diff --git a/Cargo.toml b/Cargo.toml
index a761b6a..a5d7d3c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
[package]
name = "cvrf2cusa"
-version = "0.1.1"
+version = "0.1.2"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
diff --git a/README.md b/README.md
index a86ec54..9bff53b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-这个应用于 CULinux VAT 系统中,将 openEuler 的 cvrf 格式的安全公告转换为 cusa。
+# 这个应用于 CULinux VAT 系统中,将 openEuler 的 cvrf 格式的安全公告转换为 cusa。
+
+## 使用方法
```
$ cvrf2cusa -h
@@ -15,3 +17,7 @@ Options:
-h, --help Print help
-V, --version Print version
```
+
+## 变更日志
+
+- *v0.1.2*:更新目录结构,以组件的小写首字母作二级目录。
diff --git a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json
index bbad8f8..c55c35c 100644
--- a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json
+++ b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2056",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2056",
"title": "An update for three-eight-nine-ds-base is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.(CVE-2020-35518)",
"cves": [
{
"id": "CVE-2020-35518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35518",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json
index ce413fe..c971411 100644
--- a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json
+++ b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1148",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1148",
"title": "An update for three-eight-nine-ds-base is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.(CVE-2024-1062)",
"cves": [
{
"id": "CVE-2024-1062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1062",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json
index 97bd483..d63d23e 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1670",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1670",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.(CVE-2022-1114)",
"cves": [
{
"id": "CVE-2022-1114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json
index 7660b71..55ce40b 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1896",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1896",
"title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.(CVE-2022-2719)",
"cves": [
{
"id": "CVE-2022-2719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2719",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json
index 111a506..41e5944 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1903",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1903",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.(CVE-2022-1115)",
"cves": [
{
"id": "CVE-2022-1115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json
index 9328c6c..496ccea 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1998",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1998",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.(CVE-2022-3213)",
"cves": [
{
"id": "CVE-2022-3213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json
index 58aea4c..14fbe83 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2091",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2091",
"title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: .(CVE-2021-39212)\r\n\r\nA NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.(CVE-2021-3596)",
"cves": [
{
"id": "CVE-2021-3596",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3596",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json
index 9d2aed1..79853f1 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2109",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2109",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.(CVE-2022-32547)",
"cves": [
{
"id": "CVE-2022-32547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json
index af3392b..8a6ba70 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1065",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1065",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.(CVE-2022-44267)\r\n\r\nImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).(CVE-2022-44268)",
"cves": [
{
"id": "CVE-2022-44268",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44268",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json
index 2feff6f..09bc2bd 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1259",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1259",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \"/tmp,\" resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.(CVE-2023-1289)\r\n\r\nA heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-1906)",
"cves": [
{
"id": "CVE-2023-1906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1906",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json
index 6de3c4f..bbfc7aa 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1332",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1332",
"title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.(CVE-2023-2157)",
"cves": [
{
"id": "CVE-2023-2157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2157",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json
index 2e8298b..8f1f5af 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1349",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1349",
"title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).(CVE-2023-34151)\n\nA vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.(CVE-2023-34153)",
"cves": [
{
"id": "CVE-2023-34153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34153",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json
index 186fead..1f85a63 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1407",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1407",
"title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34474)\n\nA heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34475)",
"cves": [
{
"id": "CVE-2023-34475",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34475",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json
index 86200b5..83bfd39 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1442",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1442",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA vulnerability was found in ImageMagick <=7.1.1, where heap-based buffer overflow was found in coders/tiff.c.\n\nReferences:\nhttps://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790(CVE-2023-3428)",
"cves": [
{
"id": "CVE-2023-3428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3428",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json
index 2642191..633823e 100644
--- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json
+++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1733",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1733",
"title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in ImageMagick <=7.1.1, where heap use-after-free was found in coders/bmp.c.\r\n\r\nReferences:\nhttps://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1(CVE-2023-5341)",
"cves": [
{
"id": "CVE-2023-5341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5341",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json b/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json
index d5947a6..0dd5555 100644
--- a/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json
+++ b/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1287",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287",
"title": "An update for iSulad is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C.\r\n\r\nSecurity Fix(es):\r\n\r\n在isulad服务初始化阶段,会进行临时文件的正确性检查,如果检查不通过则重新创建文件,在检查与创建之间,存在一个条件竞争问题,攻击者可以通过利用该漏洞进行提权。(CVE-2021-33632)",
"cves": [
{
"id": "CVE-2021-33632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33632",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json b/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json
index 5e79b3c..c34e272 100644
--- a/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json
+++ b/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1552",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1552",
"title": "An update for indent is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The indent program can be used to make code easier to read. It can also convert from one style of writing C to another. indent understands a substantial amount about the syntax of C, but it also attempts to cope with incomplete and misformed syntax.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.(CVE-2023-40305)",
"cves": [
{
"id": "CVE-2023-40305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40305",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json b/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json
index 055264b..ade5ab9 100644
--- a/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json
+++ b/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1199",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1199",
"title": "An update for indent is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The indent program can be used to make code easier to read. It can also convert from one style of writing C to another. indent understands a substantial amount about the syntax of C, but it also attempts to cope with incomplete and misformed syntax.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.(CVE-2024-0911)",
"cves": [
{
"id": "CVE-2024-0911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0911",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json b/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json
index 53bbff1..e72c074 100644
--- a/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json
+++ b/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1667",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1667",
"title": "An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the same time providing distributed cache capabilities. At its core Infinispan exposes a Cache interface which extends java.util.Map. It is also optionally is backed by a peer-to-peer network architecture to distribute state efficiently around a data grid.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174)",
"cves": [
{
"id": "CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json b/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json
index ab54939..f77810d 100644
--- a/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json
+++ b/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1388",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1388",
"title": "An update for iniparser is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This modules offers parsing of ini files from the C level. See a complete documentation in HTML format, from this directory open the file html/index.html with any HTML-capable browser.\r\n\r\nSecurity Fix(es):\r\n\r\niniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.(CVE-2023-33461)",
"cves": [
{
"id": "CVE-2023-33461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33461",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json b/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json
index e7af22e..e4e1c17 100644
--- a/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json
+++ b/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1898",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1898",
"title": "An update for intel-sgx-ssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications. The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library. Supported OpenSSL version is 1.1.1l.\r\n\r\nSecurity Fix(es):\r\n\r\nThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)\r\n\r\nIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)\r\n\r\nAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)\r\n\r\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)",
"cves": [
{
"id": "CVE-2022-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json b/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json
index e1d098e..f065ec1 100644
--- a/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json
+++ b/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1497",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1497",
"title": "An update for iperf3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers.\r\n\r\nSecurity Fix(es):\r\n\r\niperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.(CVE-2023-38403)",
"cves": [
{
"id": "CVE-2023-38403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38403",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json b/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json
index d45939c..a5ba335 100644
--- a/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json
+++ b/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1418",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1418",
"title": "An update for iperf3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.(CVE-2023-7250)",
"cves": [
{
"id": "CVE-2023-7250",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7250",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json b/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json
index 7f13b04..2b53aff 100644
--- a/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json
+++ b/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1639",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1639",
"title": "An update for OpenEXR is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light and Magic for use in computer imaging applications.\r\n\r\nSecurity Fix(es):\nOpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.(CVE-2021-45942)",
"cves": [
{
"id": "CVE-2021-45942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45942",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json b/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json
index 3e45b4c..bca445e 100644
--- a/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json
+++ b/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1549",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1549",
"title": "An update for OpenEXR is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.(CVE-2024-31047)",
"cves": [
{
"id": "CVE-2024-31047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31047",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json
index 44a5180..ef2b291 100644
--- a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json
+++ b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2023-1629",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1629",
"title": "An update for open-vm-tools is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of .\r\n\r\nSecurity Fix(es):\r\n\r\nA fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.(CVE-2023-20867)\r\n\r\nA malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-20900)",
"cves": [
{
diff --git a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json
index 931be5f..b9e7641 100644
--- a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json
+++ b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1831",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1831",
"title": "An update for open-vm-tools is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of .\r\n\r\nSecurity Fix(es):\r\n\r\nVMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-34058)\r\n\r\nopen-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.(CVE-2023-34059)",
"cves": [
{
"id": "CVE-2023-34059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34059",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json b/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json
index 677dd8c..576eb94 100644
--- a/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json
+++ b/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1678",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1678",
"title": "An update for openjpeg2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group (JPEG). Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000 Reference Software.\r\n\nSecurity Fix(es):\r\n\r\nA flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.(CVE-2022-1122)",
"cves": [
{
"id": "CVE-2022-1122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1122",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json b/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json
index 3408eef..fd1eadc 100644
--- a/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json
+++ b/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1334",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1334",
"title": "An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.(CVE-2023-2953)",
"cves": [
{
"id": "CVE-2023-2953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json b/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json
index 7c023e9..4528aa3 100644
--- a/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json
+++ b/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1664",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1664",
"title": "An update for opensc is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS Tokend.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.(CVE-2021-42778)\n\nA use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.(CVE-2021-42780)\n\nStack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.(CVE-2021-42782)",
"cves": [
{
"id": "CVE-2021-42782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42782",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json b/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json
index d9b5b41..5544c2d 100644
--- a/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json
+++ b/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1063",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1063",
"title": "An update for openssh is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\r\n\r\nSecurity Fix(es):\r\n\r\nOpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states \"remote code execution is theoretically possible.\"(CVE-2023-25136)",
"cves": [
{
"id": "CVE-2023-25136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25136",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json b/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json
index 9f918d8..c68d544 100644
--- a/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json
+++ b/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1480",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1480",
"title": "An update for openssh is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "OpenSSH is the premier connectivity tool for remote login with the SSH protocol.\r\n\r\nSecurity Fix(es):\r\n\r\nThe PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.(CVE-2023-38408)",
"cves": [
{
"id": "CVE-2023-38408",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38408",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json b/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json
index f2deb2c..0442816 100644
--- a/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json
+++ b/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-51385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51385",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json b/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json
index 2e698ec..4f4ae17 100644
--- a/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json
+++ b/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1092",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1092",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)\r\n\r\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)\r\n\r\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)\n\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)",
"cves": [
{
"id": "CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json b/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json
index 2d87bd2..c3d7f81 100644
--- a/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json
+++ b/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1207",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1207",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nA security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)\r\n\r\nApplications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465)\r\n\r\nThe function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.(CVE-2023-0466)",
"cves": [
{
"id": "CVE-2023-0466",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0466",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json b/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json
index 3c706ff..1b916a7 100644
--- a/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json
+++ b/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1356",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1356",
"title": "An update for openssl is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\n\nSecurity Fix(es):\n\nIssue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.(CVE-2023-2650)",
"cves": [
{
"id": "CVE-2023-2650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2650",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json b/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json
index d5f1a0e..5c8559e 100644
--- a/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json
+++ b/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1466",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1466",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\n\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\r\n\r\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)",
"cves": [
{
"id": "CVE-2023-3446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3446",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json b/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json
index 5574a27..5e81ced 100644
--- a/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json
+++ b/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1481",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1481",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3817)",
"cves": [
{
"id": "CVE-2023-3817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json b/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json
index eceac94..ffa0059 100644
--- a/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json
+++ b/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1821",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1821",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\r\n\r\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\r\n\r\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\r\n\r\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\r\n\r\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\r\n\r\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\r\n\r\n(CVE-2023-5678)",
"cves": [
{
"id": "CVE-2023-5678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json b/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json
index 1d9c48b..ef9dc57 100644
--- a/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json
+++ b/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1147",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1147",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)",
"cves": [
{
"id": "CVE-2024-0727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json b/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json
index dd8e044..bf915af 100644
--- a/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json
+++ b/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1531",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1531",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\r\n\r\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\r\n\r\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\r\n\r\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.(CVE-2024-2511)",
"cves": [
{
"id": "CVE-2024-2511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json b/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json
index 675f8d6..72fe9c8 100644
--- a/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json
+++ b/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1833",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1833",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)",
"cves": [
{
"id": "CVE-2022-2097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json b/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json
index ef5dced..710acc6 100644
--- a/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json
+++ b/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1778",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1778",
"title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.(CVE-2021-3905)",
"cves": [
{
"id": "CVE-2021-3905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3905",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json b/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json
index 5007f34..b47c042 100644
--- a/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json
+++ b/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1025",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1025",
"title": "An update for openvswitch is now available for openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.(CVE-2022-4338)",
"cves": [
{
"id": "CVE-2022-4338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4338",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json b/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json
index e16b617..743b138 100644
--- a/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json
+++ b/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1234",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1234",
"title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.(CVE-2023-1668)",
"cves": [
{
"id": "CVE-2023-1668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1668",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json b/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json
index bd4bef5..d0a8164 100644
--- a/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json
+++ b/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1732",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1732",
"title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.(CVE-2023-5366)",
"cves": [
{
"id": "CVE-2023-5366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5366",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json b/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json
index 4c8fc38..ad2d8ba 100644
--- a/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json
+++ b/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1207",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1207",
"title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.(CVE-2023-3966)",
"cves": [
{
"id": "CVE-2023-3966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3966",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json b/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json
index 921bf9f..93ff088 100644
--- a/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json
+++ b/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1384",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1384",
"title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)",
"cves": [
{
"id": "CVE-2022-2639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json b/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json
index f403d2f..d24f524 100644
--- a/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json
+++ b/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1873",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1873",
"title": "An update for optipng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats (BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks and corrections.\r\n\r\nSecurity Fix(es):\r\n\r\nOptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.(CVE-2023-43907)",
"cves": [
{
"id": "CVE-2023-43907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43907",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json b/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json
index 58731d5..5d41053 100644
--- a/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json
+++ b/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1062",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1062",
"title": "An update for opusfile is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The opusfile library provides seeking, decode, and playback of Opus streams in the Ogg container (.opus files) including over http(s) on posix and windows systems. opusfile depends on libopus and libogg.The included opusurl library for http(s) access depends on opusfile and openssl.\r\n\r\nSecurity Fix(es):\r\n\r\nA null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47021)",
"cves": [
{
"id": "CVE-2022-47021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47021",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json b/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json
index f8e2d6c..3442ee2 100644
--- a/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json
+++ b/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1273",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273",
"title": "An update for A-Tune-Collector is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "A-Tune-Collector is used to collect various system resources.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command execution.(CVE-2024-24897)",
"cves": [
{
"id": "CVE-2024-24897",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24897",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json b/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json
index 17a90e5..3bd8860 100644
--- a/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json
+++ b/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1925",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1925",
"title": "An update for activemq is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The most popular and powerful open source messaging and Integration Patterns server.\r\n\r\nSecurity Fix(es):\r\n\r\nOnce an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. \r\n\r\nIn details, in ActiveMQ configurations, jetty allows\norg.jolokia.http.AgentServlet to handler request to /api/jolokia\r\n\r\norg.jolokia.http.HttpRequestHandler#handlePostRequest is able to\ncreate JmxRequest through JSONObject. And calls to\norg.jolokia.http.HttpRequestHandler#executeRequest.\r\n\r\nInto deeper calling stacks,\norg.jolokia.handler.ExecHandler#doHandleRequest is able to invoke\nthrough refection.\r\n\r\nAnd then, RCE is able to be achieved via\njdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.\r\n\r\n1 Call newRecording.\r\n\r\n2 Call setConfiguration. And a webshell data hides in it.\r\n\r\n3 Call startRecording.\r\n\r\n4 Call copyTo method. The webshell will be written to a .jsp file.\r\n\r\nThe mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.\nA more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.\n(CVE-2022-41678)",
"cves": [
{
"id": "CVE-2022-41678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json b/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json
index da76b0f..881ad6f 100644
--- a/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json
+++ b/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1149",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1149",
"title": "An update for amanda is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools (such as GNUtar, dump) for backup and can back up a large number of workstations running multiple versions of Unix/Mac OS X/Linux/Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Amanda. The `runtar` SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user \"amandabackup\" to root.(CVE-2022-37705)\r\n\r\nA flaw was found in Amanda. The `rundump` SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user \"amandabackup\" to root.(CVE-2022-37704)",
"cves": [
{
"id": "CVE-2022-37704",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37704",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json b/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json
index 0b60d9f..4f6a3b9 100644
--- a/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json
+++ b/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1507",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1507",
"title": "An update for amanda is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools (such as GNUtar, dump) for backup and can back up a large number of workstations running multiple versions of Unix/Mac OS X/Linux/Windows.\n\nSecurity Fix(es):\n\nAMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.(CVE-2023-30577)",
"cves": [
{
"id": "CVE-2023-30577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30577",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json b/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json
index 300ff69..32fecf7 100644
--- a/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json
+++ b/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1190",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1190",
"title": "An update for ansible is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. %if 0 Provides: ansible-python3 = - Obsoletes: ansible-python3 < - BuildRequires: python3-devel python3-setuptools BuildRequires: python3-PyYAML python3-paramiko python3-crypto python3-packaging BuildRequires: python3-pexpect python3-winrm BuildRequires: git-core %if %with_docs BuildRequires: python3-sphinx python3-sphinx-theme-alabaster asciidoc %endif BuildRequires: python3-six python3-nose python3-pytest python3-pytest-xdist BuildRequires: python3-pytest-mock python3-requests python3-coverage python3-mock BuildRequires: python3-boto3 python3-botocore python3-passlib python3-jinja2 Requires: python3-PyYAML python3-paramiko python3-crypto python3-setuptools python3-six Requires: python3-jinja2 sshpass python3-jmespath %description Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. This package installs versions of ansible that execute on Python3. %endif\r\n\r\nSecurity Fix(es):\r\n\r\nAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.(CVE-2024-0690)",
"cves": [
{
"id": "CVE-2024-0690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json b/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json
index 08b4e00..59bf89d 100644
--- a/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json
+++ b/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1155",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1155",
"title": "An update for apache-commons-fileupload is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The javax.servlet package lacks support for RFC-1867, HTML file upload. This package provides a simple to use API for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest.\r\n\r\nSecurity Fix(es):\r\n\r\nApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.(CVE-2023-24998)",
"cves": [
{
"id": "CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json b/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json
index 65dc0e2..1dcd0e6 100644
--- a/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json
+++ b/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1882",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1882",
"title": "An update for apache-commons-net is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Apache Commons Net library contains a collection of network utilities and protocol implementations. Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois\r\n\r\nSecurity Fix(es):\r\n\r\nPrior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.(CVE-2021-37533)",
"cves": [
{
"id": "CVE-2021-37533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json b/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json
index 076af54..28998f1 100644
--- a/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json
+++ b/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1475",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1475",
"title": "An update for apache-mime4j is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Java stream based MIME message parser.\r\n\r\nSecurity Fix(es):\r\n\r\nImproper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n(CVE-2024-21742)",
"cves": [
{
"id": "CVE-2024-21742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21742",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json b/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json
index 0ddcbe1..a26387b 100644
--- a/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json
+++ b/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1079",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1079",
"title": "An update for apache-sshd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side.\r\n\r\nSecurity Fix(es):\r\n\r\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\r\n\r\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\r\n\r\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n(CVE-2023-35887)",
"cves": [
{
"id": "CVE-2023-35887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json b/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json
index 35a31d8..41cda93 100644
--- a/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json
+++ b/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1101",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1101",
"title": "An update for apache-sshd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side.\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)",
"cves": [
{
"id": "CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json
index bb75e79..3b86926 100644
--- a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json
+++ b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1899",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1899",
"title": "An update for arm-trusted-firmware is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\r\n\r\nSecurity Fix(es):\r\n\r\nTrusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.(CVE-2022-47630)",
"cves": [
{
"id": "CVE-2022-47630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47630",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json
index 6b54a64..ccde546 100644
--- a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json
+++ b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1264",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1264",
