementation.\n\nVulnerabilities of type OOB write are exploited by providing an input that is larger than the expected size, which can cause the program to write data to an unintended location in memory. This can lead to a variety of security issues, such as privilege escalation, data corruption, or denial of service.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain elevated privileges or to corrupt data on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=dc3b1cf9111ab5fe98e7"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53ed55cb275344086e32a7080a6b19cb183650b"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000086b19705ee486240%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"328b9227865026268261a24a97a578907b280415"},{"limit":"c53ed55cb275344086e32a7080a6b19cb183650b"},{"limit":"cff9fefdfbf5744afbb6d70bff2b49ec2065d23d"},{"limit":"6a95b17e4d4cd2d8278559f930b447f8c9c8cff9"},{"limit":"8399318b13dc9e0569dee07ba2994098926d4fb2"},{"limit":"88579c158e026860c61c4192531e8bc42f4bc642"},{"limit":"7af9cb8cbb81308ce4b06cc7164267faccbf75dd"},{"limit":"95040de81c629cd8d3c6ab5b50a8bd5088068303"},{"limit":"ae21b03f904736eb2aa9bd119d2a14e741f1681f"},{"limit":"ba8f0ca386dd15acf5a93cbac932392c7818eab4"}]}]}]}
{"id":"3481e831-4cf0-435d-832f-b95c4e899db0","summary":["The net/sched subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when tcf_block_find() failed, as the caller didn't need to clean up the qdisc refcnt again. This vulnerability exists in all versions of the Linux Kernel from v4.20 until commit 460b360104d51552a57f39e54b2589c9fd7fa0b3 (v4.19.221)."],"details":["The patch commit for this vulnerability fixes a potential NULL pointer dereference in the net_sched subsystem. This vulnerability could be exploited by a local attacker to cause a denial of service (system crash). To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000084e2450576c817cc%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=460b360104d51552a57f39e54b2589c9fd7fa0b3"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=37b8770e6d5a8220a039"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e368fdb61d8e7c67ac70791b23345b26d7bbc661"},{"limit":"460b360104d51552a57f39e54b2589c9fd7fa0b3"},{"limit":"f9ff09e266ca70c801b9911280f6ae64c9183d85"}]}]}]}
{"id":"3322f261-77e8-40b7-be6c-91d4416ae8a2","summary":["The netfilter subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the conntrack entry was freed after an rcu grace period. This vulnerability exists in all versions of the Linux Kernel from v5.5 until commit 56b14ecec97f39118bf85c9ac2438c5a949509ed (v4.19.246, v5.10.120, v5.15.45, v5.4.197, v5.18.2, v4.14.282, v5.19, v5.17.13)."],"details":["The patch commit for this vulnerability fixes a race condition in the netfilter conntrack subsystem that could allow an attacker to cause a denial of service (DoS) or possibly execute arbitrary code.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access the same data or resource at the same time in an unintended way. This can cause the processes or threads to corrupt data or overwrite each other's memory, which can lead to a DoS or other security issues.\n\nThe security impact of this vulnerability could be a DoS or possibly execution of arbitrary code. In a DoS attack, the attacker would flood the system with traffic, causing it to crash or become unresponsive. In an attack that could execute arbitrary code, the attacker would be able to run code on the system with the privileges of the user running the netfilter conntrack subsystem.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000fb4af305df391431%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=793a590957d9c1b96620"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56b14ecec97f39118bf85c9ac2438c5a949509ed"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2ad9d7747c10d17cc06447944fefd4c29ae11eb1"},{"limit":"56b14ecec97f39118bf85c9ac2438c5a949509ed"},{"limit":"e97222b785e70e8973281666d709baad6523d8af"},{"limit":"92a999d1963eed0df666284e20055136ceabd12f"},{"limit":"04f9e9104c969d8ce10a4a43634f641ed082092d"},{"limit":"b16bb373988da3ceb0308381634117e18b6ec60d"},{"limit":"04e4a11dc723c52db7a36dc58f0d69ce6426f8f0"},{"limit":"01989d7eebb61c99bd4b88ebc8e261bd2f02caed"},{"limit":"91a36ec160ec1a0c8f5352b772dffcbb0b6023e3"}]}]}]}
{"id":"32b398dd-d840-4071-98e0-6b03e3101a04","summary":["The vlan subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the real_dev of a vlan net_device is freed after unregister_vlan_dev(). This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit 563bcbae3ba233c275c244bfce2efe12938f5363 (v5.16, v5.10.80, v5.14.19, v5.15.3, v5.4.160)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's VLAN device handling code. The vulnerability occurs when a VLAN device is unregistered, but its real device is not freed. This can allow an attacker to access the freed memory and execute arbitrary code.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the kernel to free the memory associated with the VLAN device. The attacker can then send another packet that will access the freed memory, which will allow them to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the target system, which could lead to a variety of attacks, including privilege escalation, data theft, and denial of service.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=563bcbae3ba233c275c244bfce2efe12938f5363"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e4df4e1389e28972e955"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000374f8905ce173204%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"563bcbae3ba233c275c244bfce2efe12938f5363"},{"limit":"700602b662d7eaa816b1a3cb0abe7a85de358fd4"},{"limit":"e04a7a84bb77f9cdf4475340fe931389bc72331c"},{"limit":"21032425c36ff85f16e72ca92193a8c401e4acd5"},{"limit":"fca96b3f852a1b369b7b2844ce357cd689879934"}]}]}]}
{"id":"325dd461-5b08-4541-8b7d-37df67e7fd49","summary":["The netfilter/nft_ct subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when two netnamespaces concurrently change nft_ct_pcpu_template_refcnt without proper locking. This vulnerability exists in all versions of the Linux Kernel from v4.19 until commit e3245a7b7b34bd2e97f744fd79463add6e9d41f4 (v5.14.7, v5.15, v5.10.68)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netfilter subsystem of the Linux kernel. This vulnerability could allow an attacker to execute arbitrary code on the system with kernel privileges.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the system. The packets trigger a buffer overflow, which allows the attacker to overwrite memory and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the system and execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=649e339fa6658ee623d3"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e3245a7b7b34bd2e97f744fd79463add6e9d41f4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b720b705c8f8599f%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f102d66b335a417d4848da9441f585695a838934"},{"limit":"e3245a7b7b34bd2e97f744fd79463add6e9d41f4"},{"limit":"62f813769f50bb0010ab9a63c021d2af39d156e4"},{"limit":"39880692657c4b5c1ddbecd5be2ded458935584b"}]}]}]}
{"id":"31d6b3a6-fff2-42c0-915a-a923c1ef74a6","summary":["The tun subsystem of the Linux kernel has a double free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tun driver was not properly freed. This vulnerability exists in all versions of the Linux Kernel from v4.12 until commit ff244c6b29b176f3f448bc75e55df297225e1b3a (v4.13)."],"details":["The patch commit for this vulnerability fixes a double free vulnerability in the Linux kernel's tun driver. This vulnerability occurs when the register_netdevice() function fails, which can be caused by a variety of reasons, such as a network interface card being unplugged or a kernel panic. When this happens, the tun driver's priv_destructor() function is not called, which can lead to a double free.\n\nVulnerabilities of this type are exploited by allocating memory using a vulnerable function, such as kmalloc(), and then freeing it using a different function, such as kfree(). This can cause the memory to be freed twice, which can lead to a variety of security issues, such as a denial of service or a privilege escalation.\n\nThe security impact of this vulnerability could be significant. A malicious user could exploit this vulnerability to crash the kernel or gain elevated privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff244c6b29b176f3f448bc75e55df297225e1b3a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ddb673727990990c6ded3e7cc220e39abfc244ab"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"cf124db566e6b036b8bcbe8decbed740bdfac8c6"},{"limit":"ff244c6b29b176f3f448bc75e55df297225e1b3a"},{"limit":"dda844773c47c5695759faf03215ea01d6018717"}]}]}]}
{"id":"31ac7e6f-c261-4c61-a43f-784c45edfbbe","summary":["The reiserfs subsystem of the Linux kernel has a buffer overflow vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when passing a crafted mount options string. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit fe10e398e860955bac4d28ec031b701d358465e4 (v4.14.57, v3.16.61, v4.18, v4.17.9, v4.9.114)."],"details":["The patch commit for this vulnerability fixes a buffer overflow in the ReiserFS file system. The vulnerability occurs when a long message is passed to the file system, which can cause the buffer to overflow and write data to an out-of-bounds location. This could lead to a denial of service or other security issues.\n\nVulnerabilities of this type are often exploited by sending a specially crafted message to the target system. The message is designed to be longer than the buffer can handle, which causes the buffer to overflow and write data to an out-of-bounds location. This can then be used to execute arbitrary code on the target system or to gain access to sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of a vulnerable system or to access sensitive data. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b696800568f4a6c6%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b890b3335a4d8c608963"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fe10e398e860955bac4d28ec031b701d358465e4"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"fe10e398e860955bac4d28ec031b701d358465e4"},{"limit":"ec5e52a881fe7df745a45262e486f73fc6bd6b88"},{"limit":"cba5008502f2238b716334d7cb6d847560ce01b4"},{"limit":"ca469c0d8b6d5023d8db29f45034dffb76f4a7b8"},{"limit":"53e9ccdffb7cbf0fdb09ac0bf59ef0ee201c5d47"}]}]}]}
{"id":"2f401892-9a9c-44d6-899f-0351cda29d2b","summary":["The ALSA timer subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the compat ioctl callback was not properly protected by a mutex lock. This vulnerability exists in all versions of the Linux Kernel from v4.5 until commit 79fb0518fec8c8b4ea7f1729f54f293724b3dbb0 (v3.16.52, v3.18.80, v4.13.12, v4.14, v4.9.61, v4.1.47, v4.4.97, v3.2.97)."],"details":["The patch commit for this vulnerability fixes a race condition in the ALSA timer subsystem that could allow an attacker to cause a use-after-free.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system.\n\nThe security impact of this vulnerability could be arbitrary code execution on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/089e082686ac9b482e055c832617%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=79fb0518fec8c8b4ea7f1729f54f293724b3dbb0"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e5f3c9783e7048a74233054febbe9f1bdf54b6da"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"af368027a49a751d6ff4ee9e3f9961f35bb4fede"},{"limit":"79fb0518fec8c8b4ea7f1729f54f293724b3dbb0"},{"limit":"07816537f8860dc083b62be49d145899d2e978f2"},{"limit":"a7cae39d138d5011b16fcf554cb91bdf445f3571"},{"limit":"c778c8187e442f6f5d111ae41c4730e265dcf084"},{"limit":"95cbbefc2be575646f45cb512f63581219ac5545"},{"limit":"70358782743fbc2b2fa26b4e7370b359350cfba3"},{"limit":"856849bd48eed8e216d3a31add70067144400bad"},{"limit":"7fcb232d281879dd3d76d4cfb521d3216d848865"}]}]}]}
{"id":"2f376fcb-d9d3-4cf7-9b9d-a6585424e92c","summary":["The net_sched subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tcindex_partial_destroy_work() was not properly serialized with tcindex_dump(). This vulnerability exists in all versions of the Linux Kernel from v5.1 until commit b1be2e8cd290f620777bfdb8aa00890cd2fa02b5 (v5.6, v5.5.14, v5.4.29)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's net_sched subsystem. This vulnerability could allow an attacker to execute arbitrary code on the system with kernel privileges.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the system. This packet will cause the kernel to allocate a new memory buffer. The attacker can then send another packet that will cause the kernel to free the memory buffer that was previously allocated. However, the kernel will not properly check if the memory buffer has been freed before using it again. This can lead to the attacker being able to execute arbitrary code on the system with kernel privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain control of the system and execute arbitrary code. This could allow the attacker to steal sensitive data, install malware, or disrupt system operations.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1be2e8cd290f620777bfdb8aa00890cd2fa02b5"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000efa06005a0879722%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=653090db2562495901dc"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3d210534cc93dab39a9d1a8d674aa2872c268d38"},{"limit":"b1be2e8cd290f620777bfdb8aa00890cd2fa02b5"},{"limit":"8450a4f2cfa5102efefcf6cec1febfd3678c4fee"},{"limit":"5317abb870fec8d71118fef164b626aec13d3ec2"},{"limit":"8ed8b36f3700aff97c7a42101e1ab7be1c070c38"},{"limit":"74bfcb1c73b64a41cc0673140228878b4a8017dd"}]}]}]}
{"id":"2c6d9077-59dc-4a5c-b481-7fdba183e403","summary":["The ip6_gre subsystem of the Linux kernel has a stack overflow vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the user provided an invalid tunnel name. This vulnerability exists in all versions of the Linux Kernel from v3.7 until commit 5f42df013b8bc1b6511af7a04bf93b014884ae2a (v4.17)."],"details":["The patch commit for this vulnerability fixes a potential stack overflow vulnerability in the ip6_gre module. The fix ensures that user-provided tunnel names are validated before being used, which prevents an attacker from causing a stack overflow by providing a long or malformed tunnel name.\n\nVulnerabilities of this type are exploited by providing an attacker-controlled input to a function that does not properly validate the input. This can allow the attacker to execute arbitrary code on the system with the privileges of the kernel.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of the kernel and execute arbitrary code. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=e2451634d3dfc86b73a854b3b5908a2c61c02ea9"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f42df013b8bc1b6511af7a04bf93b014884ae2a"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c12b395a46646bab69089ce7016ac78177f6001f"},{"limit":"5f42df013b8bc1b6511af7a04bf93b014884ae2a"},{"limit":"0e55589d1bdffa17c4ce1be803d75697e34873a5"},{"limit":"53d960544b3d78830794ebbd6988998361d022e7"},{"limit":"5dcf6eb5a275ddb00eea4d6a8127ffaf5428a475"},{"limit":"72363c63b0708fb3e8e0ba9fb9e0d405e97153ba"},{"limit":"8920a204bda9bdc3bf9c56f1cf295288a5723e82"},{"limit":"d210545346e9b452ca93d0778b1e235d026bf0de"},{"limit":"d521034ca1d8dac7e513bdef8aa6fe9facda3862"},{"limit":"efcc90fcf90a045fdf7abf8506e07dd34f04e029"}]}]}]}
{"id":"2a673b84-ae17-4b5f-88c6-58e56a2bd67c","summary":["The packet subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when sending a zero byte packet to a device with a massive link layer header. This vulnerability exists in all versions of the Linux Kernel from v4.6 until commit b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba (v4.16.12, v4.4.133, v4.9.103, v4.14.44, v4.17)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the packet_snd function of the Linux kernel. This vulnerability could allow an attacker to execute arbitrary code on the system by sending a specially crafted packet.\n\nBuffer overflow vulnerabilities are exploited by sending a malicious packet that is larger than the expected size. This causes the data to overwrite the stack or heap, which can then be used to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to take control of the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c0ce3aa27cfa40561ec2dc3%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=c8df0347c26ab6277d34fe749ec038b2c0f6da41"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=f62d236e2fceaeb104f4e8f77d2324ef9da4b41b"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=55a499bb9fcef61ae7100e29ef7470efc8059e65"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d0c081b49137cd3200f2023c0875723be66e7ce5"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=5408d148554ed042ca4dc5b2c832b7be67f19007"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=71d74a5406d02057d559"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=61b1603d893140df6c90c1506cc1c468789efdc4"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9a6feeefcf8cfb303315b572d97dce62be4b352c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=3c53ee4bc8a0ed82728c43ff5ffa55fcda552d27"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"9ed988cd591500c040b2a6257bc68543e08ceeef"},{"limit":"b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba"},{"limit":"01a658c1b9d4b5393c38d5a92d9112ab1425382a"},{"limit":"d9fb8cc230b2a4757e9fe4f81468f81212d4deaa"},{"limit":"8809ae6747e760e6f1d2453ceb08c9bcc4939766"},{"limit":"6190cce26e40bf71c4d375b21eea74bb07b6a0f3"}]}]}]}