"title": "An update for arm-trusted-firmware is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\r\n\r\nSecurity Fix(es):\r\n\r\nTrusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.(CVE-2023-49100)",
"cves": [
{
"id": "CVE-2023-49100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49100",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/assimp/config.json b/cusa/a/assimp/config.json
new file mode 100644
index 0000000..f9a5d9b
--- /dev/null
+++ b/cusa/a/assimp/config.json
@@ -0,0 +1,5 @@
+{
+ "upstream": "22.03-LTS",
+ "autobuild": true,
+ "fixed_version": ""
+}
\ No newline at end of file
diff --git a/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json b/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json
index 8f06a59..43031a9 100644
--- a/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json
+++ b/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1247",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1247",
"title": "An update for atril is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mate-document-viewer is simple document viewer. It can display and print Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS), DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms.\r\n\r\nSecurity Fix(es):\r\n\r\nAtril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.(CVE-2023-52076)",
"cves": [
{
"id": "CVE-2023-52076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52076",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json b/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json
index da9e299..0f3ba1e 100644
--- a/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json
+++ b/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1493",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1493",
"title": "An update for atril is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mate-document-viewer is simple document viewer. It can display and print Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS), DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms.\r\n\r\nSecurity Fix(es):\r\n\r\nAtril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.\n(CVE-2023-51698)",
"cves": [
{
"id": "CVE-2023-51698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51698",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json b/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json
index 88940d5..9ab36b4 100644
--- a/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json
+++ b/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1240",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1240",
"title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nIt was discovered that the avahi deamon can be locally crashed by a dbus call made by an unprivileged user, causing a denial of service.\r\n\r\nReferences:\r\n\r\nhttps://github.com/lathiat/avahi/issues/375(CVE-2023-1981)",
"cves": [
{
"id": "CVE-2023-1981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1981",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json b/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json
index 30a698d..6919539 100644
--- a/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json
+++ b/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1758",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1758",
"title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nA reachable assertion was found in avahi_escape_label.\r\n\r\nReferences:\r\n\r\nhttps://github.com/lathiat/avahi/issues/454(CVE-2023-38470)",
"cves": [
{
"id": "CVE-2023-38470",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38470",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json
index ca08236..ee2f541 100644
--- a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json
+++ b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1793",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1793",
"title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.(CVE-2023-38471)\r\n\r\nA vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.(CVE-2023-38472)\r\n\r\nA vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.(CVE-2023-38473)",
"cves": [
{
"id": "CVE-2023-38473",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38473",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json
index 511dcd1..0c8edf1 100644
--- a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json
+++ b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1812",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1812",
"title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.(CVE-2023-38469)",
"cves": [
{
"id": "CVE-2023-38469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38469",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json b/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json
index 95d261d..7ec503b 100644
--- a/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json
+++ b/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1950",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1950",
"title": "An update for avro is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Apache Avro is a data serialization system.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.(CVE-2021-43045)",
"cves": [
{
"id": "CVE-2021-43045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43045",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json b/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json
index e138aff..348b862 100644
--- a/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json
+++ b/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1051",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1051",
"title": "An update for batik is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.(CVE-2022-41704)\r\n\r\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.(CVE-2022-42890)",
"cves": [
{
"id": "CVE-2022-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json b/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json
index 8dc8242..6cc2aa3 100644
--- a/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json
+++ b/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1651",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1651",
"title": "An update for batik is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function.\r\n\r\nSecurity Fix(es):\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38398)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38648)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-40146)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\r\n\r\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.\r\n\r\n(CVE-2022-44729)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\r\n\r\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.\r\n\r\n(CVE-2022-44730)",
"cves": [
{
"id": "CVE-2022-44730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44730",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json b/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json
index 46ece95..f9002db 100644
--- a/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json
+++ b/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1977",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1977",
"title": "An update for bcel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Byte Code Engineering Library (formerly known as JavaClass) is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class).\r\n\r\nSecurity Fix(es):\r\n\r\nThe Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)",
"cves": [
{
"id": "CVE-2022-34169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json b/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json
index 760abb5..c323181 100644
--- a/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json
+++ b/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1983",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1983",
"title": "An update for bind is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\r\n\r\nBy sending specific queries to the resolver, an attacker can cause named to crash.(CVE-2022-3080)\r\n\r\nBy spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38177)\r\n\r\nBy spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38178)\r\n\r\nBy flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.(CVE-2022-2795)\r\n\r\nThe underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.(CVE-2022-2881)\r\n\r\nAn attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.(CVE-2022-2906)",
"cves": [
{
"id": "CVE-2022-2906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2906",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json b/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json
index 94b8f50..ea49d2c 100644
--- a/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json
+++ b/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1067",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1067",
"title": "An update for bind is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\r\n\r\nSending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.(CVE-2022-3094)\r\n\r\nBIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3736)\r\n\r\nThis issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3924)",
"cves": [
{
"id": "CVE-2022-3924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3924",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json b/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json
index 5614801..bbc5006 100644
--- a/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json
+++ b/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1384",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1384",
"title": "An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server\r\n\r\nSecurity Fix(es):\r\n\r\nEvery `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\r\n\r\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.(CVE-2023-2828)",
"cves": [
{
"id": "CVE-2023-2828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2828",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json b/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json
index dda19b4..c98743e 100644
--- a/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json
+++ b/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1689",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1689",
"title": "An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server.\r\n\r\nSecurity Fix(es):\r\n\r\nThe code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.(CVE-2023-3341)",
"cves": [
{
"id": "CVE-2023-3341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3341",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json b/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json
index 400680c..37aa29a 100644
--- a/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json
+++ b/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1323",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1323",
"title": "An update for bind is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server.\r\n\r\nSecurity Fix(es):\r\n\r\nThe DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-4408)\r\n\r\nCertain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)\r\n\r\nA flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\r\n\r\n - `nxdomain-redirect ;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-5517)\r\n\r\nA bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-5679)\r\n\r\nTo keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.(CVE-2023-6516)",
"cves": [
{
"id": "CVE-2023-6516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6516",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json b/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json
index f5ad3e6..e435f28 100644
--- a/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json
+++ b/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1615",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1615",
"title": "An update for bind is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\r\n\r\nBIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220)\n\n\nBIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.(CVE-2022-0396)",
"cves": [
{
"id": "CVE-2022-0396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0396",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json b/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json
index defd1a7..24557e3 100644
--- a/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json
+++ b/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1570",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1570",
"title": "An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The GNU Binutils are a collection of binary tools.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.(CVE-2021-46174)\r\n\r\nAn issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47008)\r\n\r\nAn issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47011)",
"cves": [
{
"id": "CVE-2022-47011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47011",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json b/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json
index af09a1d..909990b 100644
--- a/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json
+++ b/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1592",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1592",
"title": "An update for binutils is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols. dlltool - Creates files for building and using DLLs. gold - A new, faster, ELF only linker, still in beta test. gprof - Displays profiling information. nlmconv - Converts object code into an NLM. nm - Lists symbols from object files. objcopy - Copies and translates object files. objdump - Displays information from object files. ranlib - Generates an index to the contents of an archive. readelf - Displays information from any ELF format object file. size - Lists the section sizes of an object or archive file. strings - Lists printable strings from files. trip - Discards symbols. windmc - A Windows compatible message compiler. windres - A compiler for Windows resource files.\r\n\r\nSecurity Fix(es):\r\n\r\nAn illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.(CVE-2022-4285)\r\n\r\nGNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.(CVE-2022-48064)\r\n\r\nA potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.(CVE-2023-1972)",
"cves": [
{
"id": "CVE-2023-1972",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1972",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json b/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json
index 9c4ef2f..fe29dc9 100644
--- a/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json
+++ b/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1763",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1763",
"title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nBlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.(CVE-2021-41229)",
"cves": [
{
"id": "CVE-2021-41229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41229",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json b/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json
index 7142450..69f7f4a 100644
--- a/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json
+++ b/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1922",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1922",
"title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nBlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.(CVE-2022-39177)\r\n\r\nBlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.(CVE-2022-39176)",
"cves": [
{
"id": "CVE-2022-39176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39176",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json b/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json
index c3ac573..1116630 100644
--- a/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json
+++ b/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1249",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1249",
"title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\n(CVE-2023-27349)",
"cves": [
{
"id": "CVE-2023-27349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27349",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json b/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json
index 1720d3e..67af6d3 100644
--- a/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json
+++ b/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1948",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1948",
"title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nBluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.(CVE-2023-45866)",
"cves": [
{
"id": "CVE-2023-45866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45866",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json
index 572661f..10880a3 100644
--- a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json
+++ b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1019",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1019",
"title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nVUL-0: CVE-2023-50230: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-50230)",
"cves": [
{
"id": "CVE-2023-50230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50230",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json
index 53368a8..59fee8c 100644
--- a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json
+++ b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1029",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1029",
"title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nVUL-0: CVE-2023-50229: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-50229)",
"cves": [
{
"id": "CVE-2023-50229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50229",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json b/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json
index 426697e..a9bb588 100644
--- a/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json
+++ b/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1859",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1859",
"title": "An update for busybox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.(CVE-2022-30065)",
"cves": [
{
"id": "CVE-2022-30065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30065",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json b/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json
index 16c5062..b94b46e 100644
--- a/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json
+++ b/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2023-1033",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1033",
"title": "An update for byacc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Berkeley Yacc is an LALR(1) parser generator. Berkeley Yacc has been made as compatible as possible with AT&T Yacc. Berkeley Yacc can accept any input specification that conforms to the AT&T Yacc documentation. Specifications that take advantage of undocumented features of AT&T Yacc will probably be rejected.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2021-33641)\r\n\r\nNo description is available for this CVE.(CVE-2021-33642)",
"cves": [
{
diff --git a/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json b/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json
index 3be0f8c..b0b2363 100644
--- a/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json
+++ b/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1091",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1091",
"title": "An update for c-ares is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\r\n\r\nSecurity Fix(es):\r\n\r\nIn ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse the input str and initialize a sortlist configuration. However, ares_set_sortlist has not any checks about the validity of the input str. It is very easy to create an arbitrary length stack overflow with the unchecked memcpy(ipbuf, str, q-str); and memcpy(ipbufpfx, str, q-str); statements in the config_sortlist call, which could potentially cause severe security impact in practical programs.(CVE-2022-4904)",
"cves": [
{
"id": "CVE-2022-4904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json b/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json
index 09d41a8..b06b513 100644
--- a/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json
+++ b/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1312",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1312",
"title": "An update for c-ares is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\r\n\r\nSecurity Fix(es):\r\n\r\nc-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.(CVE-2023-32067)",
"cves": [
{
"id": "CVE-2023-32067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json
index 952fdf8..97f46a4 100644
--- a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json
+++ b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1339",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1339",
"title": "An update for c-ares is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\r\n\r\nSecurity Fix(es):\r\n\r\nc-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.(CVE-2023-31147)",
"cves": [
{
"id": "CVE-2023-31147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31147",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json
index 7ffd12e..468f198 100644
--- a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json
+++ b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1359",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1359",
"title": "An update for c-ares is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\n\nSecurity Fix(es):\n\nc-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.\n(CVE-2023-31130)",
"cves": [
{
"id": "CVE-2023-31130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json b/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json
index 0e08694..0509561 100644
--- a/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json
+++ b/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1848",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1848",
"title": "An update for cfitsio is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3849)\r\n\r\nIn the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3848)",
"cves": [
{
"id": "CVE-2018-3848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3848",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json b/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json
index 165e5a8..a021ab1 100644
--- a/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json
+++ b/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1626",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1626",
"title": "An update for cifs-utils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux. The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils.Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package.\r\n\r\nSecurity Fix(es):\r\n\r\ncifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869)\n\nIn cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239)",
"cves": [
{
"id": "CVE-2022-27239",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27239",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json b/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json
index 1f1e178..e206604 100644
--- a/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json
+++ b/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1441",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1441",
"title": "An update for cjose is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Implementation of JOSE for C/C++\n\nSecurity Fix(es):\n\nOpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).(CVE-2023-37464)",
"cves": [
{
"id": "CVE-2023-37464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37464",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json b/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json
index e689b8f..a797ba9 100644
--- a/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json
+++ b/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1683",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1683",
"title": "An update for clamav is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. he virus database is based on the virus database from OpenAntiVirus, but contains additional signatures and is KEPT UP TO DATE.\n\nSecurity Fix(es):\n\nOn April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20770)\n\nOn April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20771)\n\nOn April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20785)\n\nFixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.(CVE-2022-20792)",
"cves": [
{
"id": "CVE-2022-20792",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20792",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json b/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json
index 52a7ff7..75969a5 100644
--- a/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json
+++ b/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1559",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1559",
"title": "An update for clamav is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. he virus database is based on the virus database from OpenAntiVirus, but contains additional signatures and is KEPT UP TO DATE.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog .(CVE-2023-20197)",
"cves": [
{
"id": "CVE-2023-20197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20197",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json b/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json
index c7253cb..ea62c68 100644
--- a/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json
+++ b/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1290",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1290",
"title": "An update for cloud-init is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance.\r\n\r\nSecurity Fix(es):\r\n\r\nSensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.(CVE-2022-2084)",
"cves": [
{
"id": "CVE-2022-2084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2084",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json b/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json
index 11d3aa8..76a2aed 100644
--- a/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json
+++ b/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1297",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1297",
"title": "An update for cloud-init is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance.\r\n\r\nSecurity Fix(es):\r\n\r\nSensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.(CVE-2023-1786)",
"cves": [
{
"id": "CVE-2023-1786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1786",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json b/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json
index 4dd7c8b..39eb526 100644
--- a/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json
+++ b/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1552",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1552",
"title": "An update for cockpit is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Cockpit makes GNU/Linux discoverable. See Linux server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs with this package.\r\n\r\nSecurity Fix(es):\r\n\r\nAn SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states \"I don't think [it] is a big real-life issue.(CVE-2020-35850)",
"cves": [
{
"id": "CVE-2020-35850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35850",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json b/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json
index e8a17b3..905a027 100644
--- a/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json
+++ b/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1914",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1914",
"title": "An update for colord is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "colord is a system service that makes it easy to manage, install and generate color profiles to accurately color manage input and output devices.\r\n\r\nSecurity Fix(es):\r\n\r\nThere are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.(CVE-2021-42523)",
"cves": [
{
"id": "CVE-2021-42523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42523",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json b/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json
index 44052ae..30171c2 100644
--- a/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json
+++ b/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1671",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1671",
"title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\n\nSecurity Fix(es):\n\ncontainerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.(CVE-2022-23648)",
"cves": [
{
"id": "CVE-2022-23648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23648",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json b/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json
index 93a30c2..cae26a7 100644
--- a/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json
+++ b/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1743",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1743",
"title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\ncontainerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an \"exec\" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.(CVE-2022-31030)",
"cves": [
{
"id": "CVE-2022-31030",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31030",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json b/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json
index 038a6f4..87119b0 100644
--- a/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json
+++ b/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2143",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2143",
"title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\ncontainerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.(CVE-2022-23471)",
"cves": [
{
"id": "CVE-2022-23471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23471",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json b/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json
index aa0485e..568c727 100644
--- a/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json
+++ b/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1147",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1147",
"title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\ncontainerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.(CVE-2023-25153)\r\n\r\ncontainerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.(CVE-2023-25173)",
"cves": [
{
"id": "CVE-2023-25173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25173",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json b/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json
index 37598cf..5120c3d 100644
--- a/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json
+++ b/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1126",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1126",
"title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\nA malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)",
"cves": [
{
"id": "CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json b/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json
index 064d5a6..8dad463 100644
--- a/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json
+++ b/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1181",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1181",
"title": "An update for containerd is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\nA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)",
"cves": [
{
"id": "CVE-2022-41723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json b/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json
index 528563a..456dfab 100644
--- a/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json
+++ b/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-24538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json b/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json
index 48c082c..a3c99d1 100644
--- a/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json
+++ b/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1365",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1365",
"title": "An update for cpp-httplib is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code\r\n\r\nSecurity Fix(es):\r\n\r\nVersions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.\r\n\r\n**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).(CVE-2023-26130)",
"cves": [
{
"id": "CVE-2023-26130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26130",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json b/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json
index f34b0df..3c3a58b 100644
--- a/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json
+++ b/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2002",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2002",
"title": "An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from dump creation facilities such as kdump, kvmdump, xendump, the netdump and diskdump packages offered by Red Hat, the LKCD kernel patch, the mcore kernel patch created by Mission Critical Linux, as well as other formats created by manufacturer-specific firmware.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)",
"cves": [
{
"id": "CVE-2019-1010180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010180",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json b/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json
index f3a49fd..48c6356 100644
--- a/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json
+++ b/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1315",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1315",
"title": "An update for cups-filters is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "This project provides backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting and a daemon to browse Bonjour broadcasts of remote CUPS printers to make these printers available locally and to provide backward compatibility to the old CUPS broadcasting and browsing of CUPS 1.5.x and older.\r\n\r\nSecurity Fix(es):\r\n\r\ncups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.(CVE-2023-24805)",
"cves": [
{
"id": "CVE-2023-24805",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24805",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json b/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json
index 9244f18..db2d15e 100644
--- a/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json
+++ b/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1752",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1752",
"title": "An update for cups is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers..\r\n\r\nSecurity Fix(es):\r\n\r\nDue to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n(CVE-2023-4504)",
"cves": [
{
"id": "CVE-2023-4504",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4504",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json b/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json
index e8b4ea9..e089b7e 100644
--- a/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json
+++ b/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1708",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1708",
"title": "An update for cups is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers.\r\n\r\nSecurity Fix(es):\r\n\r\nA logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.(CVE-2022-26691)",
"cves": [
{
"id": "CVE-2022-26691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26691",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json b/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json
index b74d90c..a771667 100644
--- a/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json
+++ b/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1335",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1335",
"title": "An update for cups is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers.\r\n\r\nSecurity Fix(es):\r\n\r\nOpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.(CVE-2023-32324)",
"cves": [
{
"id": "CVE-2023-32324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32324",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json b/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json
index 9c1691f..f6a040d 100644
--- a/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json
+++ b/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1410",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1410",
"title": "An update for cups is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\n\nSecurity Fix(es):\n\nOpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.(CVE-2023-34241)",
"cves": [
{
"id": "CVE-2023-34241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34241",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json b/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json
index c96436f..5cc968a 100644
--- a/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json
+++ b/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2041",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2041",
"title": "An update for curl is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "CURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\ncurl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.(CVE-2022-42915)\r\n\r\nA vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request.(CVE-2022-32221)\r\n\r\nIn curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.(CVE-2022-42916)",
"cves": [
{
"id": "CVE-2022-42916",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json b/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json
index 1cbcb4e..aaa7304 100644
--- a/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json
+++ b/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1007",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1007",
"title": "An update for curl is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.(CVE-2022-43552)\r\n\r\nA vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.(CVE-2022-43551)",
"cves": [
{
"id": "CVE-2022-43551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json b/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json
index 1bb2c90..4049247 100644
--- a/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json
+++ b/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1124",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1124",
"title": "An update for curl is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.(CVE-2023-23915)\r\n\r\nA flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.(CVE-2023-23914)\r\n\r\ncurl supports \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was capped, but the cap was implemented on a per-header basis allowing a malicious server to insert a virtually unlimited number of compression steps simply by using many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.(CVE-2023-23916)",
"cves": [
{
"id": "CVE-2023-23916",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json b/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json
index 8cd7364..91fc240 100644
--- a/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json
+++ b/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1196",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1196",
"title": "An update for curl is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nlibcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The settings in questions are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.(CVE-2023-27535)\r\n\r\nlibcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2023-27538)\r\n\r\nlibcurl would reuse a previously created connection even when the GSS delegation (`CURLOPT_GSSAPI_DELEGATION`) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.(CVE-2023-27536)\r\n\r\ncurl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and \"telnet options\" for the server\nnegotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options to the server as provided. This could allow users to pass in carefully crafted content that pass on content or do option negotiation without the application intending to do so. In particular if an application for example allows users to provide the data or parts of the data.(CVE-2023-27533)\r\n\r\ncurl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde (`~`) character as the first\npath element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the [once proposed\nto-become RFC draft](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-scp-sftp-ssh-uri-04) that was to dictate how SFTP URLs work. Due to a bug, the handling of the tilde in SFTP path did however not only replace it when it is used stand-alone as the first path element but also wrongly when used as a mere prefix in the first element. Using a path like `/~2/foo` when accessing a server using the user `dan` (with home directory `/home/dan`) would then quite suprisingly access the file `/home/dan2/foo`. This can be taken advantage of to circumvent filtering or worse.(CVE-2023-27534)",
"cves": [
{
"id": "CVE-2023-27534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json b/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json
index b6c14f2..7ba5fd3 100644
--- a/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json
+++ b/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1346",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1346",
"title": "An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nAn information disclosure vulnerability exists in curl 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.(CVE-2021-25215)\r\n\r\nIn BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.(CVE-2021-25214)\r\n\r\nIn BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.(CVE-2021-25219)\r\n\r\nBIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220)",
"cves": [
{
"id": "CVE-2021-25220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25220",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json b/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json
index ec9c219..f3e74ce 100644
--- a/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json
+++ b/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2009",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2009",
"title": "An update for dhcp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.(CVE-2022-2928)\r\n\r\nIn ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.(CVE-2022-2929)",
"cves": [
{
"id": "CVE-2022-2929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2929",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json b/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json
index 0020ed2..ee59aed 100644
--- a/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json
+++ b/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1641",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1641",
"title": "An update for djvulibre is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "DjVu is a set of compression technologies, a file format, and a software platform for the deliveryover the Web of digital documents, scanned documents, and high resolution images.DjVu documents download and display extremely quickly, and look exactly the same on all platforms with no compatibility problems due to fonts, colors, etc. DjVu can be seen as a superior alternative to PDF and PostScript for digital documents, to TIFF (and PDF) for scanned bitonal documents, to JPEG and JPEG2000 for photographs and pictures, and to GIF for large palettized images. DjVu is the only Web format that is practical for distributing high-resolution scanned documents in color.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46310)\r\n\r\nAn issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46312)",
"cves": [
{
"id": "CVE-2021-46312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46312",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json b/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json
index 4313803..fa2fc97 100644
--- a/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json
+++ b/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1264",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1264",
"title": "An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).DMI data can be used to enable or disable specific portions of kernel code depending on the specific hardware. Thus, one use of dmidecode is for kernel developers to detect system \"signatures\" and add them to the kernel source code when needed.\r\n\r\nSecurity Fix(es):\r\n\r\nDmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630)",
"cves": [
{
"id": "CVE-2023-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30630",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dnsjava/config.json b/cusa/d/dnsjava/config.json
new file mode 100644
index 0000000..f9a5d9b
--- /dev/null
+++ b/cusa/d/dnsjava/config.json
@@ -0,0 +1,5 @@
+{
+ "upstream": "22.03-LTS",
+ "autobuild": true,
+ "fixed_version": ""
+}
\ No newline at end of file
diff --git a/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json b/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json
index 3da92ca..1c2ad7c 100644
--- a/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json
+++ b/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1761",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1761",
"title": "An update for dnsmasq is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2022-0934)",
"cves": [
{
"id": "CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json b/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json
index 7fb6c4f..ea39f79 100644
--- a/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json
+++ b/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1726",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1726",
"title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.(CVE-2022-24769)",
"cves": [
{
"id": "CVE-2022-24769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24769",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json b/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json
index d558f5c..e70d785 100644
--- a/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json
+++ b/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1739",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1739",
"title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.(CVE-2021-41091)\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.(CVE-2021-41089)\r\n\r\nDocker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.(CVE-2021-41092)",
"cves": [
{
"id": "CVE-2021-41092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41092",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json b/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json
index 0957d55..2da0b3c 100644
--- a/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json
+++ b/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1936",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1936",
"title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.(CVE-2022-36109)",
"cves": [
{
"id": "CVE-2022-36109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36109",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json b/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json
index 89a22fe..f3b71d9 100644
--- a/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json
+++ b/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1238",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1238",
"title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.(CVE-2023-28842)\r\n\r\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28841)\r\n\r\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28840)",
"cves": [
{
"id": "CVE-2023-28840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28840",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json b/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json
index 24a500f..dc66b74 100644
--- a/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json
+++ b/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1302",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1302",
"title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.(CVE-2024-24557)",
"cves": [
{
"id": "CVE-2024-24557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json b/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json
index e3a06af..5f5cd75 100644
--- a/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json
+++ b/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1465",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1465",
"title": "An update for docker is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\r\n\r\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\r\n\r\nContainers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\r\n\r\nIn addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.\r\n\r\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\r\n\r\nAs a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\r\n\r\nMany systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.\r\n\r\nBecause `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.\r\n\r\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\r\n\r\nMoby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace.(CVE-2024-29018)",
"cves": [
{
"id": "CVE-2024-29018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29018",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json b/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json
index a606861..1b8e635 100644
--- a/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json
+++ b/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1591",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1591",
"title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.(CVE-2024-32473)",
"cves": [
{
"id": "CVE-2024-32473",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32473",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json b/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json
index 50b0689..b9aee02 100644
--- a/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json
+++ b/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1994",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1994",
"title": "An update for dovecot is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package that will just handle common things for all versioned dovecot packages.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.(CVE-2022-30550)",
"cves": [
{
"id": "CVE-2022-30550",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30550",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json b/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json
index 180154b..adce1e5 100644
--- a/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json
+++ b/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1713",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1713",
"title": "An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "DPDK core includes kernel modules, core libraries and tools. testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages.\r\n\r\nSecurity Fix(es):\r\n\r\nIt’s an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.(CVE-2022-0669)\r\n\r\nIn DPDK Vhost communication, we didn’t test if msg->payload.inflight.num_queues is out of bounds in function ‘vhost_user_set_inflight_fd()’, and could cause the program to write OOB.(CVE-2021-3839)",
"cves": [
{
"id": "CVE-2021-3839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json b/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json
index eb1a60b..2a60f71 100644
--- a/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json
+++ b/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1911",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1911",
"title": "An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "DPDK core includes kernel modules, core libraries and tools.testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages.\r\n\r\nSecurity Fix(es):\r\n\r\nA permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.(CVE-2022-2132)",
"cves": [
{
"id": "CVE-2022-2132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2132",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json b/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json
index 3d8342f..14f0dee 100644
--- a/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json
+++ b/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1965",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1965",
"title": "An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "DPDK core includes kernel modules, core libraries and tools.testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages.\r\n\r\nSecurity Fix(es):\r\n\r\nNVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.(CVE-2022-28199)",
"cves": [
{
"id": "CVE-2022-28199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28199",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json b/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json
index a93deca..0ca6c9b 100644
--- a/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json
+++ b/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1703",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1703",
"title": "An update for dpkg is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Dpkg is a tool to install, build, remove and manageDebian packages. The primary and more user-friendly front-end for dpkg is aptitude.\r\n\r\nSecurity Fix(es):\r\n\r\nDpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.(CVE-2022-1664)",
"cves": [
{
"id": "CVE-2022-1664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1664",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json b/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json
index 995a160..ceca263 100644
--- a/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json
+++ b/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1704",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1704",
"title": "An update for runc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "runc is a CLI tool for spawning and running containers according to the OCI specification.\r\n\r\nSecurity Fix(es):\r\n\r\nrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.(CVE-2022-29162)",
"cves": [
{
"id": "CVE-2022-29162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29162",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json b/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json
index 2acf832..3a66bb0 100644
--- a/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json
+++ b/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1383",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1383",
"title": "An update for runc is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "runc is a CLI tool for spawning and running containers according to the OCI specification.\r\n\r\nSecurity Fix(es):\r\n\r\nrunc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.(CVE-2023-28642)",
"cves": [
{
"id": "CVE-2023-28642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json b/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json
index 66c6393..a9a5b51 100644
--- a/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json
+++ b/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1182",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1182",
"title": "An update for runc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "runc is a CLI tool for spawning and running containers according to the OCI specification.\r\n\r\nSecurity Fix(es):\r\n\r\nrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.(CVE-2024-21626)",
"cves": [
{
"id": "CVE-2024-21626",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json b/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json
index 034be3a..db51e66 100644
--- a/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json
+++ b/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1719",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1719",
"title": "An update for e2fsprogs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The e2fsprogs package consists of a lot of tools for users to create, check, modify, and correct any inconsistencies in second extended file system.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.(CVE-2022-1304)",
"cves": [
{
"id": "CVE-2022-1304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1304",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json b/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json
index de23913..ea0ec4c 100644
--- a/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json
+++ b/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1759",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1759",
"title": "An update for eclipse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Eclipse platform is designed for building integrated development environments (IDEs), server-side applications, desktop applications, and everything in between.\r\n\r\nSecurity Fix(es):\r\n\r\nIn versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.(CVE-2020-27225)",
"cves": [
{
"id": "CVE-2020-27225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27225",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json b/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json
index 90c3630..2e12a5c 100644
--- a/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json
+++ b/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1135",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1135",
"title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. \r\n\r\nSecurity Fix(es):\r\n\r\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)\r\n\r\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)\r\n\r\nA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.(CVE-2023-0401)\r\n\r\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)",
"cves": [
{
"id": "CVE-2022-4450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json b/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json
index d2c2d6d..edc1fee 100644
--- a/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json
+++ b/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1430",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1430",
"title": "An update for edk2 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. \n\nSecurity Fix(es):\n\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)",
"cves": [
{
"id": "CVE-2022-4304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json b/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json
index c65aa00..5759d43 100644
--- a/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json
+++ b/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1238",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1238",
"title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\nA security vulnerability has been identified in all supported versions\r\n\r\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)\r\n\r\nApplications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465)\r\n\r\nThe function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\r\n\r\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\r\n\r\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\r\n\r\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.(CVE-2023-0466)\r\n\r\nIssue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\r\n\r\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\r\n\r\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\r\n\r\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\r\n\r\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\r\n\r\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\r\n\r\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\r\n\r\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\r\n\r\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\r\n\r\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.(CVE-2023-2650)\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\r\n\r\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)\r\n\r\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)",
"cves": [
{
"id": "CVE-2024-0727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json
index 064c684..72ca38d 100644
--- a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json
+++ b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1280",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1280",
"title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.(CVE-2023-45229)\r\n\r\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.(CVE-2023-45231)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45234)",
"cves": [
{
"id": "CVE-2023-45234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45234",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json
index 50f3b29..284410c 100644
--- a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json
+++ b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1316",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1316",
"title": "An update for edk2 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\n\nEDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.\r\n\r\n(CVE-2022-36764)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45230)\r\n\r\n EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\r\n\r\n(CVE-2023-45232)\r\n\r\n EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\r\n\r\n(CVE-2023-45233)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when\r\n\r\n\r\n\r\n\r\n\r\nhandling Server ID option \r\n\r\n\r\n\r\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45235)",
"cves": [
{
"id": "CVE-2023-45235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45235",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json
index c18b025..1653d14 100644
--- a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json
+++ b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1350",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1350",
"title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\n\nEDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.\r\n\r\n(CVE-2022-36765)",
"cves": [
{
"id": "CVE-2022-36765",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36765",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json b/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json
index 31430ca..dd2830b 100644
--- a/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json
+++ b/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1513",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1513",
"title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\r\n\r\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\r\n\r\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\r\n\r\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.(CVE-2024-2511)",
"cves": [
{
"id": "CVE-2024-2511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json b/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json
index 6f48e21..ae065c1 100644
--- a/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json
+++ b/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1988",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1988",
"title": "An update for edk2 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nInsufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.(CVE-2019-11098)",
"cves": [
{
"id": "CVE-2019-11098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11098",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json b/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json
index bde6e13..6c15e5a 100644
--- a/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json
+++ b/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1390",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1390",
"title": "An update for emacs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.(CVE-2024-30204)\r\n\r\nIn Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205)",
"cves": [
{
"id": "CVE-2024-30205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30205",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json b/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json
index 1b2f74f..c084311 100644
--- a/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json
+++ b/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2131",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2131",
"title": "An update for emacs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the \"ctags *\" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-45939)",
"cves": [
{
"id": "CVE-2022-45939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45939",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json b/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json
index 5198446..1e07697 100644
--- a/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json
+++ b/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1148",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1148",
"title": "An update for emacs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing,including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.(CVE-2022-48339)\r\n\r\nAn issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.(CVE-2022-48338)\r\n\r\nGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-48337)",
"cves": [
{
"id": "CVE-2022-48337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48337",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json b/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json
index b70492d..af311cf 100644
--- a/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json
+++ b/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1627",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1627",
"title": "An update for epiphany is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.\r\n\r\nSecurity Fix(es):\r\n\r\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.(CVE-2021-45086)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088)\n\nIn GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)",
"cves": [
{
"id": "CVE-2022-29536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29536",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json b/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json
index 6bc4e91..a9aea72 100644
--- a/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json
+++ b/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1139",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1139",
"title": "An update for epiphany is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.(CVE-2023-26081)",
"cves": [
{
"id": "CVE-2023-26081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26081",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json b/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json
index 390c07e..3d6a4f7 100644
--- a/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json
+++ b/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1122",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1122",
"title": "An update for erlang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)",
"cves": [
{
"id": "CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json b/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json
index 8ae2fa2..517e8a3 100644
--- a/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json
+++ b/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1021",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1021",
"title": "An update for espeak-ng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The eSpeak NG is a compact open source software text-to-speech synthesizer for Linux, Windows, Android and other operating systems. It supports 70 languages and accents. It is based on the eSpeak engine created by Jonathan Duddington.\r\n\r\nSecurity Fix(es):\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.(CVE-2023-49990)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.(CVE-2023-49991)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.(CVE-2023-49992)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.(CVE-2023-49993)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.(CVE-2023-49994)",
"cves": [
{
"id": "CVE-2023-49994",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49994",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json b/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json
index 9b9ec5c..0b1ebab 100644
--- a/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json
+++ b/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2044",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2044",
"title": "An update for exiv2 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.(CVE-2019-13108)\r\n\r\nThere is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.(CVE-2019-13504)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37616)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37615)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.(CVE-2021-32815)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37623)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37622)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-34334)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-37620)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37621)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-34335)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37618)\r\n\r\nA flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service availability.(CVE-2021-31292)\n\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.(CVE-2021-37619)",
"cves": [
{
"id": "CVE-2021-37619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37619",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json
index 93c932e..4734a46 100644
--- a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json
+++ b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2046",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2046",
"title": "An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.(CVE-2022-3756)",
"cves": [
{
"id": "CVE-2022-3756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3756",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json
index 0718699..8a4c6a0 100644
--- a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json
+++ b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2101",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2101",
"title": "An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata.It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.(CVE-2022-3755)",
"cves": [
{
"id": "CVE-2022-3755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3755",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json b/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json
index e2c7d25..ef94466 100644
--- a/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json
+++ b/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1379",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1379",
"title": "An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.\r\n\r\nSecurity Fix(es):\r\n\r\nlibexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426)\r\n\r\nlibexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).(CVE-2024-28757)",
"cves": [
{
"id": "CVE-2024-28757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json
index 9844c04..16d02ba 100644
--- a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json
+++ b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2037",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2037",
"title": "An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.\n\r\n\r\nSecurity Fix(es):\r\n\r\nIn libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.(CVE-2022-43680)",
"cves": [
{
"id": "CVE-2022-43680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json
index c79b315..274d4cf 100644
--- a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json
+++ b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json b/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json
index 1769afc..d18cefe 100644
--- a/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json
+++ b/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1532",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1532",
"title": "An update for fdupes is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "FDUPES is a program for identifying duplicate files residing within specified directories.\r\n\r\nSecurity Fix(es):\r\n\r\nIn deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.(CVE-2022-48682)",
"cves": [
{
"id": "CVE-2022-48682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48682",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json b/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json
index 3bf276e..5803646 100644
--- a/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json
+++ b/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2087",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2087",
"title": "An update for festival is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface.\r\n\r\nSecurity Fix(es):\r\n\r\nfestival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996)",
"cves": [
{
"id": "CVE-2010-3996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3996",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json b/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json
index 1642fd7..c179b7b 100644
--- a/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json
+++ b/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1808",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1808",
"title": "An update for ffmpeg is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\r\n\r\nSecurity Fix(es):\r\n\r\ntrack_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.(CVE-2020-35964)\r\n\r\nlibavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.(CVE-2021-38114)",
"cves": [
{
"id": "CVE-2021-38114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json b/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json
index 3414224..bc3eedb 100644
--- a/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json
+++ b/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1574",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1574",
"title": "An update for file is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The program checks to see if the file is empty,or if its some sort of special file.\r\n\r\nSecurity Fix(es):\r\n\r\nFile before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.(CVE-2022-48554)",
"cves": [
{
"id": "CVE-2022-48554",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48554",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json
index af55151..c69cca9 100644
--- a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json
+++ b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json
@@ -8,12 +8,12 @@
{
"id": "CVE-2020-15673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15673",
- "severity": "Important"
+ "severity": "High"
},
{
"id": "CVE-2023-4056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4056",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json
index 5078865..86bda27 100644
--- a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json
+++ b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1684",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1684",
"title": "An update for firefox is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nThere exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. \n(CVE-2023-1999)",
"cves": [
{
"id": "CVE-2023-1999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1999",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json b/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json
index ebe77fc..a27ce99 100644
--- a/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json
+++ b/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1715",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1715",
"title": "An update for firefox is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4573)\r\n\r\nWhen creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4574)\r\n\r\nWhen creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4575)\r\n\r\nExcel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4581)\r\n\r\nMemory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4584)\r\n\r\nHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863)",