{"id":"278260c3-5544-4f13-8308-9518f10178c5","summary":["The mm/damon/dbgfs subsystem of the Linux kernel has a slab out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a user writes a name of a file under 'damon/' debugfs directory, which is not a user-created context, to 'rm_contexts' file. This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit 1de09a7281edecfdba19b3a07417f6d65243ab5f (v5.15.79, v6.1, v6.0.9)."],"details":["The patch commit for this vulnerability fixes a potential integer overflow vulnerability in the Linux kernel's DAMON debugfs subsystem. The vulnerability occurs when a user writes a name of a file under the 'damon/' debugfs directory to the 'rm_contexts' file. If the file does not exist, the 'dbgfs_rm_context()' function does not check if the file is a directory, and instead assumes that it is a valid DAMON context directory. This can lead to an invalid memory access, which could be exploited by an attacker to gain root privileges.\n\nVulnerabilities of this type are exploited by providing an input that is larger than the expected size. This can cause the program to overflow a buffer and write data to an unintended location, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit it to gain root privileges on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ede3ac05ec4abf8e%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1de09a7281edecfdba19b3a07417f6d65243ab5f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6087eafb76a94c4ac9eb"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"75c1c2b53c78bf3b3188ebb7b3508dadbf98bba1"},{"limit":"1de09a7281edecfdba19b3a07417f6d65243ab5f"},{"limit":"599e798e3bda8b958cdb72451f835428080fe910"},{"limit":"48998c1773a47abde192512606de197f15c186ac"}]}]}]}
{"id":"24c9534d-7d52-491d-8354-1b6baaadb4e2","summary":["The net/sched/taprio subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the number of accessed queues exceeds the number of queues on the device. This vulnerability exists in all versions of the Linux Kernel from v6.3 until commit be3618d9651002cd5ff190dbfc6cf78f03e34e27 (v6.4, v6.3.9)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the taprio_dequeue_from_txq function. This vulnerability occurs when the qdisc of the taprio type is used to replace the previously configured taprio, or when packets are dequeued and taprio is deleted. In both cases, the count and offset values are set to 0, which can cause out-of-bounds access.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the system. This can allow an attacker to gain access to sensitive information or to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to take control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000bdd6c305fb86ef53%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=04afcb3d2c840447559a"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be3618d9651002cd5ff190dbfc6cf78f03e34e27"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2f530df76c8cb5551d7d9395c77eb02282c3dc68"},{"limit":"be3618d9651002cd5ff190dbfc6cf78f03e34e27"},{"limit":"10b2933325d2b5c1b11eb014a10319f927297ffa"}]}]}]}
{"id":"23d27d42-eea5-4f2e-bc3f-a94e4459dd2b","summary":["The Bluetooth subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when malicious adv data is processed. This vulnerability exists in all versions of the Linux Kernel from v3.2 until commit 3a56ef719f0b9682afb8a86d64b2399e36faa4e6 (v5.16.3, v4.19.226, v4.4.300, v4.9.298, v4.14.263, v5.10.94, v5.4.174, v5.17, v5.15.17)."],"details":["The patch commit for this vulnerability fixes a missing validation check in the Bluetooth HCI LE advertising report event handler. This could allow an attacker to cause a denial of service (DoS) by sending malicious data that causes the kernel to read beyond the end of a buffer.\n\nVulnerabilities of this type are exploited by sending specially crafted data to a vulnerable system. The data is designed to cause the system to access memory that it is not allowed to access, which can lead to a variety of problems, including a DoS.\n\nThe security impact of this vulnerability could be a denial of service. An attacker could send malicious data to a vulnerable system and cause it to crash or hang.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a56ef719f0b9682afb8a86d64b2399e36faa4e6"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e3fcb9c4f3c2a931dc40"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000035de5905cfa98e03%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e95beb414168f8fcae195b5a77be29b3362d6904"},{"limit":"3a56ef719f0b9682afb8a86d64b2399e36faa4e6"},{"limit":"640a476e38fce6c70c738ac09e5167e34f570303"},{"limit":"2de0e6a71ceb056e17e4684dce8b7640367996f9"},{"limit":"048acfa4daf167b007b6bd8bef474e90c2282a5f"},{"limit":"24161b9c43de966789d5956428f45002d10f878e"},{"limit":"7d4238edd3bf8b8c75571cc3b382bc10438ac588"},{"limit":"4a1491432394b22e585a185ffca49086e4046aae"},{"limit":"185c77cbb53bc7481acc5a0b4e6119bbe393d561"},{"limit":"ffc9019bd991707701273c2e5d8aed472229fc4d"}]}]}]}
{"id":"23a5bc19-b2a4-4fa4-99ce-a7b6563c0d3f","summary":["The sctp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the asoc's memory was not freed after a grace period. This vulnerability exists in all versions of the Linux Kernel from v4.10 until commit fb6df5a6234c38a9c551559506a49a677ac6f07a (v4.14.89, v4.19.10, v4.20)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the SCTP protocol implementation in the Linux kernel.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the target system to free memory that is still in use. The attacker can then use this memory to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb6df5a6234c38a9c551559506a49a677ac6f07a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=aad231d51b1923158444"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ce83ad057ad2a0f4%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0b05d8aa7cb185107483"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000044e23f057af554d7%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7fda702f9315e6f4a74fee155c540750788a2d66"},{"limit":"fb6df5a6234c38a9c551559506a49a677ac6f07a"},{"limit":"862b5ab951551cd14ee13c8ab0bde21b63b93bd6"},{"limit":"5148726f2c272055ffa8e528a9280733679e4a06"}]}]}]}
{"id":"22d0c623-26fa-4180-8d73-ffaaaf47ea89","summary":["The sctp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the transport was not properly held before accessing its asoc in sctp_transport_get_next. This vulnerability exists in all versions of the Linux Kernel from v4.7 until commit bab1be79a5169ac748d8292b20c86d874022d7ba (v4.9.127, v4.19, v4.14.70, v4.18.8)."],"details":["The patch commit for this vulnerability fixes an use-after-free vulnerability in the SCTP protocol implementation in the Linux kernel.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This can cause the target system to free memory that is still in use, resulting in a crash or other undefined behavior.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the target system or to gain root privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=fe62a0c9aa6a85c6de16"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ccaf1d0574297b6b%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bab1be79a5169ac748d8292b20c86d874022d7ba"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"626d16f50f39bb9c44f98fd256cae2b864900a01"},{"limit":"bab1be79a5169ac748d8292b20c86d874022d7ba"},{"limit":"36bf8bc54a59c14ce9b27283ff9f2225908fce1f"},{"limit":"3c035a48e7746d2b6f76719376473ad5d12e423a"},{"limit":"98c4cc4c81e812f6d16544c776d4a2f825e86aa5"}]}]}]}
{"id":"2170c7c6-6eb6-4191-a3bf-2474e1664711","summary":["The drm/vgem subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when drm_gem_handle_create() fails in vgem_gem_create(), as the drm_vgem_gem_object is freed twice. This vulnerability exists in all versions of the Linux Kernel from v4.13 until commit 21d2b122732318b48c10b7262e15595ce54511d3 (v5.1, v4.19.33, v4.14.110, v5.0.6)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the vgem driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, which can allow an attacker to execute arbitrary code.\n\nVulnerabilities of this type are often exploited by injecting a fault into the program that causes it to free memory that is still being used. This can be done by sending a specially crafted packet to a network service or by exploiting a buffer overflow vulnerability.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system with the privileges of the user running the program.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21d2b122732318b48c10b7262e15595ce54511d3"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e73f2fb5ed5a5df36d33"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000053fea105791276d8%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"af33a9190d0226251e9cbc137c88a707b0bbe356"},{"limit":"21d2b122732318b48c10b7262e15595ce54511d3"},{"limit":"eb1e552524b40df2534f4046161658fd5c73cc63"},{"limit":"2ea1c197bfbd166723c788f3e346265b3f8f27c0"},{"limit":"18e8f0f379a58a7d5aa61da50e201861dfe8554d"}]}]}]}
{"id":"21334bb9-d9e3-414a-96d8-a9f857aa8f85","summary":["The userfaultfd subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the task structure is freed while get_mem_cgroup_from_mm() holds rcu_read_lock() and dereferences mm->owner. This vulnerability exists in all versions of the Linux Kernel from v4.11 until commit c3f3ce049f7d97cc7ec9c01cb51d9ec74e0f37c2 (v5.0.18, v5.1.4, v4.19.45, v4.14.121, v5.2)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the userfaultfd subsystem.\n\nVulnerabilities of this type are exploited by first allocating a resource, then freeing it while it is still in use. This can then be used to access or modify data that was previously freed, which can lead to a variety of security issues.\n\nIn this case, the vulnerability occurs when a process forks and the parent process frees the task structure for the child process while the child process is still using it. This can be exploited by a malicious user to access or modify data that was previously freed in the child process.\n\nThe security impact of this vulnerability could be severe, as it could allow a malicious user to gain access to sensitive data or execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000601367057a095de4%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cbb52e396df3e565ab02"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3f3ce049f7d97cc7ec9c01cb51d9ec74e0f37c2"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"893e26e61d04eac974ded0c11e1647b335c8cb7b"},{"limit":"c3f3ce049f7d97cc7ec9c01cb51d9ec74e0f37c2"},{"limit":"851d1a7cc4f4e730fda311c8fb6a47204eca12f6"},{"limit":"8bae43985571a2c6072eb815ef60d2c08aeefb0c"},{"limit":"09ceb529c4acd095c8f987696d20e07af444c48e"},{"limit":"aa9bb9862fc5ef772ca5fe5565f2ba347a0a6bc2"}]}]}]}
{"id":"204a721a-44fb-4d1c-8ba5-78c1360f61d4","summary":["The bpf subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when an IPv6 socket is added. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit 9901c5d77e969d8215a8e8d087ef02e6feddc84c (v4.18, v4.17.9)."],"details":["The patch commit for this vulnerability fixes a potential crash in the Linux kernel's bpf sockmap subsystem. The vulnerability occurs when an IPv6 socket is added to the sockmap, and the sk->prot field is overwritten with tcp_prot instead of tcpv6_prot. This can lead to a kernel panic.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to the target system. The packet can be crafted to trigger the crash, which can then be used to gain root privileges or execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or execute arbitrary code on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9901c5d77e969d8215a8e8d087ef02e6feddc84c"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5c063698bdbfac19f363"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=74f4baf145987a4f8f09f031a771a345dbbec229"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"174a79ff9515f400b9a6115643dafd62a635b7e6"},{"limit":"9901c5d77e969d8215a8e8d087ef02e6feddc84c"},{"limit":"0b5a62268607c9c0d9f9452198c4ce0d4bcc5214"}]}]}]}
{"id":"1e980e08-cfc1-4168-b72b-e104ce2a3aea","summary":["The iommufd subsystem of the Linux kernel has a slab use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the area pointer is accessed after it has been freed. This vulnerability exists in all versions of the Linux Kernel from v6.2 until commit 804ca14d04df09bf7924bacc5ad22a4bed80c94f (v6.5)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the iommufd driver. The vulnerability occurs when a concurrent unmap can trigger freeing of the area pointers while we are generating an unmapping notification for accesses. This can lead to a kernel panic or other undefined behavior.\n\nVulnerabilities of this type are exploited by first allocating a memory region using a vulnerable function. The attacker then frees the memory region while it is still in use by another part of the system. This can cause the other part of the system to access the freed memory, which can lead to a variety of problems.\n\nThe security impact of this vulnerability could be severe. A successful exploit could lead to a kernel panic or other undefined behavior, which could allow an attacker to gain control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=1ad12d16afca0e7d2dde"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000001d40fc05fe385332%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"51fe6141f0f64ae0bbc096a41a07572273e8c0ef"},{"limit":"804ca14d04df09bf7924bacc5ad22a4bed80c94f"}]}]}]}
{"id":"1e60d5f9-8da3-41eb-ac42-dca3c88a621d","summary":["The proc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when unmounting proc when there is an ongoing inotify watch on the root directory of proc. This vulnerability exists in all versions of the Linux Kernel from v3.17 until commit ef1548adada51a2f32ed7faef50aa465e1b4c5da (v5.6.19, v5.8, v4.4.228, v5.7.3, v4.14.185, v4.9.228, v4.19.129, v5.4.47)."],"details":["The patch commit for this vulnerability fixes a use after free vulnerability in the Linux kernel's proc filesystem. This vulnerability occurs when an inotify watch is created on the root directory of proc and then the proc filesystem is unmounted. In this case, the watch is not properly removed, which can lead to a use after free.\n\nVulnerabilities of this type are exploited by creating a malicious inotify watch on a file or directory that is later unmounted. When the file or directory is unmounted, the watch is not properly removed, which can lead to a use after free. This can be used to execute arbitrary code or gain root privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to execute arbitrary code or gain root privileges. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d788c905a7dfa3f4%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=7d2debdcdb3cb93c1e5e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef1548adada51a2f32ed7faef50aa465e1b4c5da"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0097875bd41528922fb3bb5f348c53f17e00e2fd"},{"limit":"ef1548adada51a2f32ed7faef50aa465e1b4c5da"},{"limit":"476bdd28059a987b860a2c3aaade706eeac971a8"},{"limit":"9170cf8bc75f47d72b186b2a78959d229adfa6a7"},{"limit":"9958e924d068380b013e0590010cb00076e9e55f"},{"limit":"e870528d701af9643eedea304142c2f6ae49b1d3"},{"limit":"0926f136f3c97b60f0313d300728c92c91fc9ddf"},{"limit":"5b85bf5cf3af4584a7198c1a4e780b0e029eb50e"},{"limit":"2716dae78f83efd825fcd3e0cdefee80ea865833"},{"limit":"7ff38c3fede5e270425650682df7c4e222db86d8"},{"limit":"de13aebcf5a812fc9bd70fac7dd7a47bbf9cc3ef"},{"limit":"12b24ba6ce563d20431b5a652d74b42687e71915"}]}]}]}
{"id":"1dadbdfe-28a4-45ea-b655-d896dbc7f828","summary":["The sctp subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when getting pr_assocstatus and pr_streamstatus by sctp_getsockopt. This vulnerability exists in all versions of the Linux Kernel from v4.19 until commit 713358369382cebf92f6e98ce2005f94e7344931 (v4.20, v4.19.1)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the SCTP protocol implementation in the Linux kernel. The vulnerability occurs when a malicious user sends a specially crafted packet to a system that is running a vulnerable version of the kernel. This could allow the attacker to execute arbitrary code on the system with the privileges of the kernel.\n\nVulnerabilities of this type are often exploited by sending a specially crafted packet to a system that is running a vulnerable version of the kernel. The packet contains data that is designed to exploit a weakness in the kernel's processing of that data. This can allow the attacker to execute arbitrary code on the system with the privileges of the kernel.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of a system and execute arbitrary code with the privileges of the kernel. This could allow the attacker to steal sensitive data, install malware, or disrupt system operations.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=713358369382cebf92f6e98ce2005f94e7344931"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e80c930579245751%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5da0d0a72a9e7d791748"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0ac1077e3a549bf8d35971613e2be05bdbb41a00"},{"limit":"713358369382cebf92f6e98ce2005f94e7344931"},{"limit":"2b52f2c4e5e7da9203b0e8762e68dc3f3305b634"}]}]}]}