"cves": [
{
"id": "CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json b/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json
index 1a534b7..adcade7 100644
--- a/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json
+++ b/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1775",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1775",
"title": "An update for firefox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217)",
"cves": [
{
"id": "CVE-2023-5217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json b/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json
index b13b637..aab52bb 100644
--- a/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json
+++ b/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1058",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1058",
"title": "An update for firefox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104)",
"cves": [
{
"id": "CVE-2023-7104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json b/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json
index ab58811..d0c7bd6 100644
--- a/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json
+++ b/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1211",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1211",
"title": "An update for firefox is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.(CVE-2022-3479)",
"cves": [
{
"id": "CVE-2022-3479",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3479",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json b/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json
index 05564c1..a5c9c21 100644
--- a/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json
+++ b/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1514",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1514",
"title": "An update for firefox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nVP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488)",
"cves": [
{
"id": "CVE-2023-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44488",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json b/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json
index 0a5caf1..904b078 100644
--- a/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json
+++ b/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1689",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1689",
"title": "An update for fish is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "fish is a fully-equipped command line shell (like bash or zsh) that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure.\r\n\r\nSecurity Fix(es):\r\n\r\nfish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.(CVE-2022-20001)",
"cves": [
{
"id": "CVE-2022-20001",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20001",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json b/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json
index 5ecc50d..7b8c44f 100644
--- a/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json
+++ b/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1940",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1940",
"title": "An update for fish is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "fish is a fully-equipped command line shell (like bash or zsh) that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure.\r\n\r\nSecurity Fix(es):\r\n\r\nfish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \\UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49284)",
"cves": [
{
"id": "CVE-2023-49284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49284",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json b/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json
index 16cf668..b1e3139 100644
--- a/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json
+++ b/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1697",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1697",
"title": "An update for flac is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "FLAC stands for Free Lossless Audio Codec, an audio format similar to MP3, but lossless, meaning that audio is compressed in FLAC without any loss in quality.\r\n\r\nSecurity Fix(es):\r\n\r\nIn FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070(CVE-2020-0499)",
"cves": [
{
"id": "CVE-2020-0499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0499",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json b/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json
index f9526ab..94ce868 100644
--- a/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json
+++ b/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1788",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1788",
"title": "An update for flatpak-builder is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Flatpak-builder is a tool for building flatpaks from sources.\r\n\r\nSecurity Fix(es):\r\n\r\nFlatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.(CVE-2022-21682)",
"cves": [
{
"id": "CVE-2022-21682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21682",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json b/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json
index d27634e..93050ad 100644
--- a/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json
+++ b/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1424",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1424",
"title": "An update for flatpak is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.\r\n\r\nSecurity Fix(es):\r\n\r\nFlatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.(CVE-2023-28100)\r\n\r\nFlatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.(CVE-2023-28101)",
"cves": [
{
"id": "CVE-2023-28101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json b/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json
index aee2fa4..cdc64a2 100644
--- a/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json
+++ b/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1490",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1490",
"title": "An update for flatpak is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.\r\n\r\nSecurity Fix(es):\r\n\r\nFlatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.(CVE-2024-32462)",
"cves": [
{
"id": "CVE-2024-32462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32462",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json b/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json
index 32886bf..7786e62 100644
--- a/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json
+++ b/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1228",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1228",
"title": "An update for fontforge is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "FontForge (former PfaEdit) is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.\r\n\r\nSecurity Fix(es):\r\n\r\nSplinefont in FontForge through 20230101 allows command injection via crafted filenames.(CVE-2024-25081)\r\n\r\nSplinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.(CVE-2024-25082)",
"cves": [
{
"id": "CVE-2024-25082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25082",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json b/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json
index da3a8dc..c2bf2d3 100644
--- a/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json
+++ b/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1174",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1174",
"title": "An update for freeglut is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Freeglut is a free-software/open-source alternative to the OpenGL Utility Toolkit (GLUT) library. GLUT was originally written to support the sample programs in the second edition OpenGL 'RedBook'. Since then, GLUT has been used in a wide variety of practical applications because it is simple, widely available and highly portable.\r\n\r\nSecurity Fix(es):\r\n\r\nfreeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.(CVE-2024-24258)\r\n\r\nfreeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.(CVE-2024-24259)",
"cves": [
{
"id": "CVE-2024-24259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24259",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json b/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json
index 7eacad1..f74ba06 100644
--- a/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json
+++ b/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1898",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1898",
"title": "An update for freeimage is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "FreeImage is a library project for developers who would like to support popular graphics image formats (PNG, JPEG, TIFF, BMP and others). Some highlights are: extremely simple in use, not limited to the local PC (unique FreeImageIO) and Plugin driven!\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21427)\r\n\r\nBuffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21428)",
"cves": [
{
"id": "CVE-2020-21428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21428",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json
index b690cd0..3de6aef 100644
--- a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json
+++ b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2165",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2165",
"title": "An update for freeradius is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.\r\n\r\nReferences:\r\n\r\nhttps://freeradius.org/security/\r\n\r\nUpstream fix:\r\n\r\nhttps://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a(CVE-2022-41860)\r\n\r\nA malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.\r\n\r\nReferences:\r\n\r\nhttps://freeradius.org/security/\r\n\r\nUpstream fix:\r\n\r\nhttps://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e(CVE-2022-41861)",
"cves": [
{
"id": "CVE-2022-41861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41861",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json
index 5582f2b..16e3577 100644
--- a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json
+++ b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1956",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1956",
"title": "An update for freeradius is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.\r\n\r\nSecurity Fix(es):\r\n\r\nIn freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.(CVE-2022-41859)",
"cves": [
{
"id": "CVE-2022-41859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41859",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json b/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json
index 9d4896f..a5c71e1 100644
--- a/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json
+++ b/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1656",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1656",
"title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n(CVE-2023-39350)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39351)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n(CVE-2023-39352)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39353)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39354)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n(CVE-2023-39356)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40181)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40186)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40188)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40567)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40569)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40589)",
"cves": [
{
"id": "CVE-2023-40589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40589",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json b/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json
index de1fcdb..d1a9801 100644
--- a/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json
+++ b/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1542",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1542",
"title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32661)",
"cves": [
{
"id": "CVE-2024-32661",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32661",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json b/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json
index ecde453..d8e6dd4 100644
--- a/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json
+++ b/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2018",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2018",
"title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.(CVE-2022-39283)\r\n\r\nFreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.(CVE-2022-39282)",
"cves": [
{
"id": "CVE-2022-39282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39282",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json b/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json
index 6207ea0..5cbdb2c 100644
--- a/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json
+++ b/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39318",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json b/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json
index 71c181d..95f36d9 100644
--- a/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json
+++ b/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1246",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1246",
"title": "An update for freetype is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.(CVE-2023-2004)",
"cves": [
{
"id": "CVE-2023-2004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2004",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json b/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json
index aec2b8f..7a8ba1e 100644
--- a/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json
+++ b/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1923",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1923",
"title": "An update for fribidi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way; while the text data itself is always written in logical order and display in a different direction .\r\n\r\nSecurity Fix(es):\r\n\r\nA stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308)\r\n\r\nA heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.(CVE-2022-25309)\r\n\r\nA segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310)",
"cves": [
{
"id": "CVE-2022-25310",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25310",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json b/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json
index 4e0dfd1..a44d968 100644
--- a/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json
+++ b/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1176",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1176",
"title": "An update for future is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "This package intends to provides a compatibility layer for Python between its two version release. The future and past packages are both provides for backports and forwards, in which you are able to use a single, clean codebase to run under Python3 environmets easily. With also providing futurize and pasteurize scripts, you can convert you Python code to support both version.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.(CVE-2022-40899)",
"cves": [
{
"id": "CVE-2022-40899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40899",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json b/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json
index 42af915..526c376 100644
--- a/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json
+++ b/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1801",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1801",
"title": "An update for fwupd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "aims to make updating firmware on Linux automatic, safe and reliable.\r\n\r\nSecurity Fix(es):\r\n\r\nA PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.(CVE-2020-10759)",
"cves": [
{
"id": "CVE-2020-10759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10759",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json
index c0fcdf2..efb10b1 100644
--- a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json
+++ b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1760",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1760",
"title": "An update for GraphicsMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler's SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 89 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP.\r\n\r\nSecurity Fix(es):\r\n\r\nIn GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)",
"cves": [
{
"id": "CVE-2022-1270",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1270",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json
index fc9df0a..39d6518 100644
--- a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json
+++ b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1818",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1818",
"title": "An update for GraphicsMagick is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler's SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 89 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.(CVE-2020-21679)",
"cves": [
{
"id": "CVE-2020-21679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21679",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json b/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json
index a8c1857..ad5b56d 100644
--- a/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json
+++ b/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1831",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1831",
"title": "An update for game-music-emu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Game_Music_Emu is a collection of video game music file simulators that supports the following formats and systems:\r\n\r\nSecurity Fix(es):\r\n\r\nThe Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2017-17446)",
"cves": [
{
"id": "CVE-2017-17446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17446",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json b/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json
index e51b7ed..4a88fe1 100644
--- a/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json
+++ b/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2073",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2073",
"title": "An update for ganglia is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format.\r\n\r\nSecurity Fix(es):\r\n\r\nganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.(CVE-2019-20378)\r\n\r\nganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.(CVE-2019-20379)",
"cves": [
{
"id": "CVE-2019-20379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20379",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json b/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json
index 2b6fd40..daf3325 100644
--- a/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json
+++ b/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1735",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1735",
"title": "An update for gcc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The gcc package contains the GNU Compiler Collection version 10. You'll need this package in order to compile C code.\r\n\r\nSecurity Fix(es):\r\n\r\n\r\n\r\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\r\n\r\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\r\n\r\n\r\n\r\n\r\n\r\n(CVE-2023-4039)",
"cves": [
{
"id": "CVE-2023-4039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4039",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json b/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json
index f4a0be0..af3cd61 100644
--- a/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json
+++ b/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1613",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1613",
"title": "An update for gd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. The most common applications of GD involve website development, although it can be used with any standalone application!\r\n\r\nSecurity Fix(es):\r\n\r\n** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is \"The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.\"(CVE-2021-40145)",
"cves": [
{
"id": "CVE-2021-40145",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40145",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json b/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json
index 3f807a8..3628916 100644
--- a/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json
+++ b/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1624",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1624",
"title": "An update for gdb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.(CVE-2023-39128)",
"cves": [
{
"id": "CVE-2023-39128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39128",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json b/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json
index 6147448..e71e521 100644
--- a/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json
+++ b/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1826",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1826",
"title": "An update for gdb is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.(CVE-2023-39129)",
"cves": [
{
"id": "CVE-2023-39129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39129",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json b/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json
index 59a0bff..5512498 100644
--- a/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json
+++ b/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1870",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1870",
"title": "An update for gdb is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.(CVE-2023-39130)",
"cves": [
{
"id": "CVE-2023-39130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39130",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json b/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json
index 95228d3..c6dc57e 100644
--- a/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json
+++ b/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1874",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1874",
"title": "An update for gdk-pixbuf2 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites.\r\n\r\nSecurity Fix(es):\r\n\r\nGNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.(CVE-2021-46829)",
"cves": [
{
"id": "CVE-2021-46829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46829",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json b/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json
index cb13bff..fe99655 100644
--- a/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json
+++ b/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1754",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1754",
"title": "An update for ghostscript is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Ghostscript is an interpreter for PostScript™ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.(CVE-2022-2085)",
"cves": [
{
"id": "CVE-2022-2085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2085",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json b/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json
index 349b7a4..6a7a083 100644
--- a/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json
+++ b/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1984",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1984",
"title": "An update for ghostscript is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Ghostscript is an interpreter for PostScript™ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.(CVE-2023-46751)",
"cves": [
{
"id": "CVE-2023-46751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46751",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json b/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json
index e40e8fa..7c62a21 100644
--- a/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json
+++ b/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1723",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1723",
"title": "An update for giflib is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "giflib is a library of gif images and provides utilities for processing images.\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.(CVE-2022-28506)",
"cves": [
{
"id": "CVE-2022-28506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28506",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json b/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json
index 4214f60..831eb87 100644
--- a/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json
+++ b/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1675",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1675",
"title": "An update for giflib is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "giflib is a library of gif images and provides utilities for processing images.\r\n\r\nSecurity Fix(es):\r\n\r\ngiflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.(CVE-2023-39742)",
"cves": [
{
"id": "CVE-2023-39742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39742",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json b/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json
index f6a92e6..6c12d63 100644
--- a/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json
+++ b/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1602",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1602",
"title": "An update for giflib is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "giflib is a library of gif images and provides utilities for processing images.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.(CVE-2021-40633)",
"cves": [
{
"id": "CVE-2021-40633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40633",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json b/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json
index 90bc24d..bd3d0db 100644
--- a/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json
+++ b/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1269",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1269",
"title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.(CVE-2023-25652)\r\n\r\nIn Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\r\n\r\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.(CVE-2023-25815)\r\n\r\nGit is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.(CVE-2023-29007)",
"cves": [
{
"id": "CVE-2023-29007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29007",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json b/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json
index bd3b485..005f224 100644
--- a/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json
+++ b/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1676",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1676",
"title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\n\nSecurity Fix(es):\n\nGit for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.(CVE-2022-24765)",
"cves": [
{
"id": "CVE-2022-24765",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24765",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json b/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json
index 1a0f0f9..81db312 100644
--- a/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json
+++ b/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1765",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1765",
"title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.(CVE-2022-29187)",
"cves": [
{
"id": "CVE-2022-29187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29187",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json b/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json
index ec200a7..ab007f3 100644
--- a/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json
+++ b/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2029",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2029",
"title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.(CVE-2022-39253)\r\n\r\nGit is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.(CVE-2022-39260)",
"cves": [
{
"id": "CVE-2022-39260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39260",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json b/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json
index 4dc0c4a..95c42bb 100644
--- a/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json
+++ b/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1059",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1059",
"title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources.(CVE-2022-41953)",
"cves": [
{
"id": "CVE-2022-41953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41953",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json b/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json
index cd651be..41377cf 100644
--- a/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json
+++ b/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1120",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1120",
"title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.(CVE-2023-22490)\r\n\r\nGit, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.(CVE-2023-23946)",
"cves": [
{
"id": "CVE-2023-23946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23946",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json b/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json
index c427fa8..c62a6e3 100644
--- a/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json
+++ b/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1270",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1270",
"title": "An update for glade is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Glade is a RAD tool to enable quick and easy development of user interfaces for the GTK+ toolkit and the GNOME desktop environment.\r\n\r\nSecurity Fix(es):\r\n\r\nplugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).(CVE-2020-36774)",
"cves": [
{
"id": "CVE-2020-36774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36774",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json b/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json
index f77c884..a9528e7 100644
--- a/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json
+++ b/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1206",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1206",
"title": "An update for glib2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since.\r\n\r\nSecurity Fix(es):\r\n\r\n\nglib: DoS caused by malicious serialised variant(CVE-2023-25180)\r\n\r\n\nglib: DoS caused by handling a malicious text-form variant(CVE-2023-24593)",
"cves": [
{
"id": "CVE-2023-24593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24593",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json b/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json
index 068c5e2..f2960b2 100644
--- a/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json
+++ b/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1688",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1688",
"title": "An update for glibc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.(CVE-2023-4806)\r\n\r\nA flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.(CVE-2023-4813)\r\n\r\nA flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.(CVE-2023-5156)",
"cves": [
{
"id": "CVE-2023-5156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5156",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json b/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json
index 83be60b..4c932a1 100644
--- a/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json
+++ b/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1725",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1725",
"title": "An update for glibc is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nA buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.(CVE-2023-4911)",
"cves": [
{
"id": "CVE-2023-4911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4911",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json b/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json
index 9111359..d7c68c7 100644
--- a/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json
+++ b/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1544",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1544",
"title": "An update for glibc is now available for openEuler-20.03-LTS-SP4 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nnscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\n(CVE-2024-33599)\r\n\r\nnscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33600)\r\n\r\nnscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33601)\r\n\r\nnscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33602)",
"cves": [
{
"id": "CVE-2024-33602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json b/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json
index 35c869e..9917085 100644
--- a/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json
+++ b/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1170",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1170",
"title": "An update for glusterfs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.(CVE-2023-26253)",
"cves": [
{
"id": "CVE-2023-26253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26253",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json b/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json
index abd47ea..ecdff2c 100644
--- a/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json
+++ b/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1266",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1266",
"title": "An update for glusterfs is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over TCP/IP interconnect into one large parallel network filesystem. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility. It borrows a powerful concept called Translators from GNU Hurd kernel. Much of the code in GlusterFS is in user space and easily manageable.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.(CVE-2022-48340)",
"cves": [
{
"id": "CVE-2022-48340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48340",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json b/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json
index 885903c..0c0d438 100644
--- a/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json
+++ b/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2074",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2074",
"title": "An update for gnome-font-viewer is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Font Viewer application has been rewritten to match the new design used for GNOME 3 applications.It can now show an overview of all installed fonts and optimizes screen space usage when the application is maximized.\r\n\r\nSecurity Fix(es):\r\n\r\nIn text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).(CVE-2019-19308)",
"cves": [
{
"id": "CVE-2019-19308",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19308",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json b/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json
index 8f715fc..def6db9 100644
--- a/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json
+++ b/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2089",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2089",
"title": "An update for gnulib is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Gnulib is a central location for common GNU code, intended to be shared among GNU packages. It can be used to improve portability and other functionality in your programs.\r\n\r\nSecurity Fix(es):\r\n\r\nThe convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\\0' character during %f processing.(CVE-2018-17942)",
"cves": [
{
"id": "CVE-2018-17942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17942",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json b/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json
index 299cdc0..cb3c461 100644
--- a/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json
+++ b/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1847",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1847",
"title": "An update for gnupg2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories.\r\n\r\nSecurity Fix(es):\r\n\r\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.(CVE-2022-34903)",
"cves": [
{
"id": "CVE-2022-34903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34903",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json b/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json
index be490e9..453369a 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1093",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1093",
"title": "An update for gnutls is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.(CVE-2024-0553)\r\n\r\nA vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.(CVE-2024-0567)",
"cves": [
{
"id": "CVE-2024-0567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0567",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json b/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json
index ac62d2c..8245b2b 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1439",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1439",
"title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.(CVE-2024-28834)",
"cves": [
{
"id": "CVE-2024-28834",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28834",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json b/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json
index 714c8dc..d4f88fb 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1506",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1506",
"title": "An update for gnutls is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.(CVE-2024-28835)",
"cves": [