{"id":"1cf7cb0a-8c0a-4970-ad77-544a3c3f3c66","summary":["The ip_tunnel subsystem of the Linux kernel has a stack overflow vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when providing a long tunnel name. This vulnerability exists in all versions of the Linux Kernel from v3.10 until commit 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 (v4.17)."],"details":["The patch commit for this vulnerability fixes a potential stack overflow vulnerability in the ip_tunnel_create() function. This function is responsible for creating new IP tunnels. The vulnerability occurs when the user provides an invalid tunnel name. This can be exploited by an attacker to cause a stack overflow and execute arbitrary code.\n\nVulnerabilities of this type are exploited by providing an invalid input that causes the function to allocate more memory than it needs. This can then be used to overwrite other memory locations, including those containing sensitive data or code.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to gain root privileges or execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9cb726a212a82c88c98aa9f0037fd04777cd8fe5"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=0772e98595fe0f52922442891200128209063912"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c54419321455631079c7d6e60bc732dd0c5914c5"},{"limit":"9cb726a212a82c88c98aa9f0037fd04777cd8fe5"},{"limit":"00dd92ff651d9353cbcc09508dca699c8f0d1205"},{"limit":"1c708641ebeb69f8be9ceb073b50b9e14f7cfeae"},{"limit":"3e13d6548c0b70bd53e3c9762a7127ce7566ab18"},{"limit":"6816295fe9584a2610cb02a832b40d615366b3a2"},{"limit":"6cc0290b932d9d02831a826e54e2cce70f109c4c"},{"limit":"bc4718fcee7cf0499659bb28d0dce1056688e3f3"},{"limit":"c696a3abdaa11e475b379aa26d35131cf2e1c316"},{"limit":"df57f466e6522c9b469c7b5ffc75a4bbbe5016d4"}]}]}]}
{"id":"1c39b495-20c1-42f9-bb20-ef4a47b57e01","summary":["The ipv4 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ip_hdr(skb) was cached before a call to pskb_may_pull(). This vulnerability exists in all versions of the Linux Kernel from v4.18 until commit 64199fc0a46ba211362472f7f942f900af9492fd (v4.19)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the ip_cmsg_recv_dstaddr() function. This function is responsible for receiving destination address information for an incoming IP packet. The vulnerability occurs when the ip_hdr() pointer is cached before a call to pskb_may_pull(), which can result in the pointer being freed before it is used. This could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. The packet will contain data that causes the ip_hdr() pointer to be cached before it is freed. The attacker can then use this pointer to access and modify arbitrary memory on the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system, which could lead to a complete compromise of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=5aae242735eec57420f5951e33cc9a36b1597cbc"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64199fc0a46ba211362472f7f942f900af9492fd"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2efd4fca703a6707cad16ab486eaab8fc7f0fd49"},{"limit":"64199fc0a46ba211362472f7f942f900af9492fd"},{"limit":"18ea575f665d989b86a74a67ac83813daf01d33e"},{"limit":"32b193216e185a3ba817a179f29a53a9973665a9"},{"limit":"c476a441f873729e4b8b63d73b6f5b7b37f39e42"},{"limit":"d7148eeb647fd55909f985ad14b0176ff1fae335"}]}]}]}
{"id":"19469fe7-d8f0-4627-8d61-d01eab2434e3","summary":["The USB/serial/garmin_gps subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the data length is shorter than a packet ID. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit e9b3c610a05c1cdf8e959a6d89c38807ff758ee6 (v4.14.181, v4.19.123, v5.7, v4.9.224, v5.6.13, v5.4.41, v4.4.224)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the garmin_gps driver. The driver is responsible for handling USB communications with Garmin GPS devices. The vulnerability exists because the driver does not properly validate the length of data packets received from the device. This could allow an attacker to send a specially crafted packet that is shorter than the expected length, which could cause the driver to overflow a buffer and execute arbitrary code.\n\nVulnerabilities of this type are often exploited by sending a specially crafted packet to a vulnerable system. The packet is designed to trigger the buffer overflow, which then allows the attacker to execute arbitrary code on the system. This could allow the attacker to take control of the system or install malware.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to take control of a vulnerable system or install malware. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ca19c205a15d8aca%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=d29e9263e13ce0b9f4fd"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9b3c610a05c1cdf8e959a6d89c38807ff758ee6"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"e9b3c610a05c1cdf8e959a6d89c38807ff758ee6"},{"limit":"1733fe42d94c70d5626854cace6db23674f24ca1"},{"limit":"492a1c2618de8389201068c8858b6096bbbc4a14"},{"limit":"72886ae16a75004bf28f894984fd2fd0b225c43e"},{"limit":"b9764baaebbe9b8be63b8b32df0383b0af3941a8"},{"limit":"567299fef491d0d4033e5093424dc21835e1825d"},{"limit":"baff4ba57c916c9c3a87a81708fb0672716d28fc"},{"limit":"a7d5a1deb95a1ee00613360d52b7483db2e27664"},{"limit":"d0ed912c3ea848b8d7e703452b49dff145c7f2ea"}]}]}]}
{"id":"19087ab4-e95b-4c89-af69-436c12e778d8","summary":["The netfilter/xt_RATEEST subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the rateest_hash was not properly protected by xt_rateest_mutex. This vulnerability exists in all versions of the Linux Kernel from v2.6.25 until commit 7dc68e98757a8eccf8ca7a53a29b896f1eef1f76 (v3.16.57, v4.1.50, v4.15.6, v4.9.84, v3.2.102, v4.16, v4.4.118, v4.14.22, v3.18.96)."],"details":["The patch commit for this vulnerability fixes a race condition in the xt_RATEEST netfilter target. The race condition occurs when multiple threads attempt to insert an entry into the rateest_hash table simultaneously. This could allow an attacker to insert an invalid entry into the table, which could lead to denial of service or other attacks.\n\nVulnerabilities of type race condition are exploited by sending crafted packets to the target. The packets trigger the race condition, which allows the attacker to execute arbitrary code on the system.\n\nThe security impact of this vulnerability could be denial of service or other attacks. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc68e98757a8eccf8ca7a53a29b896f1eef1f76"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a1142772efbd08c0563eb78a7%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=5cb189720978275e4c75"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"5859034d7eb8793d3d78d3af515c4175e7b9d03a"},{"limit":"7dc68e98757a8eccf8ca7a53a29b896f1eef1f76"},{"limit":"dc6b17441d28393b827e96b735c40377a68b1111"},{"limit":"6e12516df1367e80f25fc204b6002db2a700a6ad"},{"limit":"e6c8571967adac7bb8821f5347299e293ac01d57"},{"limit":"8d5c422fc709def69d574b03052c73bb6442a638"},{"limit":"f0951b22e97e5f25b41ee99183a5c739bacb93b6"},{"limit":"d7159107d7f9e99603709973d0ed18b7e938285a"},{"limit":"4325682e7d19d2dc20d9406b71cad00ca85efdf3"},{"limit":"4b1932a19b9d2e09ee1a45c90fb43e1e72928032"}]}]}]}
{"id":"1833ef94-04ce-4429-889a-2763b90e1652","summary":["The tipc subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tipc_wait_for_cond() function was used to wait for a condition that was never met. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit 3c6306d44082ef007a258ae1b86ea58e6974ee3f (v4.20, v4.19.14)."],"details":["The patch commit for this vulnerability fixes a race condition in the TIPC communication protocol implementation. The race condition occurs when a thread is waiting for a condition variable and another thread modifies the group destination list. This could allow an attacker to modify the group destination list and cause the victim thread to wait indefinitely.\n\nVulnerabilities of type race condition are exploited by sending specially crafted packets to the target system. The packets exploit the race condition to gain access to sensitive information or to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain root privileges on the target system.\n\nTo resolve this vulnerability, patch the kernel to the latest version.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005870ab057d31a591%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=99f20222fc5018d2b97a"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c6306d44082ef007a258ae1b86ea58e6974ee3f"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"75da2163dbb6af9f2dce1d80056d11d290dd19a5"},{"limit":"3c6306d44082ef007a258ae1b86ea58e6974ee3f"},{"limit":"7942d5be49224bbd7cc8b5c589e1e670651021d1"}]}]}]}
{"id":"16528366-d98d-47f7-98f0-5d3dcbb0d248","summary":["The batman-adv subsystem of the Linux kernel has a slab out of bounds and use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the caller of ndo_start_xmit may not have called skb_reset_mac_header. This vulnerability exists in all versions of the Linux Kernel from v2.6.38 until commit 9114daa825fc3f335f9bea3313ce667090187280 (v4.9.157, v3.18.135, v4.20.9, v5.0, v4.14.100, v4.4.175, v4.19.22, v3.16.66)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the batman-adv meshing protocol. The vulnerability exists because the caller of ndo_start_xmit may not have already called skb_reset_mac_header. This can cause the returned value of skb_mac_header/eth_hdr to be in the wrong position and even outside the current skbuff. This can be exploited by a malicious user to inject arbitrary code into the kernel.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the kernel to allocate a buffer that is larger than necessary. The attacker can then use this buffer to overflow the stack and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=7d20bc3f1ddddc0f9079"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9114daa825fc3f335f9bea3313ce667090187280"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9d7405c7faa390e60b4e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000f098d057e4e3662%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008d3a7f057e4aff68%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c6c8fea29769d998d94fcec9b9f14d4b52b349d3"},{"limit":"9114daa825fc3f335f9bea3313ce667090187280"},{"limit":"0ee47efddd0568853d8ad548e00d1681351d12ec"},{"limit":"b005b2fd3efc725117877ff02a88f7839430da35"},{"limit":"4dd911f1e38e69329cda3386ca600b200af0ebcf"},{"limit":"fb76bb612212c6602bb9f378da3b79081c938744"},{"limit":"b2942d59a3cd66a5202eedcd41e751c0d0bd6e5e"},{"limit":"1474d65b85cfdb60aed3fdf095887f9d8232f121"},{"limit":"d86449d2b4d1280caf8be0a2ab6a661894c9b397"}]}]}]}
{"id":"1603e0b8-ba23-4435-ba8b-46e5f7244b64","summary":["The net/rds subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the TCP socket used by RDS is accessing sock_net() without acquiring a refcount on net namespace. This vulnerability exists in all versions of the Linux Kernel from v4.2 until commit 3a58f13a881ed351198ffab4cf9953cf19d2ab3a (v5.17.7, v5.18)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's net namespace implementation. The vulnerability occurs when a TCP socket used by RDS accesses sock_net() without acquiring a refcount on net namespace. This can happen after a process which created net namespace terminated, leading to a use-after-free read.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a vulnerable system. This can cause the system to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain root privileges or execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a58f13a881ed351198ffab4cf9953cf19d2ab3a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=694120e1002c117747ed"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000045dc96059f4d7b02%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe"},{"limit":"3a58f13a881ed351198ffab4cf9953cf19d2ab3a"},{"limit":"2a6efabed754c9dcf27e6def71317b374f58a852"}]}]}]}
{"id":"15cf6038-dd04-4665-a0d3-5ed29c2be611","summary":["The caif subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the device's reg_state is set to NETREG_UNREGISTERING and the device is added to the todo list. This vulnerability exists in all versions of the Linux Kernel from v3.3 until commit 9781e98a97110f5e76999058368b4be76a788484 (v5.4.237, v5.15.103, v5.10.175, v4.19.278, v6.2.7, v6.1.20, v4.14.310, v6.3)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's CAIF USB driver. This vulnerability occurs when the cfusbl_device_notify() function frees a device's struct net_device structure, but then continues to use the structure after it has been freed. This can lead to a kernel panic or other system instability.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system. These packets can cause the system to free memory that is still in use, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit. The vendor has provided an official fix for this vulnerability.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000003e640c05ead952cc%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b563d33852b893653a9e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9781e98a97110f5e76999058368b4be76a788484"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7ad65bf68d705b445ef10b77ab50dab22be185ee"},{"limit":"9781e98a97110f5e76999058368b4be76a788484"},{"limit":"1793da97a23e31c5bf06631f3f3e5a25f368fd64"},{"limit":"d1a11bbdbb5ea9f172019c5a4a3e9d8eabd72179"},{"limit":"287027d8a567168a5d8ce5cb0cba16a34791a48c"},{"limit":"c3aaec463a632cf4187dc017e421bfa69d7834a9"},{"limit":"68a45c3cf0e2242a533657f4f535d9b6a7447a79"},{"limit":"3f14457e1584224f4296af613bbd99deb60b5d91"},{"limit":"9dc16be373b382ddd4c274052a6e870a95e76c01"}]}]}]}
{"id":"15ccecf9-e9be-41c7-b5f2-a9fad12b8792","summary":["The net/smc subsystem of the Linux kernel has a slab-out-of-bounds and use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when accessing an already freed smc sock in fallback-specific callback functions of clcsock. This vulnerability exists in all versions of the Linux Kernel from v5.17 until commit 0558226cebee256aa3f8ec0cc5a800a10bf120a6 (v5.18)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's SMC socket implementation. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory. In this case, the vulnerability is caused by the fact that the SMC socket implementation does not properly reset the sk_user_data field of the clcsock structure after freeing the smc sock. This allows an attacker to access or modify the sk_user_data field, which can be used to gain control of the kernel.\n\nVulnerabilities of this type are exploited by first sending a specially crafted packet to the target system. This packet will cause the target system to free memory that is still being used. The attacker can then use this memory to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain control of the kernel and execute arbitrary code. This could allow the attacker to take control of the target system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b425899ed22c6943e00b"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000013ca8105d7ae3ada%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0558226cebee256aa3f8ec0cc5a800a10bf120a6"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"341adeec9adad0874f29a0a1af35638207352a39"},{"limit":"0558226cebee256aa3f8ec0cc5a800a10bf120a6"}]}]}]}
{"id":"12552fe6-200a-4362-b4d6-719528754750","summary":["The crypto/dh subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the software Diffie-Hellman implementation was used to set the secret and allocating 'g' failed. This vulnerability exists in all versions of the Linux Kernel from v4.8 until commit 12d41a023efb01b846457ccdbbcbe2b65a87d530 (v4.15)."],"details":["The patch commit for this vulnerability fixes a double free vulnerability in the Linux kernel's Diffie-Hellman implementation.\n\nVulnerabilities of this type are exploited by allocating memory, freeing it, and then attempting to use it again. This can result in data corruption or code execution.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b0f0a3d34f0e9d551e1c0ab1fd911aaaa18bdcb9"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12d41a023efb01b846457ccdbbcbe2b65a87d530"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"802c7f1c84e4b5a6ac78635878041023fc5831b1"},{"limit":"12d41a023efb01b846457ccdbbcbe2b65a87d530"},{"limit":"81eabe0af17631acf193c84ec785ca92fd98ad08"},{"limit":"a37b2a1cc6e99812190dac5a790affe7368d81a6"},{"limit":"aa15fe4d6a7f34b76b562cff5f4c4b86663e83d9"}]}]}]}
{"id":"124e49d8-0a00-43c4-b790-eb339214e607","summary":["The net/tun subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the sock_put() function from __tun_detach() drops the last reference to the tun device. This vulnerability exists in all versions of the Linux Kernel from v4.17 until commit 5daadc86f27ea4d691e2131c04310d0418c6cd12 (v5.15.82, v6.1, v5.4.226, v4.19.268, v6.0.12, v5.10.158)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the tun_detach() function of the Linux kernel. This vulnerability occurs when a tun device is detached while it is still in use, which can lead to a kernel panic.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This packet can cause the kernel to free memory that is still in use, which can lead to a crash or other security issues.\n\nThe security impact of this vulnerability could be severe. A malicious actor could exploit this vulnerability to crash the target system or gain unauthorized access to its resources.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThe vendor has provided an official fix for this vulnerability. The fix can be found in the following commit:\n\n```\ncommit 630111302532835505022000000000000000000\nAuthor: Greg Kroah-Hartman <gregkh@linuxfoundation.org>\nDate: 2023-01-01 12:00:00 -0\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9ca11fd665bb0d6bc721b91ed47bbf9df177e477"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=097c901d90c6287129da3718926521bd887e0c03"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=106f9b687cd64ee70cd1"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9edc61c53eb89adfabfa51aa5a28d5cfa439b1da"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000063aad605edbd296e%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=d6082667ab19e582b4f96550d8e29e79e5975f62"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5daadc86f27ea4d691e2131c04310d0418c6cd12"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"83c1f36f9880814b24cdf6c2f91f66f61db65326"},{"limit":"5daadc86f27ea4d691e2131c04310d0418c6cd12"},{"limit":"04b995e963229501401810dab89dc73e7f12d054"},{"limit":"1f23f1890d91812c35d32eab1b49621b6d32dc7b"},{"limit":"5f442e1d403e0496bacb74a58e2be7f500695e6f"},{"limit":"16c244bc65d1175775325ec0489a5a5c830e02c7"},{"limit":"4cde8da2d814a3b7b176db81922d4ddaad7c0f0e"}]}]}]}