{
"id": "CVE-2024-28835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28835",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json b/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json
index 823eef7..a5a276d 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1822",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1822",
"title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.(CVE-2022-2509)",
"cves": [
{
"id": "CVE-2022-2509",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2509",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json b/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json
index 3ef61d3..b4678dd 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1889",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1889",
"title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.(CVE-2021-4209)",
"cves": [
{
"id": "CVE-2021-4209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4209",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json b/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json
index 493a29b..b3fd313 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1126",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1126",
"title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.(CVE-2023-0361)",
"cves": [
{
"id": "CVE-2023-0361",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0361",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json b/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json
index 155477b..2b6a29f 100644
--- a/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json
+++ b/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1867",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1867",
"title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.(CVE-2023-5981)",
"cves": [
{
"id": "CVE-2023-5981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5981",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json b/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json
index 1c328c0..1a5c327 100644
--- a/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json
+++ b/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2004",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2004",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nReader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.(CVE-2022-2879)\r\n\r\nRequests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.(CVE-2022-2880)\r\n\r\nPrograms which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.(CVE-2022-41715)",
"cves": [
{
"id": "CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json b/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json
index 00f0a4e..f62258d 100644
--- a/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json
+++ b/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2115",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2115",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nDue to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".(CVE-2022-41716)",
"cves": [
{
"id": "CVE-2022-41716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41716",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json b/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json
index ae06799..9d8be19 100644
--- a/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json
+++ b/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1082",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1082",
"title": "An update for golang is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nAn attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.(CVE-2022-41717)",
"cves": [
{
"id": "CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json b/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json
index 00fe346..4bad7ef 100644
--- a/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json
+++ b/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1192",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1192",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)\r\n\r\nLarge handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).(CVE-2022-41724)\r\n\r\nA denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.(CVE-2022-41725)",
"cves": [
{
"id": "CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json b/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json
index 706d5ff..b2bc730 100644
--- a/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json
+++ b/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1237",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1237",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nMultipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536)\r\n\r\nHTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534)\r\n\r\nTemplates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538)\r\n\r\nCalling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537)",
"cves": [
{
"id": "CVE-2023-24537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json b/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json
index 5d1949c..05c9204 100644
--- a/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json
+++ b/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1294",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1294",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nTemplates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.(CVE-2023-29400)\r\n\r\nAngle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.(CVE-2023-24539)\r\n\r\nNot all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.(CVE-2023-24540)",
"cves": [
{
"id": "CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json b/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json
index 74a1466..912288c 100644
--- a/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json
+++ b/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1404",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1404",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language\n\nSecurity Fix(es):\n\nOn Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.(CVE-2023-29403)",
"cves": [
{
"id": "CVE-2023-29403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29403",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json b/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json
index f72332c..355760a 100644
--- a/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json
+++ b/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1502",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1502",
"title": "An update for golang is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.(CVE-2023-29406)",
"cves": [
{
"id": "CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json b/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json
index 154934a..518a469 100644
--- a/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json
+++ b/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1530",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1530",
"title": "An update for golang is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Go Programming Language.\n\nSecurity Fix(es):\n\nExtremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.(CVE-2023-29409)",
"cves": [
{
"id": "CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json b/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json
index 6d95568..3fc84a4 100644
--- a/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json
+++ b/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1789",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1789",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": ".\r\n\r\nSecurity Fix(es):\r\n\r\nThe html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.(CVE-2023-39319)\r\n\r\nLine directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.(CVE-2023-39323)\r\n\r\nA malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)",
"cves": [
{
"id": "CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-26_openEuler-SA-2023-1935.json b/cusa/g/golang/golang-1.17.3-26_openEuler-SA-2023-1935.json
index 1d83562..94c133b 100644
--- a/cusa/g/golang/golang-1.17.3-26_openEuler-SA-2023-1935.json
+++ b/cusa/g/golang/golang-1.17.3-26_openEuler-SA-2023-1935.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1935",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1935",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": ".\r\n\r\nSecurity Fix(es):\r\n\r\nA malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.(CVE-2023-39326)\r\n\r\nUsing go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).(CVE-2023-45285)",
"cves": [
{
"id": "CVE-2023-45285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45285",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-28_openEuler-SA-2024-1306.json b/cusa/g/golang/golang-1.17.3-28_openEuler-SA-2024-1306.json
index e198897..6e1a7f7 100644
--- a/cusa/g/golang/golang-1.17.3-28_openEuler-SA-2024-1306.json
+++ b/cusa/g/golang/golang-1.17.3-28_openEuler-SA-2024-1306.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1306",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1306",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": " The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.(CVE-2023-45289)\r\n\r\nWhen parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.(CVE-2023-45290)\r\n\r\nVerifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.(CVE-2024-24783)\r\n\r\nIf errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.(CVE-2024-24785)",
"cves": [
{
"id": "CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-30_openEuler-SA-2024-1432.json b/cusa/g/golang/golang-1.17.3-30_openEuler-SA-2024-1432.json
index 58274b8..a01f55b 100644
--- a/cusa/g/golang/golang-1.17.3-30_openEuler-SA-2024-1432.json
+++ b/cusa/g/golang/golang-1.17.3-30_openEuler-SA-2024-1432.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1432",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1432",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nThe ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.(CVE-2024-24784)",
"cves": [
{
"id": "CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-32_openEuler-SA-2024-1488.json b/cusa/g/golang/golang-1.17.3-32_openEuler-SA-2024-1488.json
index 9fd59b4..6435567 100644
--- a/cusa/g/golang/golang-1.17.3-32_openEuler-SA-2024-1488.json
+++ b/cusa/g/golang/golang-1.17.3-32_openEuler-SA-2024-1488.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1488",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1488",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nAn attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.(CVE-2023-45288)",
"cves": [
{
"id": "CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-3_openEuler-SA-2022-1661.json b/cusa/g/golang/golang-1.17.3-3_openEuler-SA-2022-1661.json
index e697f3e..b318920 100644
--- a/cusa/g/golang/golang-1.17.3-3_openEuler-SA-2022-1661.json
+++ b/cusa/g/golang/golang-1.17.3-3_openEuler-SA-2022-1661.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1661",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1661",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\n\r\nGo before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.(CVE-2021-44717)\n\nencoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.(CVE-2022-24675)\n\r\nThe generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.(CVE-2022-28327)",
"cves": [
{
"id": "CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1783.json b/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1783.json
index a042cf8..143b6c1 100644
--- a/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1783.json
+++ b/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1783.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1783",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1783",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nWhen httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function set the X-Forwarded-For header value to nil, ReverseProxy would leave the header unmodified as expected.(CVE-2022-32148)\n\nCalling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.(CVE-2022-30635)\n\nInfinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. (CVE-2022-30634)\n\nCalling Unmarshal on a XML document into a Go struct which has a nested field that uses the any field tag can cause a panic due to stack exhaustion.(CVE-2022-30633)\n\nCalling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.(CVE-2022-30632)\n\nCalling Reader.Read on an archive containing a large number of concatenated 0-length compressed files can cause a panic due to stack exhaustion.(CVE-2022-30631)\n\nAs required by RFC 8446, section 4.6.1, ticket_age_add now holds arandom 32-bit value. Before this change, this value was always setto 0.(CVE-2022-30629)\n\nCalling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion.(CVE-2022-28131)\n\nCalling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion.(CVE-2022-1962)\n\nThe HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a chunked encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid.(CVE-2022-1705)",
"cves": [
{
"id": "CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1797.json b/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1797.json
index f00beec..335963b 100644
--- a/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1797.json
+++ b/cusa/g/golang/golang-1.17.3-5_openEuler-SA-2022-1797.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1797",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1797",
"title": "An update for golang is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nCalling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.(CVE-2022-30630)",
"cves": [
{
"id": "CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-6_openEuler-SA-2022-1830.json b/cusa/g/golang/golang-1.17.3-6_openEuler-SA-2022-1830.json
index 6889849..7971a14 100644
--- a/cusa/g/golang/golang-1.17.3-6_openEuler-SA-2022-1830.json
+++ b/cusa/g/golang/golang-1.17.3-6_openEuler-SA-2022-1830.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1830",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1830",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nA too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.\r\n\r\nReferences:\nhttps://go.dev/issue/53871\nhttps://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU\r\n\r\nUpstream Commits:\nMaster : https://github.com/golang/go/commit/055113ef364337607e3e72ed7d48df67fde6fc66\nBranch.go1.17 : https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102\nBranch.go1.18 : https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349(CVE-2022-32189)",
"cves": [
{
"id": "CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-7_openEuler-SA-2022-1857.json b/cusa/g/golang/golang-1.17.3-7_openEuler-SA-2022-1857.json
index c64a2da..cfd94ef 100644
--- a/cusa/g/golang/golang-1.17.3-7_openEuler-SA-2022-1857.json
+++ b/cusa/g/golang/golang-1.17.3-7_openEuler-SA-2022-1857.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1857",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1857",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nGo before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.(CVE-2022-29526)\r\n\r\nIncorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.(CVE-2022-29804)",
"cves": [
{
"id": "CVE-2022-29804",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29804",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/golang/golang-1.17.3-9_openEuler-SA-2022-1939.json b/cusa/g/golang/golang-1.17.3-9_openEuler-SA-2022-1939.json
index 1d79e74..f606bf2 100644
--- a/cusa/g/golang/golang-1.17.3-9_openEuler-SA-2022-1939.json
+++ b/cusa/g/golang/golang-1.17.3-9_openEuler-SA-2022-1939.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1939",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1939",
"title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nIn net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.(CVE-2022-27664)",
"cves": [
{
"id": "CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/google-gson/google-gson-2.8.2-4_openEuler-SA-2022-1663.json b/cusa/g/google-gson/google-gson-2.8.2-4_openEuler-SA-2022-1663.json
index 43371da..44794fc 100644
--- a/cusa/g/google-gson/google-gson-2.8.2-4_openEuler-SA-2022-1663.json
+++ b/cusa/g/google-gson/google-gson-2.8.2-4_openEuler-SA-2022-1663.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1663",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1663",
"title": "An update for google-gson is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Gson is a Java library that can be used to convert a Java object into its JSON representation. It can also be used to convert a JSON string into an equivalent Java object. Gson can work with arbitrary Java objects including pre-existing objects that you do not have source-code of. There are a few open-source projects that can convert Java objects to JSON. However, most of them require that you place Java annotations in your classes; something that you can not do if you do not have access to the source-code. Most also do not fully support the use of Java Generics. Gson considers both of these as very important design goals.\n\nSecurity Fix(es):\n\nThe package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.(CVE-2022-25647)",
"cves": [
{
"id": "CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grafana/grafana-7.5.15-1_openEuler-SA-2022-1688.json b/cusa/g/grafana/grafana-7.5.15-1_openEuler-SA-2022-1688.json
index 7615e9e..d0fa457 100644
--- a/cusa/g/grafana/grafana-7.5.15-1_openEuler-SA-2022-1688.json
+++ b/cusa/g/grafana/grafana-7.5.15-1_openEuler-SA-2022-1688.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1688",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1688",
"title": "An update for grafana is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nGrafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.(CVE-2022-21703)\r\n\r\nGrafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.(CVE-2022-21713)",
"cves": [
{
"id": "CVE-2022-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grafana/grafana-7.5.15-2_openEuler-SA-2022-1711.json b/cusa/g/grafana/grafana-7.5.15-2_openEuler-SA-2022-1711.json
index 9089ba5..e49193a 100644
--- a/cusa/g/grafana/grafana-7.5.15-2_openEuler-SA-2022-1711.json
+++ b/cusa/g/grafana/grafana-7.5.15-2_openEuler-SA-2022-1711.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1711",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1711",
"title": "An update for grafana is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nGrafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds.(CVE-2022-29170)",
"cves": [
{
"id": "CVE-2022-29170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29170",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-1870.json b/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-1870.json
index ef77426..50add8d 100644
--- a/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-1870.json
+++ b/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-1870.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1870",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1870",
"title": "An update for grafana is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nGrafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.(CVE-2022-31107)",
"cves": [
{
"id": "CVE-2022-31107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-2077.json b/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-2077.json
index 82417cb..c6971de 100644
--- a/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-2077.json
+++ b/cusa/g/grafana/grafana-7.5.15-3_openEuler-SA-2022-2077.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2077",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2077",
"title": "An update for grafana is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nGrafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.(CVE-2022-21702)",
"cves": [
{
"id": "CVE-2022-21702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grafana/grafana-7.5.15-6_openEuler-SA-2024-1105.json b/cusa/g/grafana/grafana-7.5.15-6_openEuler-SA-2024-1105.json
index c96353b..95d2ea9 100644
--- a/cusa/g/grafana/grafana-7.5.15-6_openEuler-SA-2024-1105.json
+++ b/cusa/g/grafana/grafana-7.5.15-6_openEuler-SA-2024-1105.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1105",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1105",
"title": "An update for grafana is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nImproper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148)\r\n\r\nA malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)",
"cves": [
{
"id": "CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grpc/grpc-1.41.1-5_openEuler-SA-2023-1682.json b/cusa/g/grpc/grpc-1.41.1-5_openEuler-SA-2023-1682.json
index a0e2323..a4a3cea 100644
--- a/cusa/g/grpc/grpc-1.41.1-5_openEuler-SA-2023-1682.json
+++ b/cusa/g/grpc/grpc-1.41.1-5_openEuler-SA-2023-1682.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1682",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1682",
"title": "An update for grpc is now available for openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed computing to connect devices, mobile applications and browsers to backend services.\r\n\r\nSecurity Fix(es):\r\n\r\nLack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. (CVE-2023-4785)",
"cves": [
{
"id": "CVE-2023-4785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4785",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grub2/grub2-2.06-10_openEuler-SA-2022-1734.json b/cusa/g/grub2/grub2-2.06-10_openEuler-SA-2022-1734.json
index 3751fc4..2195448 100644
--- a/cusa/g/grub2/grub2-2.06-10_openEuler-SA-2022-1734.json
+++ b/cusa/g/grub2/grub2-2.06-10_openEuler-SA-2022-1734.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1734",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1734",
"title": "An update for grub2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.(CVE-2022-28734)\r\n\r\nA use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern.(CVE-2022-28736)\r\n\r\nA flaw was found in grub2 when handling JPEG images. This flaw allows an attacker to craft a malicious JPEG image, which leads to an underflow on a grub2's internal pointer, leading to a heap-based out-of-bounds write. Secure-boot mechanisms circumvention and arbitrary code execution may also be achievable.(CVE-2021-3697)\r\n\r\nA flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the Huffman table at the PNG file header, an out-of-bounds write may happen on grub's heap.(CVE-2021-3696)\r\n\r\nA flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution.(CVE-2022-28733)\r\n\r\nA flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's memory, leading to possible code execution and the circumvention of the secure boot mechanism.(CVE-2021-3695)\r\n\r\nA flaw was found in grub2. The shim_lock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed.\n(CVE-2022-28735)",
"cves": [
{
"id": "CVE-2022-28735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28735",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grub2/grub2-2.06-15_openEuler-SA-2022-2118.json b/cusa/g/grub2/grub2-2.06-15_openEuler-SA-2022-2118.json
index c652d48..f7ca945 100644
--- a/cusa/g/grub2/grub2-2.06-15_openEuler-SA-2022-2118.json
+++ b/cusa/g/grub2/grub2-2.06-15_openEuler-SA-2022-2118.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2118",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2118",
"title": "An update for grub2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software (such as the Hurd or Linux). The kernel, in turn, initializes the rest of the operating system (e.g. GNU).\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.(CVE-2022-2601)\r\n\r\nA flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.(CVE-2022-3775)",
"cves": [
{
"id": "CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/grub2/grub2-2.06-38_openEuler-SA-2023-1720.json b/cusa/g/grub2/grub2-2.06-38_openEuler-SA-2023-1720.json
index 9d68e90..7255413 100644
--- a/cusa/g/grub2/grub2-2.06-38_openEuler-SA-2023-1720.json
+++ b/cusa/g/grub2/grub2-2.06-38_openEuler-SA-2023-1720.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1720",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1720",
"title": "An update for grub2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.(CVE-2023-4692)\r\n\r\nAn out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.(CVE-2023-4693)",
"cves": [
{
"id": "CVE-2023-4693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4693",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gssntlmssp/gssntlmssp-0.7.0-9_openEuler-SA-2023-1116.json b/cusa/g/gssntlmssp/gssntlmssp-0.7.0-9_openEuler-SA-2023-1116.json
index 0a4f77c..ade3cb3 100644
--- a/cusa/g/gssntlmssp/gssntlmssp-0.7.0-9_openEuler-SA-2023-1116.json
+++ b/cusa/g/gssntlmssp/gssntlmssp-0.7.0-9_openEuler-SA-2023-1116.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1116",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1116",
"title": "An update for gssntlmssp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Implementing the GSSAPI mechanism of NTLMSSP.\r\n\r\nSecurity Fix(es):\r\n\r\nGSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0.(CVE-2023-25564)\r\n\r\nGSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.(CVE-2023-25565)\r\n\r\nGSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.(CVE-2023-25567)",
"cves": [
{
"id": "CVE-2023-25567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25567",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-6_openEuler-SA-2023-1709.json b/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-6_openEuler-SA-2023-1709.json
index 0ebd927..3cf72a0 100644
--- a/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-6_openEuler-SA-2023-1709.json
+++ b/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-6_openEuler-SA-2023-1709.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1709",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1709",
"title": "An update for gstreamer1-plugins-bad-free is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "GStreamer is a pipeline-based multi media framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. This package contains plug-ins that are not tested well enough yet, or the code is not of good enough quality.\r\n\r\nSecurity Fix(es):\r\n\r\nVUL-0: CVE-2023-40474: gstreamer-plugins-bad: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability(CVE-2023-40474)\r\n\r\nVUL-0: CVE-2023-40475: gstreamer-plugins-bad: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability(CVE-2023-40475)\r\n\r\nVUL-0: CVE-2023-40476: gstreamer-plugins-bad: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-40476)",
"cves": [
{
"id": "CVE-2023-40476",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40476",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-9_openEuler-SA-2023-1943.json b/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-9_openEuler-SA-2023-1943.json
index 39ac17d..101ca6b 100644
--- a/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-9_openEuler-SA-2023-1943.json
+++ b/cusa/g/gstreamer1-plugins-bad-free/gstreamer1-plugins-bad-free-1.16.2-9_openEuler-SA-2023-1943.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1943",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1943",
"title": "An update for gstreamer1-plugins-bad-free is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "GStreamer is a pipeline-based multi media framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. This package contains plug-ins that are not tested well enough yet, or the code is not of good enough quality.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.\r\n\r\nhttps://gstreamer.freedesktop.org/security/sa-2023-0003.html(CVE-2023-37329)\r\n\r\nA use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution.(CVE-2023-44446)",
"cves": [
{
"id": "CVE-2023-44446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44446",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gstreamer1-plugins-base/gstreamer1-plugins-base-1.18.4-6_openEuler-SA-2024-1454.json b/cusa/g/gstreamer1-plugins-base/gstreamer1-plugins-base-1.18.4-6_openEuler-SA-2024-1454.json
index 54c587a..b4b1d03 100644
--- a/cusa/g/gstreamer1-plugins-base/gstreamer1-plugins-base-1.18.4-6_openEuler-SA-2024-1454.json
+++ b/cusa/g/gstreamer1-plugins-base/gstreamer1-plugins-base-1.18.4-6_openEuler-SA-2024-1454.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1454",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1454",
"title": "An update for gstreamer1-plugins-base is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GStreamer is a graphics library for built-in media processing components. BasePlug-ins is a the collections used to maintain the GStreamer plugin.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.\r\n\r\nhttps://gstreamer.freedesktop.org/security/sa-2023-0002.html(CVE-2023-37328)",
"cves": [
{
"id": "CVE-2023-37328",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37328",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-5_openEuler-SA-2022-1736.json b/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-5_openEuler-SA-2022-1736.json
index 6f1818d..c479998 100644
--- a/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-5_openEuler-SA-2022-1736.json
+++ b/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-5_openEuler-SA-2022-1736.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1736",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1736",
"title": "An update for gstreamer1-plugins-good is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins.\r\n\r\nSecurity Fix(es):\r\n\r\nPotential heap overwrite in the mkv demuxer when handling certain Matroska files in GStreamer versions before 1.20.3.(CVE-2022-1920)\r\n\r\nPotential heap overwrite in the qt demuxer when handling certain QuickTime/MP4 files in GStreamer versions before 1.20.3.(CVE-2022-2122)\r\n\r\nHeap-based buffer overflow in the avi demuxer when handling certain AVI files in GStreamer versions before 1.20.3.(CVE-2022-1921)\r\n\r\nPotential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1922)\r\n\r\nPotential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1923)\r\n\r\nPotential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1924)\r\n\r\nPotential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.(CVE-2022-1925)",
"cves": [
{
"id": "CVE-2022-1925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1925",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-6_openEuler-SA-2023-1934.json b/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-6_openEuler-SA-2023-1934.json
index 8a85895..8381385 100644
--- a/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-6_openEuler-SA-2023-1934.json
+++ b/cusa/g/gstreamer1-plugins-good/gstreamer1-plugins-good-1.16.2-6_openEuler-SA-2023-1934.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1934",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1934",
"title": "An update for gstreamer1-plugins-good is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based buffer overflow in the FLAC parser when handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7. \r\n\r\nhttps://gstreamer.freedesktop.org/security/sa-2023-0001.html(CVE-2023-37327)",
"cves": [
{
"id": "CVE-2023-37327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37327",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gtk2/config.json b/cusa/g/gtk2/config.json
new file mode 100644
index 0000000..f9a5d9b
--- /dev/null
+++ b/cusa/g/gtk2/config.json
@@ -0,0 +1,5 @@
+{
+ "upstream": "22.03-LTS",
+ "autobuild": true,
+ "fixed_version": ""
+}
\ No newline at end of file
diff --git a/cusa/g/gtk3/config.json b/cusa/g/gtk3/config.json
new file mode 100644
index 0000000..f9a5d9b
--- /dev/null
+++ b/cusa/g/gtk3/config.json
@@ -0,0 +1,5 @@
+{
+ "upstream": "22.03-LTS",
+ "autobuild": true,
+ "fixed_version": ""
+}
\ No newline at end of file
diff --git a/cusa/g/guava/guava-25.0-6_openEuler-SA-2023-1412.json b/cusa/g/guava/guava-25.0-6_openEuler-SA-2023-1412.json
index d75ceea..cc6d99b 100644
--- a/cusa/g/guava/guava-25.0-6_openEuler-SA-2023-1412.json
+++ b/cusa/g/guava/guava-25.0-6_openEuler-SA-2023-1412.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1412",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1412",
"title": "An update for guava is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Guava is a set of core Java libraries from Google that includes new collection types (such as multimap and multiset), immutable collections, a graph library, and utilities for concurrency, I/O, hashing, caching, primitives, strings, and more! It is widely used on most Java projects within Google, and widely used by many other companies as well.\n\nSecurity Fix(es):\n\nUse of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\n\n(CVE-2023-2976)",
"cves": [
{
"id": "CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/guava20/guava20-20.0-11_openEuler-SA-2023-1411.json b/cusa/g/guava20/guava20-20.0-11_openEuler-SA-2023-1411.json
index 476e16a..fceacec 100644
--- a/cusa/g/guava20/guava20-20.0-11_openEuler-SA-2023-1411.json
+++ b/cusa/g/guava20/guava20-20.0-11_openEuler-SA-2023-1411.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1411",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1411",
"title": "An update for guava20 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Guava is a set of core libraries that includes new collection types ,immutable collections, a graph library, and utilities for concurrency, I/O, hashing, primitives, strings, and more.\n\nSecurity Fix(es):\n\nUse of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\n\n(CVE-2023-2976)",
"cves": [
{
"id": "CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/g/gzip/gzip-1.11-3_openEuler-SA-2022-1629.json b/cusa/g/gzip/gzip-1.11-3_openEuler-SA-2022-1629.json
index 8761eb4..fb05e1a 100644
--- a/cusa/g/gzip/gzip-1.11-3_openEuler-SA-2022-1629.json
+++ b/cusa/g/gzip/gzip-1.11-3_openEuler-SA-2022-1629.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1629",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1629",
"title": "An update for gzip is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "gzip is a single-file/stream lossless data compression utility, where the resulting compressed file generally has the suffix .gz.\r\n\r\nSecurity Fix(es):\r\n\r\nThe vulnerability exists due to insufficient validation when handling filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system. The vulnerability allows a remote attacker to compromise an affected system.(CVE-2022-1271)",
"cves": [
{
"id": "CVE-2022-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1271",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/hadoop/hadoop-3.3.4-1_openEuler-SA-2022-2016.json b/cusa/h/hadoop/hadoop-3.3.4-1_openEuler-SA-2022-2016.json
index 1d64d73..3cfbe76 100644
--- a/cusa/h/hadoop/hadoop-3.3.4-1_openEuler-SA-2022-2016.json
+++ b/cusa/h/hadoop/hadoop-3.3.4-1_openEuler-SA-2022-2016.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2016",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2016",
"title": "An update for hadoop is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.(CVE-2021-33036)",
"cves": [
{
"id": "CVE-2021-33036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33036",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/haproxy/haproxy-2.4.8-2_openEuler-SA-2022-2054.json b/cusa/h/haproxy/haproxy-2.4.8-2_openEuler-SA-2022-2054.json
index 54c7214..edfb1f0 100644
--- a/cusa/h/haproxy/haproxy-2.4.8-2_openEuler-SA-2022-2054.json
+++ b/cusa/h/haproxy/haproxy-2.4.8-2_openEuler-SA-2022-2054.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2054",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2054",
"title": "An update for haproxy is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. \r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the way HAProxy processed HTTP responses containing the \"Set-Cookie2\" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.(CVE-2022-0711)",
"cves": [
{
"id": "CVE-2022-0711",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0711",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/haproxy/haproxy-2.4.8-3_openEuler-SA-2023-1141.json b/cusa/h/haproxy/haproxy-2.4.8-3_openEuler-SA-2023-1141.json
index fdd0a8e..efbf301 100644
--- a/cusa/h/haproxy/haproxy-2.4.8-3_openEuler-SA-2023-1141.json
+++ b/cusa/h/haproxy/haproxy-2.4.8-3_openEuler-SA-2023-1141.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1141",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1141",
"title": "An update for haproxy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. \r\n\r\nSecurity Fix(es):\r\n\r\nInitial description: Router PODs frequently getting restarted and haproxy process is receiving the segfault but it is not generating coredump even though the core file size is unlimited.\r\n\r\nUpstream bug: https://github.com/haproxy/haproxy/issues/1972(CVE-2023-0056)\r\n\r\nHAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.(CVE-2023-25725)",
"cves": [
{
"id": "CVE-2023-25725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/haproxy/haproxy-2.4.8-4_openEuler-SA-2023-1541.json b/cusa/h/haproxy/haproxy-2.4.8-4_openEuler-SA-2023-1541.json
index 5201cad..a457f4f 100644
--- a/cusa/h/haproxy/haproxy-2.4.8-4_openEuler-SA-2023-1541.json
+++ b/cusa/h/haproxy/haproxy-2.4.8-4_openEuler-SA-2023-1541.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1541",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1541",
"title": "An update for haproxy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones.\n\nSecurity Fix(es):\n\nHAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.(CVE-2023-40225)",
"cves": [
{
"id": "CVE-2023-40225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40225",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/haproxy/haproxy-2.4.8-6_openEuler-SA-2023-1886.json b/cusa/h/haproxy/haproxy-2.4.8-6_openEuler-SA-2023-1886.json
index f0ead32..c9f011f 100644
--- a/cusa/h/haproxy/haproxy-2.4.8-6_openEuler-SA-2023-1886.json
+++ b/cusa/h/haproxy/haproxy-2.4.8-6_openEuler-SA-2023-1886.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1886",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1886",