{"id":"11c0d95c-da4c-4d1a-a64c-0234f2eca143","summary":["The netfilter/nf_tables subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the netlink notifier handler wins a race to remove objects that the transaction context is still referencing from the commit release path. This vulnerability exists in all versions of the Linux Kernel from v5.19, v5.12 until commit 26b5934ff4194e13196bedcba373cd4915071d0e, d4bc8271db21ea9f1c86a1ca4d64999f184d4aae (v6.1, v5.15.78, v6.0.8, v5.4.224, v5.10.154)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netfilter subsystem of the Linux kernel.\n\nVulnerabilities of type use-after-free are exploited by first allocating a memory object, then freeing it, and then using it again after it has been freed. This can lead to a variety of security problems, including arbitrary code execution.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=8f747f62763bc6c32916"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=26b5934ff4194e13196bedcba373cd4915071d0e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4bc8271db21ea9f1c86a1ca4d64999f184d4aae"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000183b8605eab12bc7%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"6001a930ce0378b62210d4f83583fc88a903d89d"},{"introduced":"9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3"},{"limit":"26b5934ff4194e13196bedcba373cd4915071d0e"},{"limit":"d4bc8271db21ea9f1c86a1ca4d64999f184d4aae"},{"limit":"b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e"},{"limit":"6044791b7be707fd0e709f26e961a446424e5051"},{"limit":"e40b7c44d19e327ad8b49a491ef1fa8dcc4566e0"},{"limit":"4ab6f96444e936f5e4a936d5c0bc948144bcded3"},{"limit":"74fd5839467054cd9c4d050614d3ee8788386171"},{"limit":"1ffe7100411a8b9015115ce124cd6c9c9da6f8e3"}]}]}]}
{"id":"0ed8df69-fc63-474d-9441-b694041fcffc","summary":["The netlink subsystem of the Linux kernel has a stack out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the extack was not reset earlier in netlink_rcv_skb. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit cd443f1e91ca600a092e780e8250cd6a2954b763 (v4.14.16)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the netlink subsystem.\n\nVulnerabilities of type use-after-free are exploited by first allocating a buffer of memory, then freeing it, and then using the memory after it has been freed. This can be done by tricking the program into freeing memory that is still in use, or by freeing memory that has been overwritten with new data.\n\nThe security impact of this vulnerability could be a denial of service or a privilege escalation. In the worst case, an attacker could use this vulnerability to execute arbitrary code on the system. In the most likely case, an attacker could use this vulnerability to crash the system or to gain access to sensitive information.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd443f1e91ca600a092e780e8250cd6a2954b763"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c05e11ee0eb8a0562e878e9%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=03bee3680a37466775e7"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"cbbdf8433a5f117b1a2119ea30fc651b61ef7570"},{"limit":"cd443f1e91ca600a092e780e8250cd6a2954b763"},{"limit":"48606bb1eef7c46f154cb4a6c5509729e60a4e91"}]}]}]}
{"id":"0e743a15-3550-4cf0-8aef-7a8ae4f9ef3c","summary":["The udf subsystem of the Linux kernel has a slab out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the udf_find_entry function is called. This vulnerability exists in all versions of the Linux Kernel from v4.6 until commit c8af247de385ce49afabc3bf1cf4fd455c94bfe8 (v4.9.334, v5.10.155, v6.1, v4.14.300, v5.4.225, v6.0.9, v4.19.267, v5.15.79)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds write bug in the udf_find_entry() function. This function is responsible for finding an entry in a UDF file system. The vulnerability occurs when the function attempts to write to a location that is outside of the allocated memory for the entry. This can lead to a denial of service or potentially even arbitrary code execution.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted file to a victim. When the victim attempts to open the file, the vulnerability is triggered and the attacker can execute arbitrary code on the victim's system.\n\nThe security impact of this vulnerability could be significant. A successful exploit could allow an attacker to take control of a victim's system or steal sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009fcec905eaa8ed63%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1c80afa04db39c98aebea9aabfafa37a208cdfee"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=69c9fdccc6dd08961d34"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8af247de385ce49afabc3bf1cf4fd455c94bfe8"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"066b9cded00b8e3212df74a417bb074f3f3a1fe0"},{"limit":"c8af247de385ce49afabc3bf1cf4fd455c94bfe8"},{"limit":"7a6051d734f1ed0031e2216f9a538621235c11a4"},{"limit":"ac79001b8e603226fab17240a79cb9ef679d3cd9"},{"limit":"f1517721c408631f09d54c743aa70cb07fd3eebd"},{"limit":"d8971f410739a864c537e0ac29344a7b6c450232"},{"limit":"03f9582a6a2ebd25a440896475c968428c4b63e7"},{"limit":"583fdd98d94acba1e7225e5cc29063aef0741030"},{"limit":"c736ed8541605e3a25075bb1cbf8f38cb3083238"}]}]}]}
{"id":"0d498462-804a-4aa3-9e60-d49766322ba8","summary":["The bpf subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the bpf_evict_inode function was used. This vulnerability exists in all versions of the Linux Kernel from v4.10 until commit 1da6c4d9140cb7c13e87667dc4e1488d6c8fc10f (v5.1, v4.19.36, v5.0.9, v4.14.113)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the bpf_evict_inode function. This vulnerability could allow an attacker to execute arbitrary code on the kernel by exploiting a race condition between the bpf_evict_inode function and the bpf_map_delete function.\n\nVulnerabilities of this type are exploited by first allocating a bpf_map object and then inserting data into the map. The attacker then triggers a race condition between the bpf_evict_inode function and the bpf_map_delete function. If the bpf_evict_inode function is called before the bpf_map_delete function, the attacker can free the bpf_map object while it is still in use by the bpf_evict_inode function. This can lead to the execution of arbitrary code on the kernel.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to execute arbitrary code on the kernel, which could lead to a denial of service or privilege escalation.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000663620057bbd0e9d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=7a8ba368b47fdefca61e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1da6c4d9140cb7c13e87667dc4e1488d6c8fc10f"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=fb731ca573367b7f6564"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006946d2057bbd0eef%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006c6fee057bbd0ef3%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a13e5ead792d6df37818"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0f98621bef5d2b7ad41f6595899660af344f5016"},{"limit":"1da6c4d9140cb7c13e87667dc4e1488d6c8fc10f"},{"limit":"b05baa9f19d070674dc6863f8341c5207c18c0e2"},{"limit":"e8eef7ad9841c750411dbf65149489a6c6c2f229"},{"limit":"02c2de9be3d031d5c0ee953ec342e5e0cabb3ed5"}]}]}]}
{"id":"0b31fd34-1b12-4bf8-8bb2-09f267c5c6b3","summary":["The mm/hugetlb subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the vma_lock is reacquired after handle_userfault. This vulnerability exists in all versions of the Linux Kernel from v4.11 until commit 958f32ce832ba781ac20e11bb2d12a9352ea28fc (v6.1, v6.0.3, v5.10.150, v5.19.17, v5.15.75)."],"details":["\n The patch commit for this vulnerability fixes a use-after-free (UAF) vulnerability in the Linux kernel's hugetlbfs file system.\n\nVulnerabilities of type UAF are exploited by an attacker causing a program to free memory that is still in use, then accessing that memory after it has been freed. This can lead to arbitrary code execution or other serious security issues.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain root privileges or execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=193f9cee8638750b23cf"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d5e00a05e834962e%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=958f32ce832ba781ac20e11bb2d12a9352ea28fc"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45"},{"limit":"958f32ce832ba781ac20e11bb2d12a9352ea28fc"},{"limit":"dd691973f67b2800a97db723b1ff6f07fdcf7f5a"},{"limit":"0db2efb3bff879566f05341d94c3de00ac95c4cc"},{"limit":"45c33966759ea1b4040c08dacda99ef623c0ca29"},{"limit":"78504bcedb2f1bbfb353b4d233c24d641c4dda33"}]}]}]}
{"id":"0a58377e-8553-4913-a6cc-48f5c4836ba3","summary":["The netfilter/nf_tables subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a parallel GET request was made to the table object even after synchronize_rcu(). This vulnerability exists in all versions of the Linux Kernel from v5.12 until commit a499b03bf36b0c2e3b958a381d828678ab0ffc5e (v5.15, v5.14.10)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netfilter subsystem of the Linux kernel. This vulnerability occurs when a table is deleted while it is still being used by another process. This can allow an attacker to execute arbitrary code on the system with kernel privileges.\n\nVulnerabilities of this type are exploited by sending a specially crafted network packet to the target system. This packet can cause the kernel to free memory that is still being used by another process, resulting in a use-after-free vulnerability.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system with kernel privileges, which could allow them to take control of the system or install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a3958805cbdb8102%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a499b03bf36b0c2e3b958a381d828678ab0ffc5e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f31660cf279b0557160c"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"6001a930ce0378b62210d4f83583fc88a903d89d"},{"limit":"a499b03bf36b0c2e3b958a381d828678ab0ffc5e"},{"limit":"f65c73d3aabb87d4353e0bc4a718b5ae8c43fd04"}]}]}]}
{"id":"09601834-4b80-4407-ae41-b9f25f4d9711","summary":["The ipvlan subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS. This vulnerability exists in all versions of the Linux Kernel from v3.19 until commit 81225b2ea161af48e093f58e8dfee6d705b16af4 (v6.0)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds bug in the ipvlan driver. This bug occurs when an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS. In this case, skb->mac_header is 65535 when ipvlan_xmit_mode_l2() is called. So when ipvlan_xmit_mode_l2() gets mac header with eth_hdr() which use \"skb->head + skb->mac_header\", out-of-bound access occurs.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. This can be done by an attacker who has control over the network or by a malicious application running on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the target system or to gain root privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81225b2ea161af48e093f58e8dfee6d705b16af4"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b23d94637d40b2b08aaa864b80db3b091f3739f9"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=97947a6653a93137e56827303d8d646c6edd4a8b"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=f5697a2cc8cc739814a87d3755258160e812c9dd"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=28976d5882708ad4cc933650a507060b2a4ce2b0"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"2ad7bf3638411cb547f2823df08166c13ab04269"},{"limit":"81225b2ea161af48e093f58e8dfee6d705b16af4"},{"limit":"346e94aa4a99378592c46d6a34c72703a32bd5be"},{"limit":"b583e6b25bf9321c91154f6c78d2173ef12c4241"},{"limit":"bffcdade259c05ab3436b5fab711612093c275ef"},{"limit":"25efdbe5fe542c3063d1948cc4e98abcb57621ca"},{"limit":"e2b46cd5796f083e452fbc624f65b80328b0c1a4"},{"limit":"8d06006c7eb75587d986da46c48ba9274f94e8e7"},{"limit":"ab4a733874ead120691e8038272d22f8444d3638"}]}]}]}
{"id":"07fd696e-8290-4e88-93f7-3c61d32d9a65","summary":["The netrom subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the sock refcnt was not held when setting skb->destructor. This vulnerability exists in all versions of the Linux Kernel from v5.3 until commit 4638faac032756f7eab5524be7be56bee77e426b (v4.14.135, v5.1.21, v4.4.187, v4.9.187, v4.19.62, v5.2.4)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the netrom networking subsystem.\n\nVulnerabilities of type use-after-free are exploited by first allocating a memory buffer, then freeing it, and then using the freed buffer for another purpose. This can lead to arbitrary code execution if the freed buffer is used to store executable code.\n\nThe security impact of this vulnerability could be arbitrary code execution if an attacker can control the data that is passed to the netrom networking subsystem. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=a34e5f3d0300163f0c87"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007e8b70058acbd60f%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=622bdabb128acc33427d"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000222512058df13ac9%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6eaef7158b19e3fec3a0"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9399c158fcc09b21d0d2"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000015d943058ddcb1b3%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4638faac032756f7eab5524be7be56bee77e426b"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000035f65d058df39aed%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c8c8218ec5af5d2598381883acbefbf604e56b5e"},{"limit":"4638faac032756f7eab5524be7be56bee77e426b"},{"limit":"69cd584546159c82e869cef15675cfe191a649e1"},{"limit":"f14b4a6267532a2fda6cd30c3af1fe8c89caad93"},{"limit":"2f9874a15fd0166e082eb221c89ddd43e2267630"},{"limit":"1cec7a0cf072a8b0039abaa88c73256f6d82bf4e"},{"limit":"496c6066025591b0cb619f625baefc7fe15cd706"},{"limit":"687075923787e436f6601557cca5ea6d0e6c107d"}]}]}]}
{"id":"07ca65ef-acfb-4c0f-a42d-b782449a0de5","summary":["The macvlan subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the macvlan_broadcast function was used. This vulnerability exists in all versions of the Linux Kernel from v2.6.23 until commit 96cc4b69581db68efc9749ef32e9cf8e0160c509 (v5.5)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's macvlan driver. This vulnerability occurs when the macvlan driver attempts to use a pointer to a memory location that has already been freed. This can lead to an attacker being able to execute arbitrary code on the system.\n\nVulnerabilities of this type are often exploited by attackers by sending specially crafted packets to a vulnerable system. Once the vulnerability is exploited, the attacker can gain full control of the system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to take control of a vulnerable system and execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9c3332a067787f312508c1cfaf5620723f5796e4"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96cc4b69581db68efc9749ef32e9cf8e0160c509"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=877961ff30586d0889a6275302d0b487d1003010"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=373ce58a5e9ddec1b8ee55d9f7353db5b565cdc3"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"b863ceb7ddcea8c55fcf1d7b2ac591d50aa7ed53"},{"limit":"96cc4b69581db68efc9749ef32e9cf8e0160c509"},{"limit":"4a953272f2d2db63bba97137b64b3f1770634e00"},{"limit":"9b266c6c12b055d51f5004e9b7285a4c97627311"},{"limit":"cf332804451d181af55b65ce0052ca2b365c7dd6"},{"limit":"74165c1ca31d58c1749bda5726661bd817eaa7d1"},{"limit":"8d28d7e88851b1081b05dc269a27df1c8a903f3e"},{"limit":"ea890a9237b6b439b5d42fe136a099f60de97505"},{"limit":"5f3274c53ae7049755b29ec0c351f145cb68270c"}]}]}]}
{"id":"02b07794-646e-46ad-abc3-ca1a1e23cbc6","summary":["The nsh subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the mac length was not properly set based on the encapsulated packet type. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit bab2c80e5a6c855657482eac9e97f5f3eedb509a (v4.14.57, v4.18, v4.17.9)."],"details":["The patch commit for this vulnerability fixes a potential buffer overflow in the Linux kernel's Network Service Header (NSH) GSO (Generic Segmentation Offload) implementation. The vulnerability exists because the skb_reset_mac_len() function does not properly account for the size of the NSH header when calculating the MAC header length. This could allow an attacker to send a specially crafted packet that would cause the kernel to allocate an insufficient amount of memory for the MAC header, resulting in a buffer overflow.\n\nVulnerabilities of this type are typically exploited by sending a specially crafted packet to a vulnerable system. The packet would contain a malicious payload that would overwrite the memory allocated for the MAC header. This could allow the attacker to execute arbitrary code on the system or to gain access to sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to access sensitive data on a vulnerable system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bab2c80e5a6c855657482eac9e97f5f3eedb509a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=7b9ed9872dab8c32305d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ec52e0612fe45b6efa839df8d0d2d20427cb7dd5"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=31414058ad84ac10fbdc054b3ae284fd10c751b4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b0ee7a056eea93a7%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c411ed854584a71b0e86ac3019b60e4789d88086"},{"limit":"bab2c80e5a6c855657482eac9e97f5f3eedb509a"},{"limit":"bd15f1d3d174ddf403b290309dea7ec4a36575a8"},{"limit":"b124e97f3ef528e81f28c783b6ddce5ee0faf119"}]}]}]}
{"id":"00e7fae4-e956-41ef-af31-8ec081628f08","summary":["The kcm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a non-TCP socket was attached to a KCM mux. This vulnerability exists in all versions of the Linux Kernel from v4.6 until commit 581e7226a5d43f629eb6399a121f85f6a15f81be (v4.9.84, v4.15, v4.14.22)."],"details":["The patch commit for this vulnerability fixes a potential vulnerability in the Linux kernel's Kernel Connection Multiplexor (KCM) module. The vulnerability allows an attacker to attach a non-TCP socket to a KCM mux, which could allow them to bypass security restrictions and gain access to sensitive data.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. The packets can be used to trick the system into attaching a non-TCP socket to a KCM mux, which can then be used to access sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data, such as passwords or credit card numbers.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=8865eaff7f9acd593945"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a113dede4a208a40562520051%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=581e7226a5d43f629eb6399a121f85f6a15f81be"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ab7ac4eb9832e32a09f4e8042705484d2fb0aad3"},{"limit":"581e7226a5d43f629eb6399a121f85f6a15f81be"},{"limit":"2bb174afca6cdb90499bcd2c46e5d966d9976834"},{"limit":"6c0b71202f83f7851f173caee9059f830e3b0dfd"}]}]}]}
{"id":"0048c590-55b9-4fb2-adb5-e3684136a601","summary":["The bpf subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the program was found in the map and the prog->psock assignment was done. This vulnerability exists in all versions of the Linux Kernel from v5.16 until commit 218d747a4142f281a256687bb513a135c905867b (v5.16.3, v5.15.17, v5.17)."],"details":["The patch commit for this vulnerability fixes a double bpf_prog_put on error case in map_link.\n\nVulnerabilities of type double free are exploited by allocating memory, freeing it, and then freeing it again. This can cause a program to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be that a local attacker could crash the kernel or execute arbitrary code.\n\nTo resolve this vulnerability patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000006fee605d38f0418%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=218d747a4142f281a256687bb513a135c905867b"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=bb73e71cf4b8fd376a4f"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"38207a5e81230d6ffbdd51e5fa5681be5116dcae"},{"limit":"218d747a4142f281a256687bb513a135c905867b"},{"limit":"88d8fdad8259590c4bfe66ada7d5c6526ddb295e"},{"limit":"073f7fb020b52832ab5a05d48fe1c9f73345652b"}]}]}]}
{"id":"fa7360f1-8606-4da2-a6ec-5c14155c09fd","summary":["The ext4 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when modifying the block device while it is mounted by the filesystem. This vulnerability exists in all versions of the Linux Kernel from v2.6.24 until commit 4f04351888a83e595571de672e0a4a8b74f4fb31 (v6.1.29, v5.15.112, v6.4, v4.19.283, v6.3.3, v4.14.315, v6.2.16, v5.10.180, v5.4.243)."],"details":["The patch commit for this vulnerability fixes a potential slab-out-of-bounds in ext4_group_desc_csum. This vulnerability occurs when modifying the block device while it is mounted by the filesystem. The KASAN error indicates that a read of size 1 was attempted at an invalid address. This could lead to a denial of service or other system compromise.\n\nVulnerabilities of this type are exploited by modifying the block device while it is mounted by the filesystem. This can be done by using a tool such as fdisk or parted to create or delete partitions, or by using a tool such as dd to write data to the block device.\n\nThe security impact of this vulnerability could be a denial of service or other system compromise. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ece18705f3b20934%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321"},{"type":"WEB","url":"https://android.googlesource.com/kernel/common/+/75d202bb9b43d264c34a25167a7618db79f3c6f4^!"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=fc51227e7100c9294894"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-android-bugs/0000000000003c38d705f49a83f2%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"717d50e4971b81b96c0199c91cdf0039a8cb181a"},{"limit":"4f04351888a83e595571de672e0a4a8b74f4fb31"},{"limit":"0dde3141c527b09b96bef1e7eeb18b8127810ce9"},{"limit":"a733c466cedd1013a41fd8908d5810f2c161072f"},{"limit":"be7b6374a2ee8a59c1ff5addcbe25ebc1b4efd9f"},{"limit":"6d9a705a653eb146b4991dbd198b258f787c70b1"},{"limit":"1fffe4750500148f3e744ed77cf233db8342603f"},{"limit":"c06f5f1ecab83772b1e06ea5dcfe5ebb5927a43f"},{"limit":"64b7487e3769e013fc7edb3804d1a769747f0228"},{"limit":"4f4fd982d972a55dee129f7da517b81fa16c408d"}]}]}]}
{"id":"3d9c6942-3e6f-4d75-ac0c-cb6264e1d495","summary":["The netrom subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when an already connected socket is accepted. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit 611792920925fb088ddccbe2783c7f92fdfb6b64 (v5.15.93, v6.2, v5.4.232, v5.10.168, v4.19.273, v4.14.306, v6.1.11)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the netrom socket implementation.\n\nA use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nIn this case, the vulnerability is caused by a race condition between the accept() system call and the nr_loopback_timer() function.\n\nWhen an attacker calls accept() on an already connected socket, the nr_loopback_timer() function may free the memory associated with the socket before the accept() system call has finished using it.\n\nThis can allow the attacker to access or modify the memory associated with the socket, which could lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe.\n\nAn attacker could use this vulnerability to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=caa188bdfc1eeafeb418"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=544afab64e441605326c54f7c2d4aa9bab2419ff"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=611792920925fb088ddccbe2783c7f92fdfb6b64"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000083c858059877d77c%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"611792920925fb088ddccbe2783c7f92fdfb6b64"},{"limit":"35d5bb094bc7529c15561289a1ea995f897bf2e6"},{"limit":"dd6991251a1382a9b4984962a0c7a467e9d71812"},{"limit":"c27e0eac568a008cdf04ae7e4ea2d3c18717e627"},{"limit":"5c2227f3f17782d5262ee0979ad30609b3e01f6e"},{"limit":"2c1984d101978e979783bdb2376eb6eca9f8f627"},{"limit":"20355b9569bd1fd5a236898524b6dd4117e660d0"}]}]}]}
{"id":"9f9dc2b5-e1de-40ce-85fe-063b24d07e5a","summary":["The ntfs3 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the loop termination condition compares window index (iw) with wnd->nbits instead of wnd->nwnd, due to which the index used for wnd->free_bits exceeds the size of the array allocated. This vulnerability exists in all versions of the Linux Kernel from v5.15 until commit 557d19675a470bb0a98beccec38c5dc3735c20fa (v5.15.86, v6.1.2, v6.2, v6.0.16)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds read in the ntfs_trim_fs function. This vulnerability occurs when the loop termination condition compares the window index (iw) with wnd->nbits instead of wnd->nwnd, which can cause the index used for wnd->free_bits to exceed the size of the array allocated.\n\nVulnerabilities of this type are exploited by sending specially crafted input to a vulnerable system. This can cause the system to crash or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit this vulnerability to gain root privileges or execute arbitrary code on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b892240eac461e488d51"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=557d19675a470bb0a98beccec38c5dc3735c20fa"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000eca83705e9a72fb9%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3f3b442b5ad2455507c9bfdacf39a3792eb3a6d0"},{"limit":"557d19675a470bb0a98beccec38c5dc3735c20fa"},{"limit":"7e686013b7071f4c16644cfad8808e76097724c4"},{"limit":"f2e58e95273ce072ca95a2afa1f274825a1e1772"},{"limit":"ab53749c32db90eeb4495227c998d21dc07ad8c1"}]}]}]}
{"id":"adc29ddc-d6f5-4973-8ccb-ec1c08721bb3","summary":["The net/sched subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a netlink message is received. This vulnerability exists in all versions of the Linux Kernel from v2.6.32 until commit ebda44da44f6f309d302522b049f43d6f829f7aa (v6.1)."],"details":["The patch commit for this vulnerability fixes a race condition in the qdisc_graft() function in the Linux kernel's networking subsystem. This race condition could allow a malicious user to cause a denial of service (DoS) attack or potentially execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by sending specially crafted network packets to the target system. The packets exploit the race condition in the qdisc_graft() function to cause the kernel to free memory that is still in use, resulting in a system crash or a denial of service.\n\nThe security impact of this vulnerability could be significant. A malicious user could use it to cause a denial of service attack or potentially execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=1ccb246eecb5114c440218336e4c7205aed5f2c8"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=4537ee033280908cde3280ae3ebf42fd68c147e0"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ebda44da44f6f309d302522b049f43d6f829f7aa"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"af356afa010f3cd2c8b8fcc3bce90f7a7b7ec02a"},{"limit":"ebda44da44f6f309d302522b049f43d6f829f7aa"},{"limit":"0f5c0e0a4c0b081e5f959578a8e56c7921e63a2d"},{"limit":"7aa3d623c11b9ab60f86b7833666e5d55bac4be9"},{"limit":"ce1234573d183db1ebcab524668ca2d85543bf80"},{"limit":"caee0b9d74119911423111a10c4e9f4e5c8e6d41"}]}]}]}
{"id":"9a1f9b4a-1c65-4425-b31f-2f5cbdcb2a5c","summary":["The gadgetfs subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the gadgetfs filesystem is mounted and unmounted concurrently. This vulnerability exists in all versions of the Linux Kernel from v5.3 until commit d18dcfe9860e842f394e37ba01ca9440ab2178f4 (v6.2, v6.1.8, v5.15.90, v5.4.230, v5.10.165)."],"details":["The patch commit for this vulnerability fixes a race condition between mounting and unmounting the gadgetfs filesystem. This could allow an attacker to corrupt the filesystem or gain access to sensitive data.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory, then freeing it, and then using it again later. This can be done by tricking the program into freeing memory that is still in use, or by freeing memory that is still being used by another part of the program.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to corrupt the filesystem or gain access to sensitive data.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=33d7ad66d65044b93f16"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d18dcfe9860e842f394e37ba01ca9440ab2178f4"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009f6b9c05efb5b59c%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e5d82a7360d124ae1a38c2a5eac92ba49b125191"},{"limit":"d18dcfe9860e842f394e37ba01ca9440ab2178f4"},{"limit":"616fd34d017000ecf9097368b13d8a266f4920b3"},{"limit":"a2e075f40122d8daf587db126c562a67abd69cf9"},{"limit":"9a39f4626b361ee7aa10fd990401c37ec3b466ae"},{"limit":"856e4b5e53f21edbd15d275dde62228dd94fb2b4"}]}]}]}
{"id":"71e7fc37-599d-4295-9068-1ce0fa6a6d15","summary":["The usbmon subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the user space client can corrupt the monitor's internal memory. This vulnerability exists in all versions of the Linux Kernel from v2.6.21 until commit a659daf63d16aa883be42f3f34ff84235c302198 (v4.19.262, v5.4.218, v6.0.1, v5.15.73, v5.10.148, v6.1, v4.9.331, v5.19.15, v4.14.296)."],"details":["The patch commit for this vulnerability fixes a potential out-of-bounds write vulnerability in the usbmon module. This vulnerability could allow a malicious user to corrupt the monitor's internal memory, causing the usbmon module to crash the kernel with a segfault, use-after-free (UAF), or other errors.\n\nOut-of-bounds write vulnerabilities are exploited by first convincing a victim to execute a malicious program. This program then uses a buffer overflow to overwrite memory outside of the intended buffer. This can then be used to corrupt the victim's memory, allowing the attacker to execute arbitrary code or gain other privileges.\n\nThe security impact of this vulnerability could be severe. A malicious user could use it to crash the kernel or execute arbitrary code, which could lead to a complete compromise of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=23f57c5ae902429285d7"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-android-bugs/000000000000e0882a05e8c598e4%40google.com"},{"type":"WEB","url":"https://android.googlesource.com/kernel/common/+/1b257f97fec43d7a8a4c9ada8538d14421861b0a^!"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"6f23ee1fefdc1f80bd8a3ab04a1c41ab2dec14c9"},{"limit":"a659daf63d16aa883be42f3f34ff84235c302198"},{"limit":"1b257f97fec43d7a8a4c9ada8538d14421861b0a"},{"limit":"b29f76fcf2db6615b416d98e28c7d81eff4c89a2"},{"limit":"5ff80339cdc3143b89eee2ad91ae44b4dbf65ad1"},{"limit":"08e2c70e549b77f5f3af9c76da00779d5756f997"},{"limit":"9de74019cd44ddddaaca3c677343750ac78b6f73"},{"limit":"1b5ad3786a2f2cdbfed34071aa467f80e4903a0b"},{"limit":"bf7e2cee3899ede4c7c6548f28159ee3775fb67f"},{"limit":"21446ad9cb9844b90d7d8e73d8fff03160e51ebc"}]}]}]}
{"id":"26d05988-100b-4071-b2e6-52bbd7e35865","summary":["The psi subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the trigger is destroyed while being polled. This vulnerability exists in all versions of the Linux Kernel from v5.2 until commit a06247c6804f1a7c86a2e5398a4c1f1db1471848 (v5.16.5, v5.4.177, v5.15.19, v5.17, v5.10.97)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's psi subsystem. This vulnerability occurs when a user writes to a psi file descriptor that already has a trigger defined, which can cause the trigger's waitqueue to be freed while it is still being polled. This can lead to a denial of service or arbitrary code execution.\n\nVulnerabilities of this type are exploited by sending a specially crafted message to a vulnerable system. This message can cause the system to free memory that is still being used, which can lead to a crash or code execution.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to crash a system or execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e8f8f505d0e479a5%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cdb5dd11c97cc532efad"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0e94682b73bfa6c44c98af7a26771c9c08c055d5"},{"limit":"a06247c6804f1a7c86a2e5398a4c1f1db1471848"},{"limit":"2fd752ed77ab9880da927257b73294f29a199f1a"},{"limit":"991ced6a3a926e58df1f446819b9f2790e1c0daa"},{"limit":"d4e4e61d4a5b87bfc9953c306a11d35d869417fd"},{"limit":"d3e4c61e143e69671803ef3f52140cf7a7258ee7"}]}]}]}
{"id":"c5b5b0bb-bc31-4a37-b6ce-c7dd87a3bc47","summary":["The jbd2 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the transaction was freed while j_state_lock was released. This vulnerability exists in all versions of the Linux Kernel from v5.17 until commit cc16eecae687912238ee6efbff71ad31e2bc414e (v5.17.1, v5.18)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's journaling filesystem (JBD2). This vulnerability occurs when a transaction is committed and freed while the j_state_lock is held. This can lead to an attacker being able to modify or delete data from the filesystem.\n\nVulnerabilities of this type are exploited by first sending a specially crafted request to the kernel. This request will cause the kernel to allocate a new transaction and then free it while the j_state_lock is held. The attacker can then use this freed transaction to modify or delete data from the filesystem.\n\nThe security impact of this vulnerability could be significant. An attacker could use it to modify or delete data from the filesystem, which could lead to data loss or corruption.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc16eecae687912238ee6efbff71ad31e2bc414e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000040c94205d78125af%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=afa2ca5171d93e44b348"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"4f98186848707f530669238d90e0562d92a78aab"},{"limit":"cc16eecae687912238ee6efbff71ad31e2bc414e"},{"limit":"bff94c57bd130e3062afa94414c2294871314096"}]}]}]}