"title": "An update for haproxy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones.\r\n\r\nSecurity Fix(es):\r\n\r\nAn information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.(CVE-2023-0836)\r\n\r\nHAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.(CVE-2023-45539)",
"cves": [
{
"id": "CVE-2023-45539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45539",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/harfbuzz/harfbuzz-2.8.2-3_openEuler-SA-2022-1777.json b/cusa/h/harfbuzz/harfbuzz-2.8.2-3_openEuler-SA-2022-1777.json
index eab6a75..19a86b8 100644
--- a/cusa/h/harfbuzz/harfbuzz-2.8.2-3_openEuler-SA-2022-1777.json
+++ b/cusa/h/harfbuzz/harfbuzz-2.8.2-3_openEuler-SA-2022-1777.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1777",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1777",
"title": "An update for harfbuzz is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in the form that is correctly arranged for the language and writing system.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33068)",
"cves": [
{
"id": "CVE-2022-33068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33068",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/harfbuzz/harfbuzz-2.8.2-4_openEuler-SA-2023-1083.json b/cusa/h/harfbuzz/harfbuzz-2.8.2-4_openEuler-SA-2023-1083.json
index 90f9cbc..73d69bb 100644
--- a/cusa/h/harfbuzz/harfbuzz-2.8.2-4_openEuler-SA-2023-1083.json
+++ b/cusa/h/harfbuzz/harfbuzz-2.8.2-4_openEuler-SA-2023-1083.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1083",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1083",
"title": "An update for harfbuzz is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in the form that is correctly arranged for the language and writing system.\r\n\r\nSecurity Fix(es):\r\n\r\nhb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.(CVE-2023-25193)",
"cves": [
{
"id": "CVE-2023-25193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25193",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/hdf5/hdf5-1.10.8-1_openEuler-SA-2023-1326.json b/cusa/h/hdf5/hdf5-1.10.8-1_openEuler-SA-2023-1326.json
index 615ad7d..14ca5d4 100644
--- a/cusa/h/hdf5/hdf5-1.10.8-1_openEuler-SA-2023-1326.json
+++ b/cusa/h/hdf5/hdf5-1.10.8-1_openEuler-SA-2023-1326.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2021-37501",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37501",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/hdf5/hdf5-1.8.20-17_openEuler-SA-2023-1208.json b/cusa/h/hdf5/hdf5-1.8.20-17_openEuler-SA-2023-1208.json
index 5706d5e..5d6629a 100644
--- a/cusa/h/hdf5/hdf5-1.8.20-17_openEuler-SA-2023-1208.json
+++ b/cusa/h/hdf5/hdf5-1.8.20-17_openEuler-SA-2023-1208.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1208",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1208",
"title": "An update for hdf5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.(CVE-2018-14031)\r\n\r\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.(CVE-2018-16438)",
"cves": [
{
"id": "CVE-2018-16438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16438",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/httpd/httpd-2.4.51-15_openEuler-SA-2023-1161.json b/cusa/h/httpd/httpd-2.4.51-15_openEuler-SA-2023-1161.json
index 495e0dc..fedfefe 100644
--- a/cusa/h/httpd/httpd-2.4.51-15_openEuler-SA-2023-1161.json
+++ b/cusa/h/httpd/httpd-2.4.51-15_openEuler-SA-2023-1161.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1161",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1161",
"title": "An update for httpd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\r\n\r\nSecurity Fix(es):\r\n\r\nHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.(CVE-2023-27522)\r\n\r\nSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.(CVE-2023-25690)",
"cves": [
{
"id": "CVE-2023-25690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/httpd/httpd-2.4.51-20_openEuler-SA-2023-1803.json b/cusa/h/httpd/httpd-2.4.51-20_openEuler-SA-2023-1803.json
index 3410e5e..7c587b3 100644
--- a/cusa/h/httpd/httpd-2.4.51-20_openEuler-SA-2023-1803.json
+++ b/cusa/h/httpd/httpd-2.4.51-20_openEuler-SA-2023-1803.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1803",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1803",
"title": "An update for httpd is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\n(CVE-2023-45802)",
"cves": [
{
"id": "CVE-2023-45802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45802",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/httpd/httpd-2.4.51-21_openEuler-SA-2024-1553.json b/cusa/h/httpd/httpd-2.4.51-21_openEuler-SA-2024-1553.json
index f306a42..cd30280 100644
--- a/cusa/h/httpd/httpd-2.4.51-21_openEuler-SA-2024-1553.json
+++ b/cusa/h/httpd/httpd-2.4.51-21_openEuler-SA-2024-1553.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1553",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1553",
"title": "An update for httpd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\r\n\r\nSecurity Fix(es):\r\n\r\nFaulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\r\n\r\nThis issue affects Apache HTTP Server: through 2.4.58.\n(CVE-2023-38709)\r\n\r\nHTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\r\n\r\nUsers are recommended to upgrade to version 2.4.59, which fixes this issue.(CVE-2024-24795)\r\n\r\nHTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.(CVE-2024-27316)",
"cves": [
{
"id": "CVE-2024-27316",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/httpd/httpd-2.4.51-8_openEuler-SA-2022-1718.json b/cusa/h/httpd/httpd-2.4.51-8_openEuler-SA-2022-1718.json
index 463234a..d175c25 100644
--- a/cusa/h/httpd/httpd-2.4.51-8_openEuler-SA-2022-1718.json
+++ b/cusa/h/httpd/httpd-2.4.51-8_openEuler-SA-2022-1718.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1718",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1718",
"title": "An update for httpd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\r\n\r\nSecurity Fix(es):\r\n\r\nInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.(CVE-2022-26377)\r\n\r\nThe ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.(CVE-2022-28614)\r\n\r\nApache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.(CVE-2022-28615)\r\n\r\nIn Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.(CVE-2022-29404)\r\n\r\nApache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.(CVE-2022-30556)\r\n\r\nApache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.(CVE-2022-31813)\r\n\r\nIf Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.(CVE-2022-30522)",
"cves": [
{
"id": "CVE-2022-30522",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30522",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/httpd/httpd-2.4.51-9_openEuler-SA-2022-1784.json b/cusa/h/httpd/httpd-2.4.51-9_openEuler-SA-2022-1784.json
index 1539dc4..e393664 100644
--- a/cusa/h/httpd/httpd-2.4.51-9_openEuler-SA-2022-1784.json
+++ b/cusa/h/httpd/httpd-2.4.51-9_openEuler-SA-2022-1784.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1784",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1784",
"title": "An update for httpd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\r\n\r\nSecurity Fix(es):\r\n\r\nApache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.(CVE-2022-28330)",
"cves": [
{
"id": "CVE-2022-28330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28330",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/h/hyperscan/hyperscan-5.4.2-1_openEuler-SA-2023-1609.json b/cusa/h/hyperscan/hyperscan-5.4.2-1_openEuler-SA-2023-1609.json
index b85ecd0..b038866 100644
--- a/cusa/h/hyperscan/hyperscan-5.4.2-1_openEuler-SA-2023-1609.json
+++ b/cusa/h/hyperscan/hyperscan-5.4.2-1_openEuler-SA-2023-1609.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1609",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1609",
"title": "An update for hyperscan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Hyperscan is a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, but is a standalone library with its own C API.\r\n\r\nSecurity Fix(es):\r\n\r\nInsufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-28711)",
"cves": [
{
"id": "CVE-2023-28711",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28711",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jackson-databind/jackson-databind-2.9.8-10_openEuler-SA-2023-1921.json b/cusa/j/jackson-databind/jackson-databind-2.9.8-10_openEuler-SA-2023-1921.json
index a7e639f..ca6e0a7 100644
--- a/cusa/j/jackson-databind/jackson-databind-2.9.8-10_openEuler-SA-2023-1921.json
+++ b/cusa/j/jackson-databind/jackson-databind-2.9.8-10_openEuler-SA-2023-1921.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1921",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1921",
"title": "An update for jackson-databind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration.\r\n\r\nSecurity Fix(es):\r\n\r\njackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.(CVE-2020-36518)\r\n\r\nIn FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1(CVE-2022-42003)\r\n\r\nIn FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.(CVE-2022-42004)",
"cves": [
{
"id": "CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jdom2/jdom2-2.0.6-15_openEuler-SA-2022-1630.json b/cusa/j/jdom2/jdom2-2.0.6-15_openEuler-SA-2022-1630.json
index 9d11217..006cb83 100644
--- a/cusa/j/jdom2/jdom2-2.0.6-15_openEuler-SA-2022-1630.json
+++ b/cusa/j/jdom2/jdom2-2.0.6-15_openEuler-SA-2022-1630.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1630",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1630",
"title": "An update for jdom2 is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "JDOM is an in-memory representation of an XML document. XML consists of elements (which have attributes), text data, 'entity' references, processing instructions, and comments. XML documents can also have a DocType declaration, Comments, and Processing Instructions before the root element.\r\n\r\nSecurity Fix(es):\r\n\r\nAn XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.(CVE-2021-33813)",
"cves": [
{
"id": "CVE-2021-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33813",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jersey/jersey-2.29.1-2_openEuler-SA-2024-1036.json b/cusa/j/jersey/jersey-2.29.1-2_openEuler-SA-2024-1036.json
index c89636e..3a3cd20 100644
--- a/cusa/j/jersey/jersey-2.29.1-2_openEuler-SA-2024-1036.json
+++ b/cusa/j/jersey/jersey-2.29.1-2_openEuler-SA-2024-1036.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1036",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1036",
"title": "An update for jersey is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Jersey is the open source JAX-RS (JSR 311) production quality Reference Implementation for building RESTful Web services. %if\r\n\r\nSecurity Fix(es):\r\n\r\nEclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.(CVE-2021-28168)",
"cves": [
{
"id": "CVE-2021-28168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28168",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1914.json b/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1914.json
index 2ba05b5..cf012d7 100644
--- a/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1914.json
+++ b/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1914.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1914",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1914",
"title": "An update for jettison is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Jettison is a collection of Java APIs (like STaX and DOM) which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream.\r\n\r\nSecurity Fix(es):\r\n\r\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40149)\r\n\r\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.(CVE-2022-40150)\r\n\r\nA stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.(CVE-2022-45685)\r\n\r\nJettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.(CVE-2022-45693)",
"cves": [
{
"id": "CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1966.json b/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1966.json
index 086818a..458ddde 100644
--- a/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1966.json
+++ b/cusa/j/jettison/jettison-1.5.4-1_openEuler-SA-2023-1966.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1966",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1966",
"title": "An update for jettison is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Jettison is a collection of Java APIs (like STaX and DOM) which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream.\r\n\r\nSecurity Fix(es):\r\n\r\nAn infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\r\n\r\n(CVE-2023-1436)",
"cves": [
{
"id": "CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jetty/jetty-9.4.16-1_openEuler-SA-2022-2149.json b/cusa/j/jetty/jetty-9.4.16-1_openEuler-SA-2022-2149.json
index 9c59818..c742afc 100644
--- a/cusa/j/jetty/jetty-9.4.16-1_openEuler-SA-2022-2149.json
+++ b/cusa/j/jetty/jetty-9.4.16-1_openEuler-SA-2022-2149.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2149",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2149",
"title": "An update for jetty is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "%global desc \\ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\\ do not need to configure and run a separate web server (like Apache) in order\\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\\ featured web server for static and dynamic content. Unlike separate\\ server/container solutions, this means that your web server and web\\ application run in the same process, without interconnection overheads\\ and complications. Furthermore, as a pure java component, Jetty can be simply\\ included in your application for demonstration, distribution or deployment.\\ Jetty is available on all Java supported platforms. \\ %global extdesc \\\\ \\ This package contains\r\n\r\nSecurity Fix(es):\r\n\r\nIn Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.(CVE-2019-10241)",
"cves": [
{
"id": "CVE-2019-10241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jetty/jetty-9.4.16-3_openEuler-SA-2023-1032.json b/cusa/j/jetty/jetty-9.4.16-3_openEuler-SA-2023-1032.json
index b4d17dc..f3fb603 100644
--- a/cusa/j/jetty/jetty-9.4.16-3_openEuler-SA-2023-1032.json
+++ b/cusa/j/jetty/jetty-9.4.16-3_openEuler-SA-2023-1032.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1032",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1032",
"title": "An update for jetty is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment.Jetty is available on all Java supported platforms.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.(CVE-2022-2048)\r\n\r\nIn Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.(CVE-2022-2047)",
"cves": [
{
"id": "CVE-2022-2047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jgit/jgit-5.11.0-3_openEuler-SA-2023-1995.json b/cusa/j/jgit/jgit-5.11.0-3_openEuler-SA-2023-1995.json
index 3f21256..09a6c50 100644
--- a/cusa/j/jgit/jgit-5.11.0-3_openEuler-SA-2023-1995.json
+++ b/cusa/j/jgit/jgit-5.11.0-3_openEuler-SA-2023-1995.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1995",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1995",
"title": "An update for jgit is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "A pure Java implementation of the Git version control system and command line interface.\r\n\r\nSecurity Fix(es):\r\n\r\nArbitrary File Overwrite in Eclipse JGit <= 6.6.0\r\n\r\nIn Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\r\n\r\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\r\n\r\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\r\n\r\nSetting git configuration option core.symlinks = false before checking out avoids the problem.\r\n\r\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ .\r\n\r\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\r\n\r\n\r\n\r\n(CVE-2023-4759)",
"cves": [
{
"id": "CVE-2023-4759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jpegoptim/jpegoptim-1.5.5-1_openEuler-SA-2024-1438.json b/cusa/j/jpegoptim/jpegoptim-1.5.5-1_openEuler-SA-2024-1438.json
index d743bdf..f392742 100644
--- a/cusa/j/jpegoptim/jpegoptim-1.5.5-1_openEuler-SA-2024-1438.json
+++ b/cusa/j/jpegoptim/jpegoptim-1.5.5-1_openEuler-SA-2024-1438.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1438",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1438",
"title": "An update for jpegoptim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Jpegoptim is an utility to optimize JPEG files. Provides lossless optimization (based on optimizing the Huffman tables) and \"lossy\" optimization based on setting maximum quality factor.\r\n\r\nSecurity Fix(es):\r\n\r\nJPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.(CVE-2022-32325)",
"cves": [
{
"id": "CVE-2022-32325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32325",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jruby/jruby-1.7.22-4_openEuler-SA-2024-1121.json b/cusa/j/jruby/jruby-1.7.22-4_openEuler-SA-2024-1121.json
index 75f1777..cde11cb 100644
--- a/cusa/j/jruby/jruby-1.7.22-4_openEuler-SA-2024-1121.json
+++ b/cusa/j/jruby/jruby-1.7.22-4_openEuler-SA-2024-1121.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1121",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1121",
"title": "An update for jruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "JRuby is a 100% Java implementation of the Ruby programming language. It is Ruby for the JVM. JRuby provides a complete set of core \"builtin\" classes and syntax for the Ruby language, as well as most of the Ruby Standard Libraries.\r\n\r\nSecurity Fix(es):\r\n\r\nA ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756)",
"cves": [
{
"id": "CVE-2023-28756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/json-path/json-path-2.1.0-2_openEuler-SA-2024-1252.json b/cusa/j/json-path/json-path-2.1.0-2_openEuler-SA-2024-1252.json
index ae4da94..7e0c170 100644
--- a/cusa/j/json-path/json-path-2.1.0-2_openEuler-SA-2024-1252.json
+++ b/cusa/j/json-path/json-path-2.1.0-2_openEuler-SA-2024-1252.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1252",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1252",
"title": "An update for json-path is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Java DSL for reading and testing JSON documents.\r\n\r\nSecurity Fix(es):\r\n\r\njson-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.(CVE-2023-51074)",
"cves": [
{
"id": "CVE-2023-51074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/json-smart/json-smart-2.2-2_openEuler-SA-2023-1224.json b/cusa/j/json-smart/json-smart-2.2-2_openEuler-SA-2023-1224.json
index 2c28b18..4292bfa 100644
--- a/cusa/j/json-smart/json-smart-2.2-2_openEuler-SA-2023-1224.json
+++ b/cusa/j/json-smart/json-smart-2.2-2_openEuler-SA-2023-1224.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1224",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1224",
"title": "An update for json-smart is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Json-smart is a performance focused, JSON processor lib.\r\n\r\nSecurity Fix(es):\r\n\r\n[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.(CVE-2023-1370)",
"cves": [
{
"id": "CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jsoup/jsoup-1.14.2-2_openEuler-SA-2024-1255.json b/cusa/j/jsoup/jsoup-1.14.2-2_openEuler-SA-2024-1255.json
index dfc6dc5..0c8600a 100644
--- a/cusa/j/jsoup/jsoup-1.14.2-2_openEuler-SA-2024-1255.json
+++ b/cusa/j/jsoup/jsoup-1.14.2-2_openEuler-SA-2024-1255.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1255",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1255",
"title": "An update for jsoup is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods.\r\n\r\nSecurity Fix(es):\r\n\r\njsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)(CVE-2022-36033)",
"cves": [
{
"id": "CVE-2022-36033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36033",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/jss/jss-4.9.3-1_openEuler-SA-2024-1208.json b/cusa/j/jss/jss-4.9.3-1_openEuler-SA-2024-1208.json
index 0077faa..5dd8141 100644
--- a/cusa/j/jss/jss-4.9.3-1_openEuler-SA-2024-1208.json
+++ b/cusa/j/jss/jss-4.9.3-1_openEuler-SA-2024-1208.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1208",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1208",
"title": "An update for jss is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "JSS offers a implementation for java-based applications to use native NSS.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.(CVE-2021-4213)",
"cves": [
{
"id": "CVE-2021-4213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4213",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1786.json b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1786.json
index 124e1f3..086fce1 100644
--- a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1786.json
+++ b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1786.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1786",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1786",
"title": "An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment 8.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21349)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541)\r\n\r\nThe Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)",
"cves": [
{
"id": "CVE-2022-34169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1813.json b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1813.json
index badb388..14e22be 100644
--- a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1813.json
+++ b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.342.b07-0_openEuler-SA-2022-1813.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2022-1813",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1813",
"title": "An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment 8.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). (CVE-2021-35588)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35603)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35556)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35578)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35559)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35561)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35564)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35586)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).(CVE-2021-35567)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365)\r\n\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341)",
"cves": [
{
diff --git a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.352.b08-3_openEuler-SA-2022-2145.json b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.352.b08-3_openEuler-SA-2022-2145.json
index d19b472..65ae26c 100644
--- a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.352.b08-3_openEuler-SA-2022-2145.json
+++ b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.352.b08-3_openEuler-SA-2022-2145.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2145",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2145",
"title": "An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment 8.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21271)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426)",
"cves": [
{
"id": "CVE-2022-21426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21426",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.382.b05-8_openEuler-SA-2023-1644.json b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.382.b05-8_openEuler-SA-2023-1644.json
index 46d2c02..6df80d0 100644
--- a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.382.b05-8_openEuler-SA-2023-1644.json
+++ b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.382.b05-8_openEuler-SA-2023-1644.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1644",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1644",
"title": "An update for openjdk-1.8.0 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment 8.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21549)\r\n\r\nAn issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.(CVE-2022-40433)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21830)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22049)",
"cves": [
{
"id": "CVE-2023-22049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22049",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.392.b08-3_openEuler-SA-2023-1813.json b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.392.b08-3_openEuler-SA-2023-1813.json
index 197dda2..e910c98 100644
--- a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.392.b08-3_openEuler-SA-2023-1813.json
+++ b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.392.b08-3_openEuler-SA-2023-1813.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1813",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1813",
"title": "An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment 8.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22067)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22081)",
"cves": [
{
"id": "CVE-2023-22081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22081",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.402.b06-1_openEuler-SA-2024-1127.json b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.402.b06-1_openEuler-SA-2024-1127.json
index ca391c0..5b26e44 100644
--- a/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.402.b06-1_openEuler-SA-2024-1127.json
+++ b/cusa/j/openjdk-1.8.0/java-1.8.0-openjdk-1.8.0.402.b06-1_openEuler-SA-2024-1127.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1127",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1127",
"title": "An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Security Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-20918)\r\n\r\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.(CVE-2024-20919)\r\n\r\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.(CVE-2024-20921)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2024-20922)\r\n\r\n(CVE-2024-20923)\r\n\r\n(CVE-2024-20925)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2024-20926)\r\n\r\nDifficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2024-20945)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-20952)",
"cves": [
{
"id": "CVE-2024-20952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20952",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.15.10-1_openEuler-SA-2022-1696.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.15.10-1_openEuler-SA-2022-1696.json
index 8803ede..dbd1cc4 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.15.10-1_openEuler-SA-2022-1696.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.15.10-1_openEuler-SA-2022-1696.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1696",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1696",
"title": "An update for openjdk-11 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550)",
"cves": [
{
"id": "CVE-2021-35550",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35550",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.16.8-0_openEuler-SA-2022-1849.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.16.8-0_openEuler-SA-2022-1849.json
index 65ce7c4..7c4f459 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.16.8-0_openEuler-SA-2022-1849.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.16.8-0_openEuler-SA-2022-1849.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1849",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1849",
"title": "An update for openjdk-11 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nThe Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540)",
"cves": [
{
"id": "CVE-2022-21540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21540",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.17.8-0_openEuler-SA-2022-2151.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.17.8-0_openEuler-SA-2022-2151.json
index a1f9bcb..e444abc 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.17.8-0_openEuler-SA-2022-2151.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.17.8-0_openEuler-SA-2022-2151.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2151",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2151",
"title": "An update for openjdk-11 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21626)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21619)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21618)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21628)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-39399)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21271)",
"cves": [
{
"id": "CVE-2022-21271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21271",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.20.8-2_openEuler-SA-2023-1739.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.20.8-2_openEuler-SA-2023-1739.json
index 860e7fa..1d48e60 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.20.8-2_openEuler-SA-2023-1739.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.20.8-2_openEuler-SA-2023-1739.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1739",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1739",
"title": "An update for openjdk-11 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.(CVE-2022-40433)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21835)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2023-22006)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22036)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-22041)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22049)",
"cves": [
{
"id": "CVE-2023-22049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22049",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.21.9-1_openEuler-SA-2023-1848.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.21.9-1_openEuler-SA-2023-1848.json
index dbb8df5..110329c 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.21.9-1_openEuler-SA-2023-1848.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.21.9-1_openEuler-SA-2023-1848.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1848",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1848",
"title": "An update for openjdk-11 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22081)",
"cves": [
{
"id": "CVE-2023-22081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22081",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1099.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1099.json
index 0a19ba0..414dc78 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1099.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1099.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1099",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1099",
"title": "An update for openjdk-11 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-20918)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2024-20926)\r\n\r\nDifficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2024-20945)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-20952)",
"cves": [
{
"id": "CVE-2024-20952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20952",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1151.json b/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1151.json
index dc13e08..f1e8ab3 100644
--- a/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1151.json
+++ b/cusa/j/openjdk-11/java-11-openjdk-11.0.22.7-0_openEuler-SA-2024-1151.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1151",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1151",
"title": "An update for openjdk-11 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.(CVE-2024-20919)\r\n\r\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.(CVE-2024-20921)",
"cves": [
{
"id": "CVE-2024-20921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20921",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1702.json b/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1702.json
index f93675b..c178ae6 100644
--- a/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1702.json
+++ b/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1702.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1702",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1702",
"title": "An update for openjdk-latest is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21449)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21443)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21496)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21434)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).(CVE-2021-35567)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35586)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35559)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35564)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35603)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35561)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35578)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35556)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248)\n\nVulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).(CVE-2021-2163)\n\nVulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-2161)",
"cves": [
{
"id": "CVE-2021-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2161",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1814.json b/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1814.json
index a5a94f2..1531c0d 100644
--- a/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1814.json
+++ b/cusa/j/openjdk-latest/java-latest-openjdk-18.0.1.10-0.rolling_openEuler-SA-2022-1814.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1814",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1814",
"title": "An update for openjdk-latest is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).(CVE-2021-2388)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2021-2369)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565)\n\nVulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).(CVE-2021-2341)",
"cves": [
{
"id": "CVE-2021-2341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2341",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-latest/java-latest-openjdk-18.0.2.9-0.rolling_openEuler-SA-2022-1832.json b/cusa/j/openjdk-latest/java-latest-openjdk-18.0.2.9-0.rolling_openEuler-SA-2022-1832.json
index c454b86..24f9753 100644
--- a/cusa/j/openjdk-latest/java-latest-openjdk-18.0.2.9-0.rolling_openEuler-SA-2022-1832.json
+++ b/cusa/j/openjdk-latest/java-latest-openjdk-18.0.2.9-0.rolling_openEuler-SA-2022-1832.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1832",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1832",
"title": "An update for openjdk-latest is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\n\nSecurity Fix(es):\n\nThe Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541)\n\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540)",
"cves": [
{
"id": "CVE-2022-21540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21540",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-latest/java-latest-openjdk-19.0.0.36-1.rolling_openEuler-SA-2022-2150.json b/cusa/j/openjdk-latest/java-latest-openjdk-19.0.0.36-1.rolling_openEuler-SA-2022-2150.json
index e41986e..82e51b1 100644
--- a/cusa/j/openjdk-latest/java-latest-openjdk-19.0.0.36-1.rolling_openEuler-SA-2022-2150.json
+++ b/cusa/j/openjdk-latest/java-latest-openjdk-19.0.0.36-1.rolling_openEuler-SA-2022-2150.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2150",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2150",
"title": "An update for openjdk-latest is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21626)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21624)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21619)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21618)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21628)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-39399)",
"cves": [
{
"id": "CVE-2022-39399",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39399",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-latest/java-latest-openjdk-20.0.2.9-1.rolling_openEuler-SA-2023-1601.json b/cusa/j/openjdk-latest/java-latest-openjdk-20.0.2.9-1.rolling_openEuler-SA-2023-1601.json
index d7f401d..6a68a71 100644
--- a/cusa/j/openjdk-latest/java-latest-openjdk-20.0.2.9-1.rolling_openEuler-SA-2023-1601.json
+++ b/cusa/j/openjdk-latest/java-latest-openjdk-20.0.2.9-1.rolling_openEuler-SA-2023-1601.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1601",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1601",
"title": "An update for openjdk-latest is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21549)\r\n\r\nAn issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.(CVE-2022-40433)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21830)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21835)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2023-22006)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-22041)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045)",
"cves": [
{
"id": "CVE-2023-22045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22045",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/j/openjdk-latest/java-latest-openjdk-21.0.0.35-1.rolling_openEuler-SA-2023-1814.json b/cusa/j/openjdk-latest/java-latest-openjdk-21.0.0.35-1.rolling_openEuler-SA-2023-1814.json
index 55e016e..a1ea704 100644
--- a/cusa/j/openjdk-latest/java-latest-openjdk-21.0.0.35-1.rolling_openEuler-SA-2023-1814.json
+++ b/cusa/j/openjdk-latest/java-latest-openjdk-21.0.0.35-1.rolling_openEuler-SA-2023-1814.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2023-1814",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1814",
"title": "An update for openjdk-latest is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The OpenJDK runtime environment.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22025)\r\n\r\nVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22081)",
"cves": [
{
diff --git a/cusa/k/kafka/kafka-2.8.2-1_openEuler-SA-2022-2062.json b/cusa/k/kafka/kafka-2.8.2-1_openEuler-SA-2022-2062.json
index 3f1a97a..a16fe2d 100644
--- a/cusa/k/kafka/kafka-2.8.2-1_openEuler-SA-2022-2062.json