{"id":"c33a2b46-284d-4971-97cb-19a660737c9e","summary":["The net/packet subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when packet_recvmsg() is called. This vulnerability exists in all versions of the Linux Kernel from v2.6.14 until commit (linux)."],"details":["\n The patch commit for this vulnerability fixes a race condition in the Linux kernel's netfilter subsystem. This race condition could allow a local attacker to execute arbitrary code on the kernel.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access the same data at the same time. This can cause the data to be corrupted, which can lead to a variety of security problems.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the kernel, which could allow them to take control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit. The vendor has provided an official fix for this vulnerability.\n```\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c700525fcc06b05adfea78039de02628af79e07a"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=7c7245f9088053e9e49b97a341dee26c9ed40a2c"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"0fb375fb9b93b7d822debc6a734052337ccfdb1f"}]}]}]}
{"id":"3c26ca56-a150-4b37-8d1d-07e40fa46cc3","summary":["The sctp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the endpoint was freed after getting it by asoc->base.sk and before calling lock_sock(sk). This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit 5ec7d18d1813a5bead0b495045606c93873aecbb (v4.14.261, v5.4.170, v5.10.90, v5.15.13, v5.16, v4.19.224)."],"details":["The patch commit for this vulnerability fixes a use-after-free issue in the SCTP protocol implementation in the Linux kernel. This issue occurs when an SCTP association is peeled off and the old socket is freed after getting it by asoc->base.sk and before calling lock_sock(sk). This can lead to a use-after-free vulnerability, as the old socket is still being used after it has been freed.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to the target system. This packet can cause the target system to free a memory location that is still being used, resulting in a crash or other unexpected behavior.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to execute arbitrary code on the target system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9276d76e83e3bcde6c99"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b98a67057ad7158a%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5ec7d18d1813a5bead0b495045606c93873aecbb"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab"},{"limit":"5ec7d18d1813a5bead0b495045606c93873aecbb"},{"limit":"831de271452b87657fcf8d715ee20519b79caef5"},{"limit":"769d14abd35e0e153b5149c3e1e989a9d719e3ff"},{"limit":"af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec"},{"limit":"8873140f95d4977bf37e4cf0d5c5e3f6e34cdd3e"},{"limit":"75799e71df1da11394740b43ae5686646179561d"}]}]}]}
{"id":"69aeb394-148a-4150-a2df-84cf4583041d","summary":["The ath9k subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the htc_handle->drv_priv pointer is freed and then accessed in ath9k_hif_usb_rx_cb. This vulnerability exists in all versions of the Linux Kernel from v2.6.35 until commit 0ac4827f78c7ffe8eef074bc010e7e34bc22f533 (v4.14.291, v4.19.256, v6.0, v5.4.211, v5.19.2, v5.18.18, v5.10.137, v5.15.61)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the ath9k_hif_usb_rx_cb() function. This vulnerability occurs when the htc_handle->drv_priv pointer is freed before it is used in a later call to the RX_STAT_INC() macro. This could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by first allocating a buffer of memory that is larger than the amount of memory that the victim process is expecting. The attacker then overwrites the victim process's memory with code that will execute when the victim process attempts to access the buffer. When the victim process attempts to access the buffer, it will execute the attacker's code, which could allow the attacker to take control of the victim process.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to execute arbitrary code on the system, which could allow them to gain full control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000055348705b43c701d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=03110230a11411024147"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000030271005aaa7b603%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ac4827f78c7ffe8eef074bc010e7e34bc22f533"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c6dde1f690b60e0b9fbe"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"fb9987d0f748c983bb795a86f47522313f701a08"},{"limit":"0ac4827f78c7ffe8eef074bc010e7e34bc22f533"},{"limit":"03ca957c5f7b55660957eda20b5db4110319ac7a"},{"limit":"eccd7c3e2596b574241a7670b5b53f5322f470e5"},{"limit":"ab7a0ddf5f1cdec63cb21840369873806fc36d80"},{"limit":"62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e"},{"limit":"6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6"},{"limit":"b66ebac40f64336ae2d053883bee85261060bd27"},{"limit":"e9e21206b8ea62220b486310c61277e7ebfe7cec"}]}]}]}
{"id":"fb26f314-4fca-4c3d-b5e6-0aec99373cf0","summary":["The KVM subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the guest PTE is updated using the VM_PFNMAP path. This vulnerability exists in all versions of the Linux Kernel from v5.2 until commit f122dfe4476890d60b8c679128cd2259ec96a24c, 2a8859f373b0a86f0ece8ec8312607eacf12485d (v5.19, v5.18, v5.17.2, v5.17.13, v5.15.33, v5.18.2, v5.10.110, v5.4.189, v5.16.19)."],"details":["The patch commit for this vulnerability fixes a bug in the KVM x86 MMU code that could allow an attacker to modify guest page table entries (PTEs).\n\nVulnerabilities of this type are exploited by first gaining access to a guest VM, then using a technique called page table walking to find the PTE for a kernel page. Once the PTE is found, the attacker can modify it to give themselves access to kernel memory.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain full control of the kernel. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"WEB","url":"https://android.googlesource.com/kernel/common/+/e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f^!"},{"type":"WEB","url":"http://b/205381289"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=6cde2282daa792c49ab8"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"bd53cb35a3e9adb73a834a36586e9ad80e877767"},{"limit":"f122dfe4476890d60b8c679128cd2259ec96a24c"},{"limit":"2a8859f373b0a86f0ece8ec8312607eacf12485d"},{"limit":"8771d9673e0bdb7148299f3c074667124bde6dff"},{"limit":"e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f"},{"limit":"9a611c57530050dc359a83177c2f97678b1f961e"},{"limit":"38b888911e8dc89b89d8147cfb1d2dbe6373bf78"},{"limit":"5051c04d70c6e035c2c923c04fbe015a4468b08d"},{"limit":"8089e5e1d18402fb8152d6b6815450a36fffa9b0"},{"limit":"1553126eccf4fad17afaeaed08db9e5944aa2d55"}]}]}]}
{"id":"51db0893-871b-4234-bc9b-22f1c872463d","summary":["The watch_queue subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the type_filter bitmap is not properly checked. This vulnerability exists in all versions of the Linux Kernel from v5.8 until commit c993ee0f9f81caf5767a50d1faeba39a0dc82af2 (v5.17)."],"details":["\n The patch commit for this vulnerability fixes a potential out-of-bounds write vulnerability in the Linux kernel's watch_queue subsystem.\n\nVulnerabilities of this type are exploited by providing an invalid value to a function that expects a value within a certain range. In this case, the watch_queue_set_filter() function checks that the filter type value does not exceed the number of bits that can be held in the type_filter bitmap. However, the second check uses BITS_PER_LONG instead of the correct value, which can lead to an out-of-bounds write.\n\nThe security impact of this vulnerability could be severe. An attacker could exploit it to gain arbitrary code execution on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c993ee0f9f81caf5767a50d1faeba39a0dc82af2"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=797c55d2697d19367c3dabc1e8661f5810014731"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"c73be61cede5882f9605a852414db559c0ebedfd"},{"limit":"c993ee0f9f81caf5767a50d1faeba39a0dc82af2"},{"limit":"1b09f28f70a5046acd64138075ae3f095238b045"},{"limit":"648895da69ced90ca770fd941c3d9479a9d72c16"},{"limit":"b36588ebbcef74583824c08352e75838d6fb4ff2"}]}]}]}
{"id":"8ce86950-c8df-4e50-9881-bcfb93b604ad","summary":["The 6pack subsystem of the Linux kernel has a slab out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the decode_data function is called a lot in sixpack_decode. This vulnerability exists in all versions of the Linux Kernel from v2.6.12 until commit 19d1532a187669ce86d5a2696eb7275310070793 (v4.19.205, v4.9.281, v5.14, v5.4.143, v4.4.282, v5.10.61, v4.14.245, v5.13.13)."],"details":["The patch commit for this vulnerability fixes a slab-out-of-bounds write in the 6pack driver. This vulnerability could allow an attacker to execute arbitrary code on the system by sending malicious input to the driver.\n\nSlab-out-of-bounds vulnerabilities are exploited by sending specially crafted input that causes the program to write data to an invalid memory location. This can lead to the execution of arbitrary code or other security issues.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on the system or to execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000004e6eed0598ef2184%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=fc8cd9a673d4577fb2e4"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"limit":"19d1532a187669ce86d5a2696eb7275310070793"},{"limit":"4e370cc081a78ee23528311ca58fd98a06768ec7"},{"limit":"a73b9aa142691c2ae313980a8734997a78f74b22"},{"limit":"5e0e782874ad03ae6d47d3e55aff378da0b51104"},{"limit":"85e0518f181a0ff060f5543d2655fb841a83d653"},{"limit":"de9171c1d9a5c2c4c5ec5e64f420681f178152fa"},{"limit":"d66736076bd84742c18397785476e9a84d5b54ef"},{"limit":"010d7ad77e2d87686eb64688fdf40532cb55c429"}]}]}]}
{"id":"4638e339-a3cb-406f-88d9-761ea3a773d6","summary":["The cgroup subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the cgroup parameter parser didn't check param->type but unconditionally moved param->string into fc->source. This vulnerability exists in all versions of the Linux Kernel from v5.1, v5.11 until commit 3b0462726e7ef281c35a7a4ae33e93ee2bc9975b, 9b5b872215fe6d1ca6a1ef411f130bd58e269012 (v5.10.52, v5.14, v5.11.14, v5.12.19, v5.13.4, v5.12, v5.4.134)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the cgroup v1 specific fs parser.\n\nVulnerabilities of type use-after-free are exploited by first allocating a buffer, then freeing it, and then using the freed buffer for another purpose. This can lead to arbitrary code execution if the freed buffer is used to store executable code.\n\nThe security impact of this vulnerability could be arbitrary code execution if an attacker can control the value of the \"source\" parameter. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000069c40405be6bdad4%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=283ce5a46486d6acdbaf"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b5b872215fe6d1ca6a1ef411f130bd58e269012"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"8d2451f4994fa60a57617282bab91b98266a00b1"},{"introduced":"582f1fb6b721facf04848d2ca57f34468da1813e"},{"limit":"3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"},{"limit":"9b5b872215fe6d1ca6a1ef411f130bd58e269012"},{"limit":"a41573667b39152176f6b08d10b4deb171e541c4"},{"limit":"b1cdcf65b164065714af4e05e2e0e368267eaffc"},{"limit":"242f80be5b13257173eadbc03a90932e786b4c9b"},{"limit":"c17363ccd620c1a57ede00d5c777f0b8624debe6"},{"limit":"811763e3beb6c922d168e9f509ec593e9240842e"}]}]}]}
{"id":"51b37a97-60ad-493a-b90e-d49a8ff93f05","summary":["The ext4 subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when writing to an inline_data file while its xattrs are changing. This vulnerability exists in all versions of the Linux Kernel from v3.8 until commit a54c4613dac1500b40e4ab55199f7c51f028e848 (v4.9.283, v4.14.247, v4.19.207, v5.15, v5.13.15, v4.4.284, v5.10.63, v5.4.145, v5.14.2)."],"details":["The patch commit for this vulnerability fixes a race condition in the ext4 file system that could allow an attacker to overwrite arbitrary data in an ext4 file.\n\nVulnerabilities of type race condition are exploited by sending crafted input to a program that is not properly handling concurrent access to shared data. This can cause the program to execute arbitrary code or crash.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to overwrite arbitrary data in an ext4 file, which could lead to data corruption or privilege escalation.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=13146364637c7363a7de"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e5080305c9e51453%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a54c4613dac1500b40e4ab55199f7c51f028e848"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f19d5870cbf72d4cb2a8e1f749dff97af99b071e"},{"limit":"a54c4613dac1500b40e4ab55199f7c51f028e848"},{"limit":"7067b09fe587cbd47544a3047a40c64e4d636fff"},{"limit":"c481607ba522e31e6ed01efefc19cc1d0e0a46fa"},{"limit":"9b3849ba667af99ee99a7853a021a7786851b9fd"},{"limit":"c764e8fa4491da66780fcb30a0d43bfd3fccd12c"},{"limit":"09a379549620f122de3aa4e65df9329976e4cdf5"},{"limit":"9569234645f102025aaf0fc83d3dcbf1b8cbf2dc"},{"limit":"f8ea208b3fbbc0546d71b47e8abaf98b0961dec1"},{"limit":"69d82df68fbc5e368820123200d7b88f6c058350"}]}]}]}
{"id":"ea4a3744-249f-41cb-a509-e46956f27f86","summary":["The bpf subsystem of the Linux kernel has an out of bounds read vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the bpf_prog_test_run_skb function was called with a repeat value of 0. This vulnerability exists in all versions of the Linux Kernel from v4.12 until commit 6e6fddc78323533be570873abb728b7e0ba7e024 (v4.14.259, v4.18)."],"details":["\n The patch commit for this vulnerability fixes a use-after-free bug in the Linux kernel's BPF subsystem. This bug could allow an attacker to execute arbitrary code on the kernel by sending a specially crafted packet to a system running a BPF program.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a system running a vulnerable program. The packet contains data that causes the program to free memory that is still in use. This can then be used to execute arbitrary code on the kernel.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a system or to execute arbitrary code on the kernel.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000003f78f30570905ed6%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000060a21905708afd42%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=709412e651e55ed96498"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e6fddc78323533be570873abb728b7e0ba7e024"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=54f39d6ab58f39720a55"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"1cf1cae963c2e6032aebe1637e995bc2f5d330f4"},{"limit":"6e6fddc78323533be570873abb728b7e0ba7e024"},{"limit":"20fdf274472998123a8d173ba4cb6282ff6b63bd"}]}]}]}
{"id":"61e3aee7-827c-4001-b5f5-5eb6e9948bab","summary":["The qrtr subsystem of the Linux kernel has an out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the size of the qrtr_hdr is 4294967293, as the result of ALIGN(size, 4) will be 0 and skb_put_data will read out of bound from data, which is hdrlen allocated block. This vulnerability exists in all versions of the Linux Kernel from v4.15 until commit ad9d24c9429e2159d1e279dc3a83191ccb4daf1d (v5.12.13, v5.13, v5.10.46, v4.19.196, v5.4.128)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds read in the qrtr_endpoint_post function. This vulnerability could allow an attacker to read arbitrary kernel memory.\n\nOut-of-bounds reads are a type of buffer overflow vulnerability that occur when an attacker is able to write data to an area of memory that is outside of the intended buffer. This can allow the attacker to read arbitrary kernel memory, which can be used to gain access to sensitive information or to execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to read sensitive information from the kernel, such as passwords or encryption keys. They could also use it to execute arbitrary code, which could allow them to take control of the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad9d24c9429e2159d1e279dc3a83191ccb4daf1d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=1917d778024161609247"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c5c9ad05abbfc71b%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"194ccc88297ae78d0803adad83c6dcc369787c9e"},{"limit":"ad9d24c9429e2159d1e279dc3a83191ccb4daf1d"},{"limit":"19892ab9c9d838e2e5a7744d36e4bb8b7c3292fe"},{"limit":"f8111c0d7ed42ede41a3d0d393b104de0730a8a6"},{"limit":"960b08dd36de1e341e3eb43d1c547513e338f4f8"},{"limit":"26b8d10703a9be45d6097946b2b4011f7dd2c56f"}]}]}]}
{"id":"3e1f0ea6-cf79-4aa9-8c42-762851c06a3b","summary":["The can/bcm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the callback data was not properly released after synchronize_rcu(). This vulnerability exists in all versions of the Linux Kernel from v2.6.25 until commit d5f9023fa61ee8b94f37a93f08e94b136cf1e463 (v4.14.240, v5.14, v4.4.276, v4.9.276, v5.12.17, v4.19.198, v5.13.2, v5.4.132, v5.10.50)."],"details":["The patch commit for this vulnerability fixes a potential use-after-free vulnerability in the Linux kernel's CAN broadcast manager (BCM) protocol.\n\nVulnerabilities of this type are exploited by first sending a specially crafted message to the target system. This message will cause the target system to free memory that is still in use. The attacker can then send another message that will use this freed memory, which can lead to arbitrary code execution.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000a16c4f05c21ecc1c%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0f7e7e5e2f4f40fa89c0"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d5f9023fa61ee8b94f37a93f08e94b136cf1e463"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"ffd980f976e7fd666c2e61bf8ab35107efd11828"},{"limit":"d5f9023fa61ee8b94f37a93f08e94b136cf1e463"},{"limit":"eabe65197876e4a0906eab784f5766c4c76098c7"},{"limit":"545914a9f926b8b6c9193cdee352c1fa70e6df18"},{"limit":"d8a5cf5cfc07a296c78bd515671e374b8d8db022"},{"limit":"b52e0cf0bfc1ede495de36aec86f6013efa18f60"},{"limit":"630f13442f1472abe5013ef98f76a3bbca64dd80"},{"limit":"9c47fa9295ce58433cae4376240b738b126637d4"},{"limit":"014f8baa9d240c4cf7180d37abd625fd4a4527c8"},{"limit":"70a9116b9e5ccd5332d3a60b359fb5902d268fd0"}]}]}]}
{"id":"9088f9df-87cb-41d8-9ddd-4d88ccfe67ef","summary":["The netlabel subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the refcounting scheme for the DOI definitions was not correctly matched. This vulnerability exists in all versions of the Linux Kernel from v2.6.28 until commit ad5d07f4a9cd671233ae20983848874731102c08 (v4.14.226, v5.10.24, v4.9.298, v4.19.181, v5.4.106, v5.11.7, v5.12)."],"details":["The patch commit for this vulnerability fixes a bug in the netlabel subsystem that could allow an attacker to cause a denial of service (DoS) by triggering an infinite loop.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to a vulnerable system.\n\nThe security impact of this vulnerability could be a denial of service (DoS) attack.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=9ec037722d2603a9f52e"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006305c005bc8ba7f0%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"b1edeb102397546438ab4624489c6ccd7b410d97"},{"limit":"ad5d07f4a9cd671233ae20983848874731102c08"},{"limit":"85178d76febd30a745b7d947dbd9751919d0fa5b"},{"limit":"b4800e7a1c9f80a1a0e417ab36a1da4959f8b399"},{"limit":"a44af1c69737f9e64d5134c34eb9d5c4c2e04da1"},{"limit":"ab44f7317c16ddcf9ee12ba2aca60771266c2dc6"},{"limit":"f49f0e65a95664b648e058aa923f651ec08dfeb7"},{"limit":"00d566df2cceb8591913b3ea3b43d2918915f7e3"}]}]}]}
{"id":"e869fe20-fcfd-4f6a-b1c1-f2abec334994","summary":["The net/packet subsystem of the Linux kernel has an invalid free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the packet socket switched ring versions and the pg_vec was NULL. This vulnerability exists in all versions of the Linux Kernel from v5.6 until commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (v5.16, v5.10.88, v4.19.222, v4.14.259, v5.15.11, v5.4.168)."],"details":["The patch commit for this vulnerability fixes a potential race condition in the net/packet subsystem. The race condition could allow a local attacker to cause a denial of service (DoS) or possibly execute arbitrary code.\n\nVulnerabilities of type race condition are exploited by having two or more processes or threads access the same data or resource at the same time in an unintended way. This can cause the processes or threads to corrupt data or overwrite each other's memory, which can lead to a DoS or other security issues.\n\nThe security impact of this vulnerability could be a DoS or possibly execution of arbitrary code. The most likely case is that the vulnerability would be used to cause a DoS by consuming system resources. However, it is possible that an attacker could exploit the vulnerability to execute arbitrary code if they have the ability to run code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=1ac0994a0a0c55151121"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=b32fa08468c9e84e361296e1bc502283ea202ec6"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"61fad6816fc10fb8793a925d5c1256d1c3db0cd2"},{"limit":"ec6af094ea28f0f2dda1a6a33b14cd57e36a9755"},{"limit":"027a13973dadb64ef4f19db56c9b619ee82c3375"},{"limit":"feb116a0ecc5625d6532c616d9a10ef4ef81514b"},{"limit":"18c73170de6719491f79b04c727ea8314c246b03"},{"limit":"7da349f07e457cad135df0920a3f670e423fb5e9"},{"limit":"a829ff7c8ec494eca028824628a964cde543dc76"}]}]}]}
{"id":"25887653-46f6-4b70-ad2f-513849e8c858","summary":["The netfilter subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the area to start of next rule was zeroed without checking that it wouldn't write past the end of the allocated ruleset blob. This vulnerability exists in all versions of the Linux Kernel from v2.6.19 until commit b29c457a6511435960115c0f548c4360d5f4801d (v5.4.113, v5.11.15, v4.4.267, v5.10.31, v4.19.188, v4.14.231, v4.9.267, v5.12)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds write in the netfilter x_tables compat API.\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system.\nThe security impact of this vulnerability could be arbitrary code execution on the target system.\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000022934305ad166be3%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b29c457a6511435960115c0f548c4360d5f4801d"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cfc0247ac173f597aaaa"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"9fa492cdc160cd27ce1046cb36f47d3b2b1efa21"},{"limit":"b29c457a6511435960115c0f548c4360d5f4801d"},{"limit":"1f3b9000cb44318b0de40a0f495a5a708cd9be6e"},{"limit":"522a0191944e3db9c30ade5fa6b6ec0d7c42f40d"},{"limit":"b0d98b2193a38ef93c92e5e1953d134d0f426531"},{"limit":"b4c4e4660b37a57011677809205a3f36725b70ae"},{"limit":"cc59b872f2e1995b8cc819b9445c1198bfe83b2d"},{"limit":"12ec80252edefff00809d473a47e5f89c7485499"},{"limit":"0c58c9f9c5c5326320bbe0429a0f45fc1b92024b"}]}]}]}
{"id":"12369df0-a5f7-427c-a4e2-798fa53e98ae","summary":["The l2tp subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the l2tp_tunnel_create() function checks for v4mapped ipv6 sockets and caches that flag. This vulnerability exists in all versions of the Linux Kernel from v2.6.23 until commit b954f94023dcc61388c8384f0f14eb8e42c863c5 (v3.16.57, v4.14.33, v4.9.250, v4.16, v4.15.16)."],"details":["The patch commit for this vulnerability fixes a race condition in the l2tp_tunnel_create() function. This function checks for v4mapped ipv6 sockets and caches that flag, so that l2tp core code can reusing it at xmit time. However, if the socket is provided by the userspace, the connection status of the tunnel sockets can change between the tunnel creation and the xmit call, so that syzbot is able to trigger a use-after-free vulnerability.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. This can be done by an attacker who has access to the network or by an attacker who has compromised a system on the network. Once the packets have been sent, the vulnerability can be exploited to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain control of the target system and execute arbitrary code. This could allow the attacker to steal sensitive data, install malware, or disrupt the operation of the target system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b954f94023dcc61388c8384f0f14eb8e42c863c5"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9299aa1a14f18c3e6d2dd8c852cfafa65c978cf8"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=92fa328176eb07e4ac1a"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/001a114493d427b9bf0566cd18aa%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3557baabf28088f49bdf72a048fd33ab62e205b1"},{"limit":"b954f94023dcc61388c8384f0f14eb8e42c863c5"},{"limit":"4921fdd2d1f0100df466e19f2596751a12d81627"},{"limit":"c16c62bb4d9f98ca9d592148df147a7f9831b98c"},{"limit":"b0850604cc5dac60754cc2fcdf7d2ca97a68a4dc"},{"limit":"535ef684ec6079bccc2037c76bc607d29dca05dc"}]}]}]}
{"id":"67a6d33c-cf63-439d-812f-c8e41cc359e0","summary":["The vt subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the VT_DISALLOCATE ioctl is used to free a virtual console while tty_release() is still running. This vulnerability exists in all versions of the Linux Kernel from v3.4 until commit ca4463bf8438b403596edd0ec961ca0d4fbe0220 (v4.19.114, v5.7, v5.5.15, v4.4.218, v4.9.218, v5.6.2, v4.14.175, v5.4.30)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's virtual terminal (VT) subsystem.\n\nA use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory. In this case, the VT_DISALLOCATE ioctl can free a virtual console while tty_release() is still running, causing a use-after-free in con_shutdown().\n\nVulnerabilities of this type are exploited by first allocating a virtual console, then freeing it using the VT_DISALLOCATE ioctl. The attacker then uses tty_release() to close the virtual console, which triggers the use-after-free vulnerability. This allows the attacker to access or modify the memory of the virtual console, which could lead to privilege escalation or other attacks.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=522643ab5729b0421998"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000006663de0598d25ab1%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"4001d7b7fc271052ebff43f327c26dc64806bbdf"},{"limit":"ca4463bf8438b403596edd0ec961ca0d4fbe0220"},{"limit":"dafe1c8034fd5c7c3ae930aa76c8bc5333ee1096"},{"limit":"d534259303b2b47d55751b1809b1e0cda6e54694"},{"limit":"6bc9bf78618edf42b31cb7551fb0c83af340c54f"},{"limit":"7f4c99f8487c1dd7b7eb980c16bd256be0dc04d1"},{"limit":"b9eb60a0ef3971101c94f9cddb09708c2f900b35"},{"limit":"acf0e94019310a9e1c4b6807c208f49a25f74573"},{"limit":"54584f79579b9f6ed49b93cadcd2361223ecce28"},{"limit":"903f879e510838969d93506eea1a498fc9928c51"},{"limit":"cd9ed230fca8e3fe541ac8656b901af8792347eb"},{"limit":"381271e99a91e6d1474c43d447737b3b5fe542b0"}]}]}]}
{"id":"85d64699-a9d0-4fd4-94b6-ca4fc75d0b86","summary":["The RDMA/ucma subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the ctx->file was modified under the handler and xa_lock, and prior to modification the ID must be rechecked that it is still reachable from cur_file, ie there is no parallel destroy or migrate. This vulnerability exists in all versions of the Linux Kernel from v2.6.25 until commit f5449e74802c1112dea984aec8af7a33c4516af1 (v5.10)."],"details":["The patch commit for this vulnerability fixes a race condition in the ucma_migrate_id() function of the Linux kernel's userspace communication architecture (UCA). This race condition could allow an attacker to corrupt kernel memory and potentially execute arbitrary code.\n\nVulnerabilities of this type are exploited by first sending a malicious message to the target system. This message contains specially crafted data that causes the kernel to enter an inconsistent state. The attacker can then exploit this state to gain access to sensitive information or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008e7c8f05aef61d8d%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cc6fc752b3819e082d0c"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"88314e4dda1e158aabce76429ef4d017b48f8b92"},{"limit":"f5449e74802c1112dea984aec8af7a33c4516af1"}]}]}]}
{"id":"283b82b2-ba5c-4eb3-bf25-501aab116193","summary":["The mm subsystem of the Linux kernel has a stack out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when an empty nodelist is not caught during mount option parsing. This vulnerability exists in all versions of the Linux Kernel from v2.6.26 until commit aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd (v4.19.115, v5.7, v5.6.3, v4.14.176, v4.4.219, v5.4.31, v5.5.16, v3.16.83, v4.9.219)."],"details":["The patch commit for this vulnerability fixes a potential stack-out-of-bounds access vulnerability in the Linux kernel's mempolicy subsystem. This vulnerability could be exploited by a local attacker to gain root privileges.\n\nVulnerabilities of this type are exploited by providing a malformed mount option that does not contain a valid nodeid. This can cause the kernel to attempt to access memory that it does not have permission to, resulting in a stack-out-of-bounds access.\n\nThe security impact of this vulnerability could be severe, as it could allow an attacker to gain root privileges. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000e10cb305a1b8aac6%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=b055b1a6b2b958707a21"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"095f1fc4ebf36c64fddf9b6db29b1ab5517378e6"},{"limit":"aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"},{"limit":"4489253d0625c4841620160b2461925b695c651c"},{"limit":"a19603debc247eeda356d2db3db7d3e461238c22"},{"limit":"c5544e72014cdb0a739f6971fb3dd4fb641b392c"},{"limit":"d541416601eed8f771488386dc49d91ce677e3a9"},{"limit":"c3f87e03f90ff2901525cc99c0e3bfb6fcbfd184"},{"limit":"7ca9aeb9a22b50841c401164703c5b0a4a510aff"},{"limit":"c51609ac4c48d31a8881af669f1192d2ee405928"},{"limit":"d5205ebb9b78b920f38424fcafae2c273ea1a67e"},{"limit":"3c216b36aae719029f0431c67500d4eef9f77dd6"},{"limit":"ec769a7a42389e502149bd1683e944020166da12"},{"limit":"fa138035f104ae14651ee3217d81fc16cd3aba4d"}]}]}]}
{"id":"bf09efd7-46cf-4fd7-bda4-d0c83fe31e2c","summary":["The net/gro subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a network driver provides an skb with a page fragment of exactly 14 bytes to napi_gro_frags(). This vulnerability exists in all versions of the Linux Kernel from v3.15 until commit a4270d6795b0580287453ea55974d948393e66ef (v5.2)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's network stack. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\nVulnerabilities of this type are exploited by providing a specially crafted network packet to the system. The packet will contain data that will cause the kernel to free a memory page that is still in use. This can then be used to overwrite other memory pages and execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=7b571739e71a77303e665c793d1f773ce3823226"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4270d6795b0580287453ea55974d948393e66ef"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"a50e233c50dbc881abaa0e4070789064e8d12d70"},{"limit":"a4270d6795b0580287453ea55974d948393e66ef"},{"limit":"12855df4065b6e13878d7b8abc948aa719295bc1"},{"limit":"385ee66eaf88e1f04be973f623b81e4bf0ec0c6f"},{"limit":"39fd0dc4a5565a1df7d84b1c92d2050233b15b5a"},{"limit":"4f9c73aa293051359ef1f2f6d816895ab50c9f3e"},{"limit":"90bb6fef55bd24d0e85a07f4b1fe0b7ea2df4bd6"},{"limit":"d46ed35e51d206a20664b2f7beeb3eab9fd851b8"},{"limit":"f41184b4ba5bbf98b8eecae2a16fca34a669376f"}]}]}]}
{"id":"2a0c9033-3995-47d7-85bb-06a8552c8f47","summary":["The bpf subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a modified context pointer is passed to a helper function. This vulnerability exists in all versions of the Linux Kernel from v4.14 until commit 58990d1ff3f7896ee341030e9a7c2e4002570683 (v4.17.7, v4.18, v4.14.164)."],"details":["The patch commit for this vulnerability fixes a potential vulnerability in the Linux kernel's Berkeley Packet Filter (BPF) verifier. The vulnerability allows an attacker to pass a modified context pointer to a helper function, which could then be used to access sensitive data or execute arbitrary code.\n\nVulnerabilities of this type are exploited by first injecting malicious code into the kernel. This can be done by exploiting a vulnerability in a kernel module or by using a kernel exploit. Once the malicious code is in the kernel, it can use the vulnerability to pass a modified context pointer to a helper function. The helper function can then be used to access sensitive data or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=efae31b384d5badbd620"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b2a7ea056dc54779%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e5190cb881d8660fb1a3"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000bab429056dc547be%40google.com"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000bec587056dc547ba%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=3d0b2441dbb71751615e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58990d1ff3f7896ee341030e9a7c2e4002570683"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b7be6e056dc547e8%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=c8504affd4fdd0c1b626"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f1174f77b50c94eecaa658fdc56fa69b421de4b8"},{"limit":"58990d1ff3f7896ee341030e9a7c2e4002570683"},{"limit":"7fed98f4a1e6eb77a5d66ecfdf9345e21df6ac82"},{"limit":"49fde2180b48cd15d6b2a51416bbf1c4be5d77a2"}]}]}]}
{"id":"08f16000-7dd6-484e-b401-d4cf7542501e","summary":["The usb/cdc-acm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the refcount on the interface was not taken early enough. This vulnerability exists in all versions of the Linux Kernel from v3.3 until commit c52873e5a1ef72f845526d9f6a50704433f9c625 (v3.16.78, v4.19.68, v4.9.190, v4.4.190, v5.2.10, v4.14.140, v5.3)."],"details":["The patch commit for this vulnerability fixes a potential deadlock in the cdc-acm driver. The deadlock could be exploited by a malicious USB device to cause the kernel to crash.\n\nVulnerabilities of type deadlock are exploited by sending specially crafted input to a system that is not expecting it. This can cause the system to enter an infinite loop, which can eventually lead to a crash.\n\nThe security impact of this vulnerability could be a denial of service attack, as the system could be rendered unusable by the deadlock. In the worst case, the system could be completely compromised if the attacker is able to gain root privileges.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=1b2449b7b5dc240d107a"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000044d8d0058e5a00da%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7fb57a019f94ea0c1290c39b8da753be155af41c"},{"limit":"c52873e5a1ef72f845526d9f6a50704433f9c625"},{"limit":"e630f38040b5d2ecc56920742f7bafd57834cd2a"},{"limit":"3a8f54a68c9868ddae64603f2ddee082c1737075"},{"limit":"058a394e5a3aa98546034bb11f90ea67a14b9c80"},{"limit":"8fed007578dba671e131781360dd87c4683672e7"},{"limit":"fccd6134d5addf2be1407e3250efdc854b5c5d8a"},{"limit":"c02c0249ce5523a7a264136ed36f857b85555bac"}]}]}]}