+++ b/cusa/k/kafka/kafka-2.8.2-1_openEuler-SA-2022-2062.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2062",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2062",
"title": "An update for kafka is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nWhen Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.(CVE-2019-12399)\r\n\r\nA security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.(CVE-2022-34917)",
"cves": [
{
"id": "CVE-2022-34917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.100.0.124_openEuler-SA-2023-1381.json b/cusa/k/kernel/kernel-5.10.0-60.100.0.124_openEuler-SA-2023-1381.json
index 35fe33a..aa578e1 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.100.0.124_openEuler-SA-2023-1381.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.100.0.124_openEuler-SA-2023-1381.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1381",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1381",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-1073)\r\n\r\nA memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.(CVE-2023-1074)\r\n\r\nIn nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.(CVE-2023-1095)\r\n\r\nA use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.(CVE-2023-3141)\r\n\r\nAn out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.(CVE-2023-3268)\r\n\r\nAn issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.(CVE-2023-35829)",
"cves": [
{
"id": "CVE-2023-35829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35829",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.101.0.126_openEuler-SA-2023-1394.json b/cusa/k/kernel/kernel-5.10.0-60.101.0.126_openEuler-SA-2023-1394.json
index 77f18a6..326adf3 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.101.0.126_openEuler-SA-2023-1394.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.101.0.126_openEuler-SA-2023-1394.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1394",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1394",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nAn out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. Quoting ZDI security advisory [1]:\n\n\"This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the processing of seg6 attributes. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.\"\n\n[1] https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511/(CVE-2023-2860)\n\nA known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible.(CVE-2023-3006)\n\nAn issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.(CVE-2023-31084)\n\nA flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.(CVE-2023-3161)\n\nA NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.(CVE-2023-3212)\n\n** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access.(CVE-2023-34256)\n\nAn issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.(CVE-2023-35788)\n\nAn issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.(CVE-2023-35823)\n\nAn issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.(CVE-2023-35824)\n\nAn issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.(CVE-2023-35828)",
"cves": [
{
"id": "CVE-2023-35828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35828",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.102.0.128_openEuler-SA-2023-1423.json b/cusa/k/kernel/kernel-5.10.0-60.102.0.128_openEuler-SA-2023-1423.json
index fed705f..f8a22f6 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.102.0.128_openEuler-SA-2023-1423.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.102.0.128_openEuler-SA-2023-1423.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1423",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1423",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nA use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n(CVE-2023-3389)",
"cves": [
{
"id": "CVE-2023-3389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3389",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.103.0.130_openEuler-SA-2023-1435.json b/cusa/k/kernel/kernel-5.10.0-60.103.0.130_openEuler-SA-2023-1435.json
index 17dcccf..b1e6681 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.103.0.130_openEuler-SA-2023-1435.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.103.0.130_openEuler-SA-2023-1435.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1435",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1435",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nA time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.(CVE-2023-1295)\n\nA heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n(CVE-2023-3090)\n\nA use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.(CVE-2023-3117)\n\nLinux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace(CVE-2023-31248)\n\nAn issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.(CVE-2023-3220)\n\nA flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.(CVE-2023-3338)\n\nA null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.(CVE-2023-3358)",
"cves": [
{
"id": "CVE-2023-3358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3358",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.104.0.131_openEuler-SA-2023-1448.json b/cusa/k/kernel/kernel-5.10.0-60.104.0.131_openEuler-SA-2023-1448.json
index 826e61c..dfc9a48 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.104.0.131_openEuler-SA-2023-1448.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.104.0.131_openEuler-SA-2023-1448.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1448",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1448",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.(CVE-2022-45886)\n\nA use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.(CVE-2023-3390)\n\nLinux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace(CVE-2023-35001)",
"cves": [
{
"id": "CVE-2023-35001",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35001",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.105.0.132_openEuler-SA-2023-1471.json b/cusa/k/kernel/kernel-5.10.0-60.105.0.132_openEuler-SA-2023-1471.json
index 2946f6b..a0e5038 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.105.0.132_openEuler-SA-2023-1471.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.105.0.132_openEuler-SA-2023-1471.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-38428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38428",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.107.0.134_openEuler-SA-2023-1511.json b/cusa/k/kernel/kernel-5.10.0-60.107.0.134_openEuler-SA-2023-1511.json
index 1eed24f..3257187 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.107.0.134_openEuler-SA-2023-1511.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.107.0.134_openEuler-SA-2023-1511.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1511",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1511",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nA flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.(CVE-2023-3772)\n\nA use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.(CVE-2023-3863)\n\nA use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4133)\n\nA use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2023-4147)",
"cves": [
{
"id": "CVE-2023-4147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4147",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.108.0.135_openEuler-SA-2023-1538.json b/cusa/k/kernel/kernel-5.10.0-60.108.0.135_openEuler-SA-2023-1538.json
index e8641e8..c482796 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.108.0.135_openEuler-SA-2023-1538.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.108.0.135_openEuler-SA-2023-1538.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1538",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1538",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nA use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.(CVE-2023-4128)",
"cves": [
{
"id": "CVE-2023-4128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4128",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.109.0.136_openEuler-SA-2023-1585.json b/cusa/k/kernel/kernel-5.10.0-60.109.0.136_openEuler-SA-2023-1585.json
index b3cfb61..cf52194 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.109.0.136_openEuler-SA-2023-1585.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.109.0.136_openEuler-SA-2023-1585.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-4389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4389",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.110.0.137_openEuler-SA-2023-1614.json b/cusa/k/kernel/kernel-5.10.0-60.110.0.137_openEuler-SA-2023-1614.json
index 5002538..8d29d82 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.110.0.137_openEuler-SA-2023-1614.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.110.0.137_openEuler-SA-2023-1614.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1614",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1614",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\n(CVE-2023-3865)\r\n\r\n(CVE-2023-3866)\r\n\r\nA use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4132)\r\n\r\nA flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.(CVE-2023-4273)",
"cves": [
{
"id": "CVE-2023-4273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4273",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.111.0.138_openEuler-SA-2023-1634.json b/cusa/k/kernel/kernel-5.10.0-60.111.0.138_openEuler-SA-2023-1634.json
index a22d8ae..55e7155 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.111.0.138_openEuler-SA-2023-1634.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.111.0.138_openEuler-SA-2023-1634.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1634",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1634",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.(CVE-2023-32247)\r\n\r\nA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\r\n\r\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.\r\n\r\n(CVE-2023-3777)\r\n\r\nA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nOn an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used.\r\n\r\nWe recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.\r\n\r\n(CVE-2023-4015)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.\r\n\r\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\r\n\r\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.\r\n\r\n(CVE-2023-4206)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\r\n\r\nWhen fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\r\n\r\nWe recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.\r\n\r\n(CVE-2023-4207)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nWhen u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\r\n\r\nWe recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.\r\n\r\n(CVE-2023-4208)\r\n\r\nA use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\r\n\r\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\r\n\r\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\r\n\r\n(CVE-2023-4622)",
"cves": [
{
"id": "CVE-2023-4622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4622",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.112.0.139_openEuler-SA-2023-1668.json b/cusa/k/kernel/kernel-5.10.0-60.112.0.139_openEuler-SA-2023-1668.json
index 520a035..53168ed 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.112.0.139_openEuler-SA-2023-1668.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.112.0.139_openEuler-SA-2023-1668.json
@@ -2,18 +2,18 @@
"id": "openEuler-SA-2023-1668",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1668",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.(CVE-2022-45887)\r\n\r\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n(CVE-2023-20588)\r\n\r\nIn multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\r\n\r\n(CVE-2023-21400)\r\n\r\nVUL-0: CVE-2023-32249: kernel: Linux Kernel ksmbd Multichannel Improper Authentication Session Hijack Vulnerability(CVE-2023-32249)\r\n\r\nVUL-0: CVE-2023-32251: kernel: Linux Kernel ksmbd Improper Restriction of Excessive Authentication Attempts Protection Bypass Vulnerability(CVE-2023-32251)\r\n\r\nVUL-0: CVE-2023-32253: kernel: Linux Kernel ksmbd Session Deadlock Denial-of-Service Vulnerability(CVE-2023-32253)\r\n\r\n** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.(CVE-2023-4881)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\r\n\r\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\r\n\r\n(CVE-2023-4921)",
"cves": [
{
"id": "CVE-2023-32251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32251",
- "severity": "Moderate"
+ "severity": "Medium"
},
{
"id": "CVE-2023-4921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4921",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.113.0.140_openEuler-SA-2023-1729.json b/cusa/k/kernel/kernel-5.10.0-60.113.0.140_openEuler-SA-2023-1729.json
index b7495f2..c652047 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.113.0.140_openEuler-SA-2023-1729.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.113.0.140_openEuler-SA-2023-1729.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1729",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1729",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.(CVE-2023-42753)",
"cves": [
{
"id": "CVE-2023-42753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42753",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.114.0.141_openEuler-SA-2023-1741.json b/cusa/k/kernel/kernel-5.10.0-60.114.0.141_openEuler-SA-2023-1741.json
index d5b8f0f..125b2e5 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.114.0.141_openEuler-SA-2023-1741.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.114.0.141_openEuler-SA-2023-1741.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1741",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1741",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.(CVE-2023-42755)",
"cves": [
{
"id": "CVE-2023-42755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42755",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.115.0.142_openEuler-SA-2023-1781.json b/cusa/k/kernel/kernel-5.10.0-60.115.0.142_openEuler-SA-2023-1781.json
index 9ce0d7a..2af594a 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.115.0.142_openEuler-SA-2023-1781.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.115.0.142_openEuler-SA-2023-1781.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-5717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5717",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.116.0.143_openEuler-SA-2023-1797.json b/cusa/k/kernel/kernel-5.10.0-60.116.0.143_openEuler-SA-2023-1797.json
index 01fe3f9..70649af 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.116.0.143_openEuler-SA-2023-1797.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.116.0.143_openEuler-SA-2023-1797.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1797",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1797",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.(CVE-2023-37453)\r\n\r\nAn issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.(CVE-2023-46813)\r\n\r\nAn issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.(CVE-2023-46862)\r\n\r\nA use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.(CVE-2023-5178)",
"cves": [
{
"id": "CVE-2023-5178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5178",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.117.0.144_openEuler-SA-2023-1843.json b/cusa/k/kernel/kernel-5.10.0-60.117.0.144_openEuler-SA-2023-1843.json
index 3a61b3f..e911888 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.117.0.144_openEuler-SA-2023-1843.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.117.0.144_openEuler-SA-2023-1843.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1843",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1843",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.(CVE-2022-45884)\r\n\r\nRejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327)\r\n\r\nA race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\r\n\r\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\r\n\r\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\r\n\r\n(CVE-2023-4623)\r\n\r\nA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.\r\n\r\n(CVE-2023-5197)",
"cves": [
{
"id": "CVE-2023-5197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5197",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.118.0.145_openEuler-SA-2023-1859.json b/cusa/k/kernel/kernel-5.10.0-60.118.0.145_openEuler-SA-2023-1859.json
index 66e9ddf..8fbe10b 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.118.0.145_openEuler-SA-2023-1859.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.118.0.145_openEuler-SA-2023-1859.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2023-1859",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1859",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.(CVE-2023-39197)\r\n\r\nA null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.(CVE-2023-6176)",
"cves": [
{
diff --git a/cusa/k/kernel/kernel-5.10.0-60.119.0.146_openEuler-SA-2023-1888.json b/cusa/k/kernel/kernel-5.10.0-60.119.0.146_openEuler-SA-2023-1888.json
index faf696a..f0903d0 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.119.0.146_openEuler-SA-2023-1888.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.119.0.146_openEuler-SA-2023-1888.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1888",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1888",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.(CVE-2023-1193)",
"cves": [
{
"id": "CVE-2023-1193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1193",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.120.0.147_openEuler-SA-2023-1990.json b/cusa/k/kernel/kernel-5.10.0-60.120.0.147_openEuler-SA-2023-1990.json
index be7c96e..29d72d3 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.120.0.147_openEuler-SA-2023-1990.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.120.0.147_openEuler-SA-2023-1990.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1990",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1990",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.(CVE-2023-6546)",
"cves": [
{
"id": "CVE-2023-6546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6546",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.121.0.148_openEuler-SA-2024-1032.json b/cusa/k/kernel/kernel-5.10.0-60.121.0.148_openEuler-SA-2024-1032.json
index 892c155..88c9668 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.121.0.148_openEuler-SA-2024-1032.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.121.0.148_openEuler-SA-2024-1032.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1032",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nopeneuler-linux-kernel-5.10.149-ext4_write_inline_data-kernel_bug-365020(CVE-2021-33631)\r\n\r\nAn issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.(CVE-2023-35827)\r\n\r\nAn out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.(CVE-2023-6606)\r\n\r\nAn out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.(CVE-2023-6610)\r\n\r\nA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\r\n\r\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.\r\n\r\n(CVE-2023-6817)\r\n\r\nA heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\r\n\r\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\r\n\r\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\r\n\r\n(CVE-2023-6931)\r\n\r\nA use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\r\n\r\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\r\n\r\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\r\n\r\n(CVE-2023-6932)",
"cves": [
{
"id": "CVE-2023-6932",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6932",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.122.0.149_openEuler-SA-2024-1085.json b/cusa/k/kernel/kernel-5.10.0-60.122.0.149_openEuler-SA-2024-1085.json
index 7d2959d..e0d202b 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.122.0.149_openEuler-SA-2024-1085.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.122.0.149_openEuler-SA-2024-1085.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1085",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1085",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the bt_sock_recvmsg() and bt_sock_ioctl() functions could lead to a use-after-free on a socket buffer (\"skb\"). This flaw allows a local user to cause a denial of service condition or potential code execution.(CVE-2023-51779)\r\n\r\nAn issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.(CVE-2023-51780)\r\n\r\nAn issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.(CVE-2023-51781)\r\n\r\nAn issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.(CVE-2023-51782)\r\n\r\nAn out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).(CVE-2023-6121)",
"cves": [
{
"id": "CVE-2023-6121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6121",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1097.json b/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1097.json
index 9b9c7a1..a8c3a5c 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1097.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1097.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1097",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1097",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.(CVE-2023-6040)\r\n\r\nAn out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.(CVE-2024-0565)\r\n\r\nA flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.(CVE-2024-0607)",
"cves": [
{
"id": "CVE-2024-0607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0607",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1106.json b/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1106.json
index 01b1301..64c1a62 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1106.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.123.0.150_openEuler-SA-2024-1106.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1106",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1106",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.(CVE-2022-48619)\r\n\r\nA vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.(CVE-2024-0340)\r\n\r\nA denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.(CVE-2024-0641)",
"cves": [
{
"id": "CVE-2024-0641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0641",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.124.0.151_openEuler-SA-2024-1111.json b/cusa/k/kernel/kernel-5.10.0-60.124.0.151_openEuler-SA-2024-1111.json
index 21fda9b..8eb37aa 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.124.0.151_openEuler-SA-2024-1111.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.124.0.151_openEuler-SA-2024-1111.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1111",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1111",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.(CVE-2023-46343)\r\n\r\nIn the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.(CVE-2023-51042)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.(CVE-2024-22705)",
"cves": [
{
"id": "CVE-2024-22705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22705",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.125.0.152_openEuler-SA-2024-1142.json b/cusa/k/kernel/kernel-5.10.0-60.125.0.152_openEuler-SA-2024-1142.json
index c42516c..74c8ccf 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.125.0.152_openEuler-SA-2024-1142.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.125.0.152_openEuler-SA-2024-1142.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1142",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1142",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.(CVE-2023-51043)\r\n\r\nA use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.(CVE-2023-6531)\r\n\r\nA Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.(CVE-2023-6915)",
"cves": [
{
"id": "CVE-2023-6915",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6915",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.126.0.153_openEuler-SA-2024-1180.json b/cusa/k/kernel/kernel-5.10.0-60.126.0.153_openEuler-SA-2024-1180.json
index a1eb007..9be9050 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.126.0.153_openEuler-SA-2024-1180.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.126.0.153_openEuler-SA-2024-1180.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1180",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1180",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nTransmit requests in Xen's virtual network protocol can consist of\nmultiple parts. While not really useful, except for the initial part\nany of them may be of zero length, i.e. carry no data at all. Besides a\ncertain initial portion of the to be transferred data, these parts are\ndirectly translated into what Linux calls SKB fragments. Such converted\nrequest parts can, when for a particular SKB they are all of length\nzero, lead to a de-reference of NULL in core networking code.\n(CVE-2023-46838)\r\n\r\nA flaw in the routing table size was found in the ICMPv6 handling of \"Packet Too Big\". The size of the routing table is regulated by periodic garbage collection. However, with \"Packet Too Big Messages\" it is possible to exceed the routing table size and garbage collector threshold. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.(CVE-2023-52340)\r\n\r\nA denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.(CVE-2024-0639)\r\n\r\nA null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.(CVE-2024-0841)\r\n\r\nA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\r\n\r\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\r\n\r\n(CVE-2024-1086)\r\n\r\nIn rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.(CVE-2024-23849)",
"cves": [
{
"id": "CVE-2024-23849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23849",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.127.0.154_openEuler-SA-2024-1241.json b/cusa/k/kernel/kernel-5.10.0-60.127.0.154_openEuler-SA-2024-1241.json
index 2a9e59e..0784cc1 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.127.0.154_openEuler-SA-2024-1241.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.127.0.154_openEuler-SA-2024-1241.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1241",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1241",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: prevent mss overflow in skb_segment()\r\n\r\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\r\n\r\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\r\n\r\n\tmss = mss * partial_segs;\r\n\r\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\r\n\r\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\r\n\r\n[1]\r\n\r\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---(CVE-2023-52435)\r\n\r\nA race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\r\n\r\n(CVE-2024-23196)",
"cves": [
{
"id": "CVE-2024-23196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23196",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.128.0.155_openEuler-SA-2024-1261.json b/cusa/k/kernel/kernel-5.10.0-60.128.0.155_openEuler-SA-2024-1261.json
index e77180d..8cff62d 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.128.0.155_openEuler-SA-2024-1261.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.128.0.155_openEuler-SA-2024-1261.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1261",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1261",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.(CVE-2024-1151)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\r\n\r\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon 'region->group->tcam' [1].\r\n\r\nFix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().\r\n\r\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b(CVE-2024-26595)",
"cves": [
{
"id": "CVE-2024-26595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26595",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.129.0.156_openEuler-SA-2024-1283.json b/cusa/k/kernel/kernel-5.10.0-60.129.0.156_openEuler-SA-2024-1283.json
index c4707ec..6788ba7 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.129.0.156_openEuler-SA-2024-1283.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.129.0.156_openEuler-SA-2024-1283.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1283",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1283",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nf2fs: explicitly null-terminate the xattr list\r\n\r\nWhen setting an xattr, explicitly null-terminate the xattr list. This\neliminates the fragile assumption that the unused xattr space is always\nzeroed.(CVE-2023-52436)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbinder: fix use-after-free in shinker's callback\r\n\r\nThe mmap read lock is used during the shrinker's callback, which means\nthat using alloc->vma pointer isn't safe as it can race with munmap().\nAs of commit dd2283f2605e (\"mm: mmap: zap pages with read mmap_sem in\nmunmap\") the mmap lock is downgraded after the vma has been isolated.\r\n\r\nI was able to reproduce this issue by manually adding some delays and\ntriggering page reclaiming through the shrinker's debug sysfs. The\nfollowing KASAN report confirms the UAF:\r\n\r\n ==================================================================\n BUG: KASAN: slab-use-after-free in zap_page_range_single+0x470/0x4b8\n Read of size 8 at addr ffff356ed50e50f0 by task bash/478\r\n\r\n CPU: 1 PID: 478 Comm: bash Not tainted 6.6.0-rc5-00055-g1c8b86a3799f-dirty #70\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n zap_page_range_single+0x470/0x4b8\n binder_alloc_free_page+0x608/0xadc\n __list_lru_walk_one+0x130/0x3b0\n list_lru_walk_node+0xc4/0x22c\n binder_shrink_scan+0x108/0x1dc\n shrinker_debugfs_scan_write+0x2b4/0x500\n full_proxy_write+0xd4/0x140\n vfs_write+0x1ac/0x758\n ksys_write+0xf0/0x1dc\n __arm64_sys_write+0x6c/0x9c\r\n\r\n Allocated by task 492:\n kmem_cache_alloc+0x130/0x368\n vm_area_alloc+0x2c/0x190\n mmap_region+0x258/0x18bc\n do_mmap+0x694/0xa60\n vm_mmap_pgoff+0x170/0x29c\n ksys_mmap_pgoff+0x290/0x3a0\n __arm64_sys_mmap+0xcc/0x144\r\n\r\n Freed by task 491:\n kmem_cache_free+0x17c/0x3c8\n vm_area_free_rcu_cb+0x74/0x98\n rcu_core+0xa38/0x26d4\n rcu_core_si+0x10/0x1c\n __do_softirq+0x2fc/0xd24\r\n\r\n Last potentially related work creation:\n __call_rcu_common.constprop.0+0x6c/0xba0\n call_rcu+0x10/0x1c\n vm_area_free+0x18/0x24\n remove_vma+0xe4/0x118\n do_vmi_align_munmap.isra.0+0x718/0xb5c\n do_vmi_munmap+0xdc/0x1fc\n __vm_munmap+0x10c/0x278\n __arm64_sys_munmap+0x58/0x7c\r\n\r\nFix this issue by performing instead a vma_lookup() which will fail to\nfind the vma that was isolated before the mmap lock downgrade. Note that\nthis option has better performance than upgrading to a mmap write lock\nwhich would increase contention. Plus, mmap_write_trylock() has been\nrecently removed anyway.(CVE-2023-52438)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nuio: Fix use-after-free in uio_open\r\n\r\ncore-1\t\t\t\tcore-2\n-------------------------------------------------------\nuio_unregister_device\t\tuio_open\n\t\t\t\tidev = idr_find()\ndevice_unregister(&idev->dev)\nput_device(&idev->dev)\nuio_device_release\n\t\t\t\tget_device(&idev->dev)\nkfree(idev)\nuio_free_minor(minor)\n\t\t\t\tuio_release\n\t\t\t\tput_device(&idev->dev)\n\t\t\t\tkfree(idev)\n-------------------------------------------------------\r\n\r\nIn the core-1 uio_unregister_device(), the device_unregister will kfree\nidev when the idev->dev kobject ref is 1. But after core-1\ndevice_unregister, put_device and before doing kfree, the core-2 may\nget_device. Then:\n1. After core-1 kfree idev, the core-2 will do use-after-free for idev.\n2. When core-2 do uio_release and put_device, the idev will be double\n freed.\r\n\r\nTo address this issue, we can get idev atomic & inc idev reference with\nminor_lock.(CVE-2023-52439)\r\n\r\nNULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\r\n\r\nThis issue affects Linux kernel: v2.6.12-rc2.\r\n\r\n(CVE-2024-22099)\r\n\r\nIn btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.(CVE-2024-23850)\r\n\r\ncopy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.(CVE-2024-23851)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntls: fix race between async notify and socket close\r\n\r\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\r\n\r\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\r\n\r\nDon't futz with reiniting the completion, either, we are now\ntightly controlling when completion fires.(CVE-2024-26583)",
"cves": [
{
"id": "CVE-2024-26583",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26583",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.130.0.157_openEuler-SA-2024-1298.json b/cusa/k/kernel/kernel-5.10.0-60.130.0.157_openEuler-SA-2024-1298.json
index e9523ba..324ca5a 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.130.0.157_openEuler-SA-2024-1298.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.130.0.157_openEuler-SA-2024-1298.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1298",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1298",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: fix deadlock when cloning inline extents and using qgroups\r\n\r\nThere are a few exceptional cases where cloning an inline extent needs to\ncopy the inline extent data into a page of the destination inode.\r\n\r\nWhen this happens, we end up starting a transaction while having a dirty\npage for the destination inode and while having the range locked in the\ndestination's inode iotree too. Because when reserving metadata space\nfor a transaction we may need to flush existing delalloc in case there is\nnot enough free space, we have a mechanism in place to prevent a deadlock,\nwhich was introduced in commit 3d45f221ce627d (\"btrfs: fix deadlock when\ncloning inline extent and low on free metadata space\").\r\n\r\nHowever when using qgroups, a transaction also reserves metadata qgroup\nspace, which can also result in flushing delalloc in case there is not\nenough available space at the moment. When this happens we deadlock, since\nflushing delalloc requires locking the file range in the inode's iotree\nand the range was already locked at the very beginning of the clone\noperation, before attempting to start the transaction.\r\n\r\nWhen this issue happens, stack traces like the following are reported:\r\n\r\n [72747.556262] task:kworker/u81:9 state:D stack: 0 pid: 225 ppid: 2 flags:0x00004000\n [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142)\n [72747.556271] Call Trace:\n [72747.556273] __schedule+0x296/0x760\n [72747.556277] schedule+0x3c/0xa0\n [72747.556279] io_schedule+0x12/0x40\n [72747.556284] __lock_page+0x13c/0x280\n [72747.556287] ? generic_file_readonly_mmap+0x70/0x70\n [72747.556325] extent_write_cache_pages+0x22a/0x440 [btrfs]\n [72747.556331] ? __set_page_dirty_nobuffers+0xe7/0x160\n [72747.556358] ? set_extent_buffer_dirty+0x5e/0x80 [btrfs]\n [72747.556362] ? update_group_capacity+0x25/0x210\n [72747.556366] ? cpumask_next_and+0x1a/0x20\n [72747.556391] extent_writepages+0x44/0xa0 [btrfs]\n [72747.556394] do_writepages+0x41/0xd0\n [72747.556398] __writeback_single_inode+0x39/0x2a0\n [72747.556403] writeback_sb_inodes+0x1ea/0x440\n [72747.556407] __writeback_inodes_wb+0x5f/0xc0\n [72747.556410] wb_writeback+0x235/0x2b0\n [72747.556414] ? get_nr_inodes+0x35/0x50\n [72747.556417] wb_workfn+0x354/0x490\n [72747.556420] ? newidle_balance+0x2c5/0x3e0\n [72747.556424] process_one_work+0x1aa/0x340\n [72747.556426] worker_thread+0x30/0x390\n [72747.556429] ? create_worker+0x1a0/0x1a0\n [72747.556432] kthread+0x116/0x130\n [72747.556435] ? kthread_park+0x80/0x80\n [72747.556438] ret_from_fork+0x1f/0x30\r\n\r\n [72747.566958] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs]\n [72747.566961] Call Trace:\n [72747.566964] __schedule+0x296/0x760\n [72747.566968] ? finish_wait+0x80/0x80\n [72747.566970] schedule+0x3c/0xa0\n [72747.566995] wait_extent_bit.constprop.68+0x13b/0x1c0 [btrfs]\n [72747.566999] ? finish_wait+0x80/0x80\n [72747.567024] lock_extent_bits+0x37/0x90 [btrfs]\n [72747.567047] btrfs_invalidatepage+0x299/0x2c0 [btrfs]\n [72747.567051] ? find_get_pages_range_tag+0x2cd/0x380\n [72747.567076] __extent_writepage+0x203/0x320 [btrfs]\n [72747.567102] extent_write_cache_pages+0x2bb/0x440 [btrfs]\n [72747.567106] ? update_load_avg+0x7e/0x5f0\n [72747.567109] ? enqueue_entity+0xf4/0x6f0\n [72747.567134] extent_writepages+0x44/0xa0 [btrfs]\n [72747.567137] ? enqueue_task_fair+0x93/0x6f0\n [72747.567140] do_writepages+0x41/0xd0\n [72747.567144] __filemap_fdatawrite_range+0xc7/0x100\n [72747.567167] btrfs_run_delalloc_work+0x17/0x40 [btrfs]\n [72747.567195] btrfs_work_helper+0xc2/0x300 [btrfs]\n [72747.567200] process_one_work+0x1aa/0x340\n [72747.567202] worker_thread+0x30/0x390\n [72747.567205] ? create_worker+0x1a0/0x1a0\n [72747.567208] kthread+0x116/0x130\n [72747.567211] ? kthread_park+0x80/0x80\n [72747.567214] ret_from_fork+0x1f/0x30\r\n\r\n [72747.569686] task:fsstress state:D stack: \n---truncated---(CVE-2021-46987)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Defer the free of inner map when necessary\r\n\r\nWhen updating or deleting an inner map in map array or map htab, the map\nmay still be accessed by non-sleepable program or sleepable program.\nHowever bpf_map_fd_put_ptr() decreases the ref-counter of the inner map\ndirectly through bpf_map_put(), if the ref-counter is the last one\n(which is true for most cases), the inner map will be freed by\nops->map_free() in a kworker. But for now, most .map_free() callbacks\ndon't use synchronize_rcu() or its variants to wait for the elapse of a\nRCU grace period, so after the invocation of ops->map_free completes,\nthe bpf program which is accessing the inner map may incur\nuse-after-free problem.\r\n\r\nFix the free of inner map by invoking bpf_map_free_deferred() after both\none RCU grace period and one tasks trace RCU grace period if the inner\nmap has been removed from the outer map before. The deferment is\naccomplished by using call_rcu() or call_rcu_tasks_trace() when\nreleasing the last ref-counter of bpf map. The newly-added rcu_head\nfield in bpf_map shares the same storage space with work field to\nreduce the size of bpf_map.(CVE-2023-52447)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\r\n\r\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating\nrgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that.(CVE-2023-52448)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmtd: Fix gluebi NULL pointer dereference caused by ftl notifier\r\n\r\nIf both ftl.ko and gluebi.ko are loaded, the notifier of ftl\ntriggers NULL pointer dereference when trying to access\n‘gluebi->desc’ in gluebi_read().\r\n\r\nubi_gluebi_init\n ubi_register_volume_notifier\n ubi_enumerate_volumes\n ubi_notify_all\n gluebi_notify nb->notifier_call()\n gluebi_create\n mtd_device_register\n mtd_device_parse_register\n add_mtd_device\n blktrans_notify_add not->add()\n ftl_add_mtd tr->add_mtd()\n scan_header\n mtd_read\n mtd_read_oob\n mtd_read_oob_std\n gluebi_read mtd->read()\n gluebi->desc - NULL\r\n\r\nDetailed reproduction information available at the Link [1],\r\n\r\nIn the normal case, obtain gluebi->desc in the gluebi_get_device(),\nand access gluebi->desc in the gluebi_read(). However,\ngluebi_get_device() is not executed in advance in the\nftl_add_mtd() process, which leads to NULL pointer dereference.\r\n\r\nThe solution for the gluebi module is to run jffs2 on the UBI\nvolume without considering working with ftl or mtdblock [2].\nTherefore, this problem can be avoided by preventing gluebi from\ncreating the mtdblock device after creating mtd partition of the\ntype MTD_UBIVOLUME.(CVE-2023-52449)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix accesses to uninit stack slots\r\n\r\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state->allocated_stack, but not below it. In other words, if the\nstack was already \"large enough\", the access was permitted, but\notherwise the access was rejected instead of being allowed to \"grow the\nstack\". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn't be updated - global_func16 - because it\ncan't run unprivileged for other reasons.\r\n\r\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they're inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction's needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\r\n\r\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\r\n\r\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\r\n\r\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.(CVE-2023-52452)",