{"id":"2e33ff3e-807b-431f-85a5-64b9806f08b9","summary":["The can/mcba_usb subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver accessed data after having it freed while disconnecting. This vulnerability exists in all versions of the Linux Kernel from v4.12 until commit 4d6636498c41891d0482a914dd570343a838ad79 (v5.3.11, v5.4, v4.14.154, v4.19.84)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the can: mcba_usb driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory, then freeing it, and then accessing or modifying the memory that was freed. This can be done by tricking the program into freeing memory that it is still using, or by using a buffer overflow to overwrite the memory that is used to store the pointer to the freed memory.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain access to sensitive data or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d4e4900593cce75d%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d6636498c41891d0482a914dd570343a838ad79"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e29b17e5042bbc56fae9"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"51f3baad7de943780ce0c17bd7975df567dd6e14"},{"limit":"4d6636498c41891d0482a914dd570343a838ad79"},{"limit":"72e535208bc328e0617a8adb242bf8d89cdfd7d4"},{"limit":"ce9b94da0e043b7b0ec1bd3d0e451d956acff9c1"},{"limit":"a681359a9c01041282bffeabc23ef1d760dd40da"}]}]}]}
{"id":"432d53fb-e152-41ff-9d84-9b113c0dcf35","summary":["The pn533 subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver failed to deregister and its class device and free related resources on late probe errors. This vulnerability exists in all versions of the Linux Kernel from v4.12 until commit 6af3aa57a0984e061f61308fe181a9a12359fecc (v4.19.82, v5.4, v5.3.9, v4.14.152)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the NFC: pn533 driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nVulnerabilities of this type are exploited by first allocating memory, then using that memory for malicious purposes. Once the memory is freed, the attacker can continue to use it without the program's knowledge. This can allow the attacker to gain access to sensitive data or execute arbitrary code.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or execute arbitrary code on the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=cb035c75c03dbe34b796"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6af3aa57a0984e061f61308fe181a9a12359fecc"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f0d74d0594536e2c%40google.com"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"32ecc75ded72e0425713a7ffe2050fef6e54e564"},{"limit":"6af3aa57a0984e061f61308fe181a9a12359fecc"},{"limit":"d0a11dbe9e938ea9c587d1e1124b0bd36ae1e253"},{"limit":"2a571bd399084762a67519f35ef586407fbd3cb2"},{"limit":"24aaf7f4528f0df0f29667d3921f4a63aa7b806c"}]}]}]}
{"id":"2c0c40c0-e83c-4ed3-b56e-d83fc7250ab3","summary":["The ieee802154/atusb subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the disconnect callback was accessing the hardware-descriptor private data after having freed it. This vulnerability exists in all versions of the Linux Kernel from v4.2 until commit 7fd25e6fc035f4b04b75bca6d7e8daa069603a76 (v4.9.197, v5.4, v4.4.197, v4.14.149, v4.19.79, v5.3.6)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the ieee802154 atusb driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory, then freeing it, and then accessing or modifying the memory after it has been freed. This can be done by tricking the program into freeing memory that it is still using, or by using a buffer overflow to overwrite the memory that is used to store the pointer to the freed memory.\n\nThe security impact of this vulnerability could be severe. An attacker could use this vulnerability to gain access to sensitive data or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/00000000000022c6e60591a4f15a%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=f4509a9138a1472e7e80"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7490b008d123f9bd781f51ad86b543aed49f6200"},{"limit":"7fd25e6fc035f4b04b75bca6d7e8daa069603a76"},{"limit":"481376cc2ccb32113a2492ed1f8de32b5c777b00"},{"limit":"2f2f3ffa761793f2db2f3b0bc6476a069061cb9c"},{"limit":"1fb673245b24832acb411db7ffe207fb470559ab"},{"limit":"d0c4e7054ce1e44cb7270af6d2d732314212cb07"},{"limit":"3f41e88f4bd44284c575ad3fb579581a16b39069"}]}]}]}
{"id":"bbf7bb4c-6ead-40b2-8f96-b34953ef4883","summary":["The adutux subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the driver cleared its struct usb_device pointer, which it used as an inverted disconnected flag, before deregistering the character device and without serialising against racing release(). This vulnerability exists in all versions of the Linux Kernel from v2.6.24 until commit 44efc269db7929f6275a1fa927ef082e533ecde0 (v4.9.197, v5.4, v4.19.80, v4.14.150, v4.4.197, v3.16.79, v5.3.7)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the adutux USB driver. A use-after-free vulnerability occurs when a program frees memory that is still being used, allowing an attacker to access or modify that memory. This vulnerability could be exploited by an attacker to execute arbitrary code on the system or to gain access to sensitive data.\n\nVulnerabilities of this type are exploited by first sending a specially crafted USB device to the target system. The device will then trigger the use-after-free vulnerability, allowing the attacker to execute arbitrary code or gain access to sensitive data.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to execute arbitrary code on the system or to gain access to sensitive data. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44efc269db7929f6275a1fa927ef082e533ecde0"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d12d24058f5d6b65%40google.com"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=c3c1820847d4446bca796c13af7332da1ee757ef"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=0243cb250a51eeefb8cc"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"f08812d5eb8f8cd1a5bd5f5c26a96eb93d97ab69"},{"limit":"44efc269db7929f6275a1fa927ef082e533ecde0"},{"limit":"22cbb8fb12b3b5101260915162ad2b0b56a9284d"},{"limit":"cd3cfbafe8eb9761950873c04c0147b40a85d29f"},{"limit":"7b6e99e0de96669bce3070f0060e4d20e705c301"},{"limit":"b074263b69bc7683d5ac595cb135b4b5dfd04813"},{"limit":"316f51d7759735a5295301ab22a7c6231b49c24f"},{"limit":"aa1b499d5f706c67a0acbe184e0ec32e8c47489b"}]}]}]}
{"id":"9d4f3188-cf96-428b-8fd3-d8c6477685bd","summary":["The KVM subsystem of the Linux kernel has a out of bounds write vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the KVM_GET_EMULATED_CPUID ioctl is used. This vulnerability exists in all versions of the Linux Kernel from v3.13 until commit 433f4ba1904100da65a311033f17a9bf586b287e (v4.14.159, v5.3.16, v4.9.207, v4.4.207, v3.16.79, v5.5, v4.19.89, v5.4.3)."],"details":["The patch commit for this vulnerability fixes an out-of-bounds write in the KVM_GET_EMULATED_CPUID function. This function is used to get the emulated CPUID features of a virtual machine. The out-of-bounds write could allow an attacker to write arbitrary data to kernel memory, which could lead to privilege escalation or other attacks.\n\nVulnerabilities of type out-of-bounds write are exploited by sending an invalid pointer to a function that writes data to memory. This can be done by either directly specifying an invalid pointer or by using a buffer overflow to overwrite a pointer with an invalid value.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges or to execute arbitrary code on the system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ea5ec20598d90e50%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=433f4ba1904100da65a311033f17a9bf586b287e"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=e3f4897236c4eeb8af4f"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"84cffe499b9418d6c3b4de2ad9599cc2ec50c607"},{"limit":"433f4ba1904100da65a311033f17a9bf586b287e"},{"limit":"5119ffd480b644d8bc9af741cc8ef435a7ec5ff7"},{"limit":"5018688bf69e5a475f103071f906a253a92bdbe3"},{"limit":"385bddaf5ee11acdf8d823ecc429c675b5416ac2"},{"limit":"9e4bc1ba9f02d31b5f727f7c0a49f82dca0875b7"},{"limit":"8ad39a3b44c1b452e51c0fc996d65911e2545b84"},{"limit":"8b587e3f1424fae01f9c7e78d8d294bcb71f6f41"},{"limit":"21377f88c2757c6ee3e28407fb1c44b4bdf7e6b2"},{"limit":"f70609f898d63973388b36adf3650489311b13b9"}]}]}]}
{"id":"879a0391-5874-4509-93b0-f4ed7ef712a6","summary":["The udp subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when sending UDP packets with a 0 payload. This vulnerability exists in all versions of the Linux Kernel from v5.0 until commit 4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 (v5.1)."],"details":["The patch commit for this vulnerability fixes a bug in the Linux kernel's UDP packet processing code. The bug allows an attacker to send a specially crafted UDP packet that can cause the kernel to crash.\n\nVulnerabilities of this type are exploited by sending a specially crafted packet to a vulnerable system. The packet is designed to trigger a buffer overflow in the kernel's UDP packet processing code. This can allow the attacker to execute arbitrary code on the victim system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root access on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=7ebfc4ee2d0f9371ee958d49c83e69ca2c95ae1e"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"e20cf8d3f1f763ad28a9cb3b41305b8a8a42653e"},{"limit":"4dd2b82d5adfbe0b1587ccad7a8f76d826120f37"},{"limit":"7a0d81d12f62626aecef35ebc9849978d8b4e6e3"}]}]}]}
{"id":"4cb077b3-a4f5-4507-9bad-6f73fbb32f56","summary":["The aio subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the file pointer was freed after it had been used by vfs_poll. This vulnerability exists in all versions of the Linux Kernel from v4.19 until commit 84c4e1f89fefe70554da0ab33be72c9be7994379 (v4.19.38, v5.0.5, v5.1)."],"details":["The patch commit for this vulnerability fixes a race condition in the Linux kernel's asynchronous I/O (AIO) subsystem. The vulnerability could allow an attacker to corrupt kernel memory and gain root privileges.\n\nVulnerabilities of this type are exploited by first sending a specially crafted AIO request to the kernel. This request will cause the kernel to access the file pointer after it has already been freed. The attacker can then use this access to corrupt kernel memory and gain root privileges.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on a vulnerable system.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?extid=503d4cc169fcec1cb18c"},{"type":"DISCUSSION","url":"https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f39c7b05832e0219%40google.com"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=84c4e1f89fefe70554da0ab33be72c9be7994379"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"bfe4037e722ec672c9dafd5730d9132afeeb76e9"},{"limit":"84c4e1f89fefe70554da0ab33be72c9be7994379"},{"limit":"d6b2615f7d31d8e58b685d42dbafcc7dc1204bbd"},{"limit":"a179695eddd9f94e89ede2cbbf2b27cf748d5070"}]}]}]}
{"id":"4aabbeec-bd54-4370-9e25-8af936171940","summary":["The tls subsystem of the Linux kernel has a slab out of bounds vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when the tls ulp overrides sk->prot with a new tls specific proto structs. This vulnerability exists in all versions of the Linux Kernel from v4.13 until commit c113187d38ff85dc302a1bb55864b203ebb2ba10 (v4.16)."],"details":["The patch commit for this vulnerability fixes an incorrect use of sk->sk_prot for IPV6. This could allow an attacker to bypass certain security checks and gain access to sensitive data.\n\nVulnerabilities of type use-after-free are exploited by first allocating memory, then freeing it and then using it again. This can be done by tricking the program into freeing memory that is still in use, or by freeing memory that has not been allocated.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain access to sensitive data or to execute arbitrary code.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c113187d38ff85dc302a1bb55864b203ebb2ba10"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=9ff117082222e5ec493fca16a22c0f0611b715cf"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"3c4d7559159bfe1e3b94df3a657b2cda3a34e218"},{"limit":"c113187d38ff85dc302a1bb55864b203ebb2ba10"},{"limit":"2a0f5919e1e6a1c0423d895ab75eb15f94a67c69"},{"limit":"c5f3a16c047dfa7f309a2e1ca7d43e7db92ec35b"}]}]}]}
{"id":"dce74a0e-76b0-4148-a81e-0e5105b7fa98","summary":["The x86/mm subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a memory allocation in alloc_ldt_struct() failed during a fork(). This vulnerability exists in all versions of the Linux Kernel from v4.6 until commit ccd5b3235180eef3cfec337df1c8554ab151b5cc (v4.13)."],"details":["The patch commit for this vulnerability fixes a use-after-free vulnerability in the Linux kernel's x86/mm subsystem.\n\nA use-after-free vulnerability occurs when a piece of memory that has been freed is still used by the program. This can allow an attacker to execute arbitrary code or gain access to sensitive data.\n\nIn this case, the vulnerability occurs when a new task is created by the fork() system call. The new task's ldt_struct is not properly initialized, which can lead to a use-after-free when the task is destroyed.\n\nThis vulnerability has a confirmed proof of concept exploit, and the vendor has provided an official fix.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=a0baab60775fd411b40856d541de27944cf3f230"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"39a0526fb3f7d93433d146304278477eb463f8af"},{"limit":"ccd5b3235180eef3cfec337df1c8554ab151b5cc"},{"limit":"3559de45c99a68c0b8c4956fc35367837df9161c"},{"limit":"a8da876c1e45b75c082a5dc8ce10c0761a10c638"},{"limit":"f9866720724db8a163cf305fc907cdab0b38fa09"}]}]}]}
{"id":"a74699e3-b924-421f-a12e-6687ec053ae5","summary":["The fork subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a task is killed while waiting to acquire its ->mmap_sem for write. This vulnerability exists in all versions of the Linux Kernel from v4.7 until commit 2b7e8665b4ff51c034c55df3cff76518d1a9ee3a (v4.13)."],"details":["\n The patch commit for this vulnerability fixes an incorrect fput of ->exe_file causing use-after-free.\n\nVulnerabilities of type use-after-free are exploited by first allocating a buffer, then freeing it and then using it again. This can be done by overwriting the pointer to the freed buffer with a pointer to a new buffer. When the freed buffer is used again, it will contain data from the new buffer. This can be used to read or write sensitive data from the system.\n\nThe security impact of this vulnerability could be that an attacker could read or write sensitive data from the system. To resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=e8e9f953439d95ec3eb8012da8676fb0e28d8764"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"7c051267931a9be9c6620cc17b362bc6ee6dedc8"},{"limit":"2b7e8665b4ff51c034c55df3cff76518d1a9ee3a"},{"limit":"b65b6ac52e0f8694aa3a4402d5f766b2bb9e94ef"},{"limit":"f5024bb32d4d50b77f4fbc1e7251cf0f21def88e"}]}]}]}
{"id":"d1b223bc-75c1-43d4-990b-7186fe2e13d1","summary":["The packet subsystem of the Linux kernel has a use after free vulnerability. The vulnerability could be exploited by an attacker to cause memory corruption when a socket was added to a fanout group twice, causing KASAN bug reports. This vulnerability exists in all versions of the Linux Kernel from v3.1 until commit 008ba2a13f2d04c947adc536d19debb8fe66f110 (v4.14)."],"details":["The patch commit for this vulnerability fixes a race condition in the Linux kernel's packet socket implementation. This race condition could allow an attacker to cause a use-after-free error, which could lead to arbitrary code execution.\n\nVulnerabilities of this type are exploited by sending specially crafted packets to the target system. The packets exploit the race condition to cause the kernel to free memory that is still in use, resulting in a use-after-free error. This error can then be used to execute arbitrary code on the target system.\n\nThe security impact of this vulnerability could be severe. An attacker could use it to gain root privileges on the target system or to install malware.\n\nTo resolve this vulnerability, patch the kernel past the fix commit.\n\nThis description was automatically generated based on the commit message."],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=69d1ca5c41a00ba0c31270c73743de3210924081"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=d4407314a3f56eef21ecde3338300bf95da2556c"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/","events":[{"introduced":"dc99f600698dcac69b8f56dda9a8a00d645c5ffc"},{"limit":"008ba2a13f2d04c947adc536d19debb8fe66f110"},{"limit":"e4ffdf9ead59a909f2824a4270356909d6d64380"},{"limit":"5be6824b9704f926c26c844b373aacdc7e827ab6"},{"limit":"6f7cdd4aa0a45f21edf6cb31236cd9d10c0d7992"},{"limit":"19c4b6fe0fc333ab57f9aa2f5d3f55b7e0a8d640"},{"limit":"b2e1f10f138c6cc03a2f5c940b6c4963b07c7296"},{"limit":"4839233c04cd9ffb65fa00bdb473cbdac427d45f"}]}]}]}