"cves": [
{
"id": "CVE-2023-52452",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52452",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.131.0.158_openEuler-SA-2024-1347.json b/cusa/k/kernel/kernel-5.10.0-60.131.0.158_openEuler-SA-2024-1347.json
index a8f016e..f22dd8d 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.131.0.158_openEuler-SA-2024-1347.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.131.0.158_openEuler-SA-2024-1347.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1347",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1347",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: act_ct: fix wild memory access when clearing fragments\r\n\r\nwhile testing re-assembly/re-fragmentation using act_ct, it's possible to\nobserve a crash like the following one:\r\n\r\n KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]\n CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424\n Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\n RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0\n Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48\n RSP: 0018:ffff888c31449db8 EFLAGS: 00010203\n RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960\n RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e\n RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350\n R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000\n R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160\n FS: 0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n inet_frag_destroy+0xa9/0x150\n call_timer_fn+0x2d/0x180\n run_timer_softirq+0x4fe/0xe70\n __do_softirq+0x197/0x5a0\n irq_exit_rcu+0x1de/0x200\n sysvec_apic_timer_interrupt+0x6b/0x80\n \r\n\r\nwhen act_ct temporarily stores an IP fragment, restoring the skb qdisc cb\nresults in putting random data in FRAG_CB(), and this causes those \"wild\"\nmemory accesses later, when the rbtree is purged. Never overwrite the skb\ncb in case tcf_ct_handle_fragments() returns -EINPROGRESS.(CVE-2021-47014)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudp: skip L4 aggregation for UDP tunnel packets\r\n\r\nIf NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and there\nare UDP tunnels available in the system, udp_gro_receive() could end-up\ndoing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) at\nthe outer UDP tunnel level for packets effectively carrying and UDP\ntunnel header.\r\n\r\nThat could cause inner protocol corruption. If e.g. the relevant\npackets carry a vxlan header, different vxlan ids will be ignored/\naggregated to the same GSO packet. Inner headers will be ignored, too,\nso that e.g. TCP over vxlan push packets will be held in the GRO\nengine till the next flush, etc.\r\n\r\nJust skip the SKB_GSO_UDP_L4 and SKB_GSO_FRAGLIST code path if the\ncurrent packet could land in a UDP tunnel, and let udp_gro_receive()\ndo GRO via udp_sk(sk)->gro_receive.\r\n\r\nThe check implemented in this patch is broader than what is strictly\nneeded, as the existing UDP tunnel could be e.g. configured on top of\na different device: we could end-up skipping GRO at-all for some packets.\r\n\r\nAnyhow, that is a very thin corner case and covering it will add quite\na bit of complexity.\r\n\r\nv1 -> v2:\n - hopefully clarify the commit message(CVE-2021-47036)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: pvrusb2: fix use after free on context disconnection\r\n\r\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack.(CVE-2023-52445)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: add check that partition length needs to be aligned with block size\r\n\r\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free.(CVE-2023-52458)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg\r\n\r\nsyzbot reported the following uninit-value access issue:\r\n\r\n=====================================================\nBUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]\nBUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482\nCPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x21c/0x280 lib/dump_stack.c:118\n kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121\n __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]\n smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482\n usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737\n usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374\n really_probe+0xf20/0x20b0 drivers/base/dd.c:529\n driver_probe_device+0x293/0x390 drivers/base/dd.c:701\n __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807\n bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431\n __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:920\n bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491\n device_add+0x3b0e/0x40d0 drivers/base/core.c:2680\n usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032\n usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241\n usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272\n really_probe+0xf20/0x20b0 drivers/base/dd.c:529\n driver_probe_device+0x293/0x390 drivers/base/dd.c:701\n __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807\n bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431\n __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:920\n bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491\n device_add+0x3b0e/0x40d0 drivers/base/core.c:2680\n usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554\n hub_port_connect drivers/usb/core/hub.c:5208 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]\n port_event drivers/usb/core/hub.c:5494 [inline]\n hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576\n process_one_work+0x1688/0x2140 kernel/workqueue.c:2269\n worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415\n kthread+0x551/0x590 kernel/kthread.c:292\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293\r\n\r\nLocal variable ----buf.i87@smsc75xx_bind created at:\n __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]\n smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482\n __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]\n smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482\r\n\r\nThis issue is caused because usbnet_read_cmd() reads less bytes than requested\n(zero byte in the reproducer). In this case, 'buf' is not properly filled.\r\n\r\nThis patch fixes the issue by returning -ENODATA if usbnet_read_cmd() reads\nless bytes than requested.(CVE-2023-52528)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()\r\n\r\nSince 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()'\nshould check the return value before examining skb data. So convert\nthe latter to return an appropriate error code and propagate it to\nreturn from 'wfx_start_ap()' as well. Compile tested only.(CVE-2023-52593)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix slab-out-of-bounds Read in dtSearch\r\n\r\nCurrently while searching for current page in the sorted entry table\nof the page there is a out of bound access. Added a bound check to fix\nthe error.\r\n\r\nDave:\nSet return code to -EIO(CVE-2023-52602)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nUBSAN: array-index-out-of-bounds in dtSplitRoot\r\n\r\nSyzkaller reported the following issue:\r\n\r\noop0: detected capacity change from 0 to 32768\r\n\r\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9\nindex -2 is out of range for type 'struct dtslot [128]'\nCPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283\n dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971\n dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]\n dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863\n jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270\n vfs_mkdir+0x3b3/0x590 fs/namei.c:4013\n do_mkdirat+0x279/0x550 fs/namei.c:4038\n __do_sys_mkdirat fs/namei.c:4053 [inline]\n __se_sys_mkdirat fs/namei.c:4051 [inline]\n __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fcdc0113fd9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9\nRDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003\nRBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0\nR10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000\nR13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000\n \r\n\r\nThe issue is caused when the value of fsi becomes less than -1.\nThe check to break the loop when fsi value becomes -1 is present\nbut syzbot was able to produce value less than -1 which cause the error.\nThis patch simply add the change for the values less than 0.\r\n\r\nThe patch is tested via syzbot.(CVE-2023-52603)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree\r\n\r\nSyzkaller reported the following issue:\r\n\r\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6\nindex 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]')\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \n================================================================================\nKernel panic - not syncing: UBSAN: panic_on_warn set ...\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n panic+0x30f/0x770 kernel/panic.c:340\n check_panic_on_warn+0x82/0xa0 kernel/panic.c:236\n ubsan_epilogue lib/ubsan.c:223 [inline]\n __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \nKernel Offset: disabled\nRebooting in 86400 seconds..\r\n\r\nThe issue is caused when the value of lp becomes greater than\nCTLTREESIZE which is the max size of stree. Adding a simple check\nsolves this issue.\r\n\r\nDave:\nAs the function returns a void, good error handling\nwould require a more intrusive code reorganization, so I modified\nOsama's patch at use WARN_ON_ONCE for lack of a cleaner option.\r\n\r\nThe patch is tested via syzbot.(CVE-2023-52604)",
"cves": [
{
"id": "CVE-2023-52604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52604",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.132.0.159_openEuler-SA-2024-1356.json b/cusa/k/kernel/kernel-5.10.0-60.132.0.159_openEuler-SA-2024-1356.json
index f4ff445..6a73afd 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.132.0.159_openEuler-SA-2024-1356.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.132.0.159_openEuler-SA-2024-1356.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1356",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1356",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nKVM: x86/mmu: Don't advance iterator after restart due to yielding\r\n\r\nAfter dropping mmu_lock in the TDP MMU, restart the iterator during\ntdp_iter_next() and do not advance the iterator. Advancing the iterator\nresults in skipping the top-level SPTE and all its children, which is\nfatal if any of the skipped SPTEs were not visited before yielding.\r\n\r\nWhen zapping all SPTEs, i.e. when min_level == root_level, restarting the\niter and then invoking tdp_iter_next() is always fatal if the current gfn\nhas as a valid SPTE, as advancing the iterator results in try_step_side()\nskipping the current gfn, which wasn't visited before yielding.\r\n\r\nSprinkle WARNs on iter->yielded being true in various helpers that are\noften used in conjunction with yielding, and tag the helper with\n__must_check to reduce the probabily of improper usage.\r\n\r\nFailing to zap a top-level SPTE manifests in one of two ways. If a valid\nSPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(),\nthe shadow page will be leaked and KVM will WARN accordingly.\r\n\r\n WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm]\n RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm]\n Call Trace:\n \n kvm_arch_destroy_vm+0x130/0x1b0 [kvm]\n kvm_destroy_vm+0x162/0x2a0 [kvm]\n kvm_vcpu_release+0x34/0x60 [kvm]\n __fput+0x82/0x240\n task_work_run+0x5c/0x90\n do_exit+0x364/0xa10\n ? futex_unqueue+0x38/0x60\n do_group_exit+0x33/0xa0\n get_signal+0x155/0x850\n arch_do_signal_or_restart+0xed/0x750\n exit_to_user_mode_prepare+0xc5/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\r\n\r\nIf kvm_tdp_mmu_zap_all() skips a gfn/SPTE but that SPTE is then zapped by\nkvm_tdp_mmu_put_root(), KVM triggers a use-after-free in the form of\nmarking a struct page as dirty/accessed after it has been put back on the\nfree list. This directly triggers a WARN due to encountering a page with\npage_count() == 0, but it can also lead to data corruption and additional\nerrors in the kernel.\r\n\r\n WARNING: CPU: 7 PID: 1995658 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:171\n RIP: 0010:kvm_is_zone_device_pfn.part.0+0x9e/0xd0 [kvm]\n Call Trace:\n \n kvm_set_pfn_dirty+0x120/0x1d0 [kvm]\n __handle_changed_spte+0x92e/0xca0 [kvm]\n __handle_changed_spte+0x63c/0xca0 [kvm]\n __handle_changed_spte+0x63c/0xca0 [kvm]\n __handle_changed_spte+0x63c/0xca0 [kvm]\n zap_gfn_range+0x549/0x620 [kvm]\n kvm_tdp_mmu_put_root+0x1b6/0x270 [kvm]\n mmu_free_root_page+0x219/0x2c0 [kvm]\n kvm_mmu_free_roots+0x1b4/0x4e0 [kvm]\n kvm_mmu_unload+0x1c/0xa0 [kvm]\n kvm_arch_destroy_vm+0x1f2/0x5c0 [kvm]\n kvm_put_kvm+0x3b1/0x8b0 [kvm]\n kvm_vcpu_release+0x4e/0x70 [kvm]\n __fput+0x1f7/0x8c0\n task_work_run+0xf8/0x1a0\n do_exit+0x97b/0x2230\n do_group_exit+0xda/0x2a0\n get_signal+0x3be/0x1e50\n arch_do_signal_or_restart+0x244/0x17f0\n exit_to_user_mode_prepare+0xcb/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x4d/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\r\n\r\nNote, the underlying bug existed even before commit 1af4a96025b3 (\"KVM:\nx86/mmu: Yield in TDU MMU iter even if no SPTES changed\") moved calls to\ntdp_mmu_iter_cond_resched() to the beginning of loops, as KVM could still\nincorrectly advance past a top-level entry when yielding on a lower-level\nentry. But with respect to leaking shadow pages, the bug was introduced\nby yielding before processing the current gfn.\r\n\r\nAlternatively, tdp_mmu_iter_cond_resched() could simply fall through, or\ncallers could jump to their \"retry\" label. The downside of that approach\nis that tdp_mmu_iter_cond_resched() _must_ be called before anything else\nin the loop, and there's no easy way to enfornce that requirement.\r\n\r\nIdeally, KVM would handling the cond_resched() fully within the iterator\nmacro (the code is actually quite clean) and avoid this entire class of\nbugs, but that is extremely difficult do wh\n---truncated---(CVE-2021-47094)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\r\n\r\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\r\n\r\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\r\n\r\nnfc_llcp_sock_get_sn() has a similar problem.\r\n\r\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.(CVE-2023-52502)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix array-index-out-of-bounds in diNewExt\r\n\r\n[Syz report]\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2\nindex -878706688 is out of range for type 'struct iagctl[128]'\nCPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360\n diAllocExt fs/jfs/jfs_imap.c:1949 [inline]\n diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666\n diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225\n vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106\n do_mkdirat+0x264/0x3a0 fs/namei.c:4129\n __do_sys_mkdir fs/namei.c:4149 [inline]\n __se_sys_mkdir fs/namei.c:4147 [inline]\n __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7fcb7e6a0b57\nCode: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053\nRAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57\nRDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140\nRBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\r\n\r\n[Analysis]\nWhen the agstart is too large, it can cause agno overflow.\r\n\r\n[Fix]\nAfter obtaining agno, if the value is invalid, exit the subsequent process.\r\n\r\n\nModified the test from agno > MAXAG to agno >= MAXAG based on linux-next\nreport by kernel test robot (Dan Carpenter).(CVE-2023-52599)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix uaf in jfs_evict_inode\r\n\r\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\r\n\r\nTherefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as\nipimap.(CVE-2023-52600)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix array-index-out-of-bounds in dbAdjTree\r\n\r\nCurrently there is a bound check missing in the dbAdjTree while\naccessing the dmt_stree. To add the required check added the bool is_ctl\nwhich is required to determine the size as suggest in the following\ncommit.\nhttps://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/(CVE-2023-52601)\r\n\r\nInteger Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.(CVE-2024-23307)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntomoyo: fix UAF write bug in tomoyo_write_control()\r\n\r\nSince tomoyo_write_control() updates head->write_buf when write()\nof long lines is requested, we need to fetch head->write_buf after\nhead->io_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.(CVE-2024-26622)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: call sock_orphan() at release time\r\n\r\nsyzbot reported an interesting trace [1] caused by a stale sk->sk_wq\npointer in a closed llc socket.\r\n\r\nIn commit ff7b11aa481f (\"net: socket: set sock->sk to NULL after\ncalling proto_ops::release()\") Eric Biggers hinted that some protocols\nare missing a sock_orphan(), we need to perform a full audit.\r\n\r\nIn net-next, I plan to clear sock->sk from sock_orphan() and\namend Eric patch to add a warning.\r\n\r\n[1]\n BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]\n BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]\n BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\nRead of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27\r\n\r\nCPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n list_empty include/linux/list.h:373 [inline]\n waitqueue_active include/linux/wait.h:127 [inline]\n sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\n skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080\n skb_release_all net/core/skbuff.c:1092 [inline]\n napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404\n e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970\n e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]\n e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801\n __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x956/0xe90 net/core/dev.c:6778\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x31/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164\n kthread+0x2c6/0x3a0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n \r\n\r\nAllocated by task 5167:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3019 [inline]\n sock_alloc_inode+0x25/0x1c0 net/socket.c:308\n alloc_inode+0x5d/0x220 fs/inode.c:260\n new_inode_pseudo+0x16/0x80 fs/inode.c:1005\n sock_alloc+0x40/0x270 net/socket.c:634\n __sock_create+0xbc/0x800 net/socket.c:1535\n sock_create net/socket.c:1622 [inline]\n __sys_socket_create net/socket.c:1659 [inline]\n __sys_socket+0x14c/0x260 net/socket.c:1706\n __do_sys_socket net/socket.c:1720 [inline]\n __se_sys_socket net/socket.c:1718 [inline]\n __x64_sys_socket+0x72/0xb0 net/socket.c:1718\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nFreed by task 0:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\n poison_slab_object mm/kasan/common.c:241 [inline]\n __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2121 [inlin\n---truncated---(CVE-2024-26625)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\r\n\r\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\r\n\r\nThis can be too heavy in case of recovery, such as:\r\n\r\n - N hardware queues\r\n\r\n - queue depth is M for each hardware queue\r\n\r\n - each scsi_host_busy() iterates over (N * M) tag/requests\r\n\r\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\r\n\r\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\r\n\r\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\r\n\r\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart](CVE-2024-26627)",
"cves": [
{
"id": "CVE-2024-26627",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26627",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.133.0.160_openEuler-SA-2024-1394.json b/cusa/k/kernel/kernel-5.10.0-60.133.0.160_openEuler-SA-2024-1394.json
index e8fa9c7..47a7bec 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.133.0.160_openEuler-SA-2024-1394.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.133.0.160_openEuler-SA-2024-1394.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2024-1394",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1394",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: hda: intel-sdw-acpi: harden detection of controller\r\n\r\nThe existing code currently sets a pointer to an ACPI handle before\nchecking that it's actually a SoundWire controller. This can lead to\nissues where the graph walk continues and eventually fails, but the\npointer was set already.\r\n\r\nThis patch changes the logic so that the information provided to\nthe caller is set when a controller is found.(CVE-2021-46926)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nASoC: q6afe-clocks: fix reprobing of the driver\r\n\r\nQ6afe-clocks driver can get reprobed. For example if the APR services\nare restarted after the firmware crash. However currently Q6afe-clocks\ndriver will oops because hw.init will get cleared during first _probe\ncall. Rewrite the driver to fill the clock data at runtime rather than\nusing big static array of clocks.(CVE-2021-47037)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\napparmor: avoid crash when parsed profile name is empty\r\n\r\nWhen processing a packed profile in unpack_profile() described like\r\n\r\n \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"\r\n\r\na string \":samba-dcerpcd\" is unpacked as a fully-qualified name and then\npassed to aa_splitn_fqname().\r\n\r\naa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.\nThus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later\naa_alloc_profile() crashes as the new profile name is NULL now.\r\n\r\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\nRIP: 0010:strlen+0x1e/0xa0\nCall Trace:\n \n ? strlen+0x1e/0xa0\n aa_policy_init+0x1bb/0x230\n aa_alloc_profile+0xb1/0x480\n unpack_profile+0x3bc/0x4960\n aa_unpack+0x309/0x15e0\n aa_replace_profiles+0x213/0x33c0\n policy_update+0x261/0x370\n profile_replace+0x20e/0x2a0\n vfs_write+0x2af/0xe00\n ksys_write+0x126/0x250\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \n---[ end trace 0000000000000000 ]---\nRIP: 0010:strlen+0x1e/0xa0\r\n\r\nIt seems such behaviour of aa_splitn_fqname() is expected and checked in\nother places where it is called (e.g. aa_remove_profiles). Well, there\nis an explicit comment \"a ns name without a following profile is allowed\"\ninside.\r\n\r\nAFAICS, nothing can prevent unpacked \"name\" to be in form like\n\":samba-dcerpcd\" - it is passed from userspace.\r\n\r\nDeny the whole profile set replacement in such case and inform user with\nEPROTO and an explaining message.\r\n\r\nFound by Linux Verification Center (linuxtesting.org).(CVE-2023-52443)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\r\n\r\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\r\n\r\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n process_one_work+0x174/0x3c8\n worker_thread+0x2d0/0x3e8\n kthread+0x104/0x110\r\n\r\nFix the bug by raising a fatal error if DATAL isn't coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq().(CVE-2023-52454)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nserial: imx: fix tx statemachine deadlock\r\n\r\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\r\n\r\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND.(CVE-2023-52456)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmfd: syscon: Fix null pointer dereference in of_syscon_register()\r\n\r\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.(CVE-2023-52467)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrivers/amd/pm: fix a use-after-free in kv_parse_power_table\r\n\r\nWhen ps allocated by kzalloc equals to NULL, kv_parse_power_table\nfrees adev->pm.dpm.ps that allocated before. However, after the control\nflow goes through the following call chains:\r\n\r\nkv_parse_power_table\n |-> kv_dpm_init\n |-> kv_dpm_sw_init\n\t |-> kv_dpm_fini\r\n\r\nThe adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its\nfirst free in kv_parse_power_table and causes a use-after-free bug.(CVE-2023-52469)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nperf/x86/lbr: Filter vsyscall addresses\r\n\r\nWe found that a panic can occur when a vsyscall is made while LBR sampling\nis active. If the vsyscall is interrupted (NMI) for perf sampling, this\ncall sequence can occur (most recent at top):\r\n\r\n __insn_get_emulate_prefix()\n insn_get_emulate_prefix()\n insn_get_prefixes()\n insn_get_opcode()\n decode_branch_type()\n get_branch_type()\n intel_pmu_lbr_filter()\n intel_pmu_handle_irq()\n perf_event_nmi_handler()\r\n\r\nWithin __insn_get_emulate_prefix() at frame 0, a macro is called:\r\n\r\n peek_nbyte_next(insn_byte_t, insn, i)\r\n\r\nWithin this macro, this dereference occurs:\r\n\r\n (insn)->next_byte\r\n\r\nInspecting registers at this point, the value of the next_byte field is the\naddress of the vsyscall made, for example the location of the vsyscall\nversion of gettimeofday() at 0xffffffffff600000. The access to an address\nin the vsyscall region will trigger an oops due to an unhandled page fault.\r\n\r\nTo fix the bug, filtering for vsyscalls can be done when\ndetermining the branch type. This patch will return\na \"none\" branch if a kernel address if found to lie in the\nvsyscall region.(CVE-2023-52476)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nksmbd: fix uaf in smb20_oplock_break_ack\r\n\r\ndrop reference after use opinfo.(CVE-2023-52479)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\niommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range\r\n\r\nWhen running an SVA case, the following soft lockup is triggered:\n--------------------------------------------------------------------\nwatchdog: BUG: soft lockup - CPU#244 stuck for 26s!\npstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\nlr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50\nsp : ffff8000d83ef290\nx29: ffff8000d83ef290 x28: 000000003b9aca00 x27: 0000000000000000\nx26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000\nx23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0\nx20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0\nx14: ffff3000b4a30888 x13: ffff3000b4a3cf60 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc08120e4d6bc\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000048cfa\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 000000000000000a\nx2 : 0000000080000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\n __arm_smmu_tlb_inv_range+0x118/0x254\n arm_smmu_tlb_inv_range_asid+0x6c/0x130\n arm_smmu_mm_invalidate_range+0xa0/0xa4\n __mmu_notifier_invalidate_range_end+0x88/0x120\n unmap_vmas+0x194/0x1e0\n unmap_region+0xb4/0x144\n do_mas_align_munmap+0x290/0x490\n do_mas_munmap+0xbc/0x124\n __vm_munmap+0xa8/0x19c\n __arm64_sys_munmap+0x28/0x50\n invoke_syscall+0x78/0x11c\n el0_svc_common.constprop.0+0x58/0x1c0\n do_el0_svc+0x34/0x60\n el0_svc+0x2c/0xd4\n el0t_64_sync_handler+0x114/0x140\n el0t_64_sync+0x1a4/0x1a8\n--------------------------------------------------------------------\r\n\r\nNote that since 6.6-rc1 the arm_smmu_mm_invalidate_range above is renamed\nto \"arm_smmu_mm_arch_invalidate_secondary_tlbs\", yet the problem remains.\r\n\r\nThe commit 06ff87bae8d3 (\"arm64: mm: remove unused functions and variable\nprotoypes\") fixed a similar lockup on the CPU MMU side. Yet, it can occur\nto SMMU too, since arm_smmu_mm_arch_invalidate_secondary_tlbs() is called\ntypically next to MMU tlb flush function, e.g.\n\ttlb_flush_mmu_tlbonly {\n\t\ttlb_flush {\n\t\t\t__flush_tlb_range {\n\t\t\t\t// check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t\tmmu_notifier_arch_invalidate_secondary_tlbs {\n\t\t\tarm_smmu_mm_arch_invalidate_secondary_tlbs {\n\t\t\t\t// does not check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t}\r\n\r\nClone a CMDQ_MAX_TLBI_OPS from the MAX_TLBI_OPS in tlbflush.h, since in an\nSVA case SMMU uses the CPU page table, so it makes sense to align with the\ntlbflush code. Then, replace per-page TLBI commands with a single per-asid\nTLBI command, if the request size hits this threshold.(CVE-2023-52484)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntls: fix race between tx work scheduling and socket close\r\n\r\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it's\nthe inverse order of what the submitting thread will do.(CVE-2024-26585)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Reject variable offset alu on PTR_TO_FLOW_KEYS\r\n\r\nFor PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off\nfor validation. However, variable offset ptr alu is not prohibited\nfor this ptr kind. So the variable offset is not checked.\r\n\r\nThe following prog is accepted:\r\n\r\n func#0 @0\n 0: R1=ctx() R10=fp0\n 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx()\n 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys()\n 2: (b7) r8 = 1024 ; R8_w=1024\n 3: (37) r8 /= 1 ; R8_w=scalar()\n 4: (57) r8 &= 1024 ; R8_w=scalar(smin=smin32=0,\n smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400))\n 5: (0f) r7 += r8\n mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1\n mark_precise: frame0: regs=r8 stack= before 4: (57) r8 &= 1024\n mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1\n mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024\n 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off\n =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024,\n var_off=(0x0; 0x400))\n 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar()\n 7: (95) exit\r\n\r\nThis prog loads flow_keys to r7, and adds the variable offset r8\nto r7, and finally causes out-of-bounds access:\r\n\r\n BUG: unable to handle page fault for address: ffffc90014c80038\n [...]\n Call Trace:\n \n bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline]\n __bpf_prog_run include/linux/filter.h:651 [inline]\n bpf_prog_run include/linux/filter.h:658 [inline]\n bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline]\n bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991\n bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359\n bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline]\n __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475\n __do_sys_bpf kernel/bpf/syscall.c:5561 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5559 [inline]\n __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nFix this by rejecting ptr alu with variable offset on flow_keys.\nApplying the patch rejects the program with \"R7 pointer arithmetic\non flow_keys prohibited\".(CVE-2024-26589)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni2c: i801: Fix block process call transactions\r\n\r\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\r\n\r\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read.(CVE-2024-26593)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\r\n\r\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\r\n\r\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\r\n\r\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \r\n\r\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\r\n\r\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\r\n\r\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\r\n\r\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.(CVE-2024-26597)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\r\n\r\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\r\n\r\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\r\n\r\nLet's fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL.(CVE-2024-26600)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbinder: signal epoll threads of self-work\r\n\r\nIn (e)poll mode, threads often depend on I/O events to determine when\ndata is ready for consumption. Within binder, a thread may initiate a\ncommand via BINDER_WRITE_READ without a read buffer and then make use\nof epoll_wait() or similar to consume any responses afterwards.\r\n\r\nIt is then crucial that epoll threads are signaled via wakeup when they\nqueue their own work. Otherwise, they risk waiting indefinitely for an\nevent leaving their work unhandled. What is worse, subsequent commands\nwon't trigger a wakeup either as the thread has pending work.(CVE-2024-26606)",
"cves": [
{
diff --git a/cusa/k/kernel/kernel-5.10.0-60.134.0.161_openEuler-SA-2024-1485.json b/cusa/k/kernel/kernel-5.10.0-60.134.0.161_openEuler-SA-2024-1485.json
index 82a97c4..d5acc1c 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.134.0.161_openEuler-SA-2024-1485.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.134.0.161_openEuler-SA-2024-1485.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1485",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1485",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nuio_hv_generic: Fix another memory leak in error handling paths\r\n\r\nMemory allocated by 'vmbus_alloc_ring()' at the beginning of the probe\nfunction is never freed in the error handling path.\r\n\r\nAdd the missing 'vmbus_free_ring()' call.\r\n\r\nNote that it is already freed in the .remove function.(CVE-2021-47070)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nasix: fix uninit-value in asix_mdio_read()\r\n\r\nasix_read_cmd() may read less than sizeof(smsr) bytes and in this case\nsmsr will be uninitialized.\r\n\r\nFail log:\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\nBUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\n asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497(CVE-2021-47101)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nEDAC/thunderx: Fix possible out-of-bounds string access\r\n\r\nEnabling -Wstringop-overflow globally exposes a warning for a common bug\nin the usage of strncat():\r\n\r\n drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':\n drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=]\n 1136 | strncat(msg, other, OCX_MESSAGE_SIZE);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n ...\n 1145 | strncat(msg, other, OCX_MESSAGE_SIZE);\n ...\n 1150 | strncat(msg, other, OCX_MESSAGE_SIZE);\r\n\r\n ...\r\n\r\nApparently the author of this driver expected strncat() to behave the\nway that strlcat() does, which uses the size of the destination buffer\nas its third argument rather than the length of the source buffer. The\nresult is that there is no check on the size of the allocated buffer.\r\n\r\nChange it to strlcat().\r\n\r\n [ bp: Trim compiler output, fixup commit message. ](CVE-2023-52464)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nInput: powermate - fix use-after-free in powermate_config_complete\r\n\r\nsyzbot has found a use-after-free bug [1] in the powermate driver. This\nhappens when the device is disconnected, which leads to a memory free from\nthe powermate_device struct. When an asynchronous control message\ncompletes after the kfree and its callback is invoked, the lock does not\nexist anymore and hence the bug.\r\n\r\nUse usb_kill_urb() on pm->config to cancel any in-progress requests upon\ndevice disconnection.\r\n\r\n[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e(CVE-2023-52475)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command\r\n\r\nTags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed\nwhen we receive the response.(CVE-2023-52500)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfc: nci: assert requested protocol is valid\r\n\r\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn't potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones.(CVE-2023-52507)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nieee802154: ca8210: Fix a potential UAF in ca8210_probe\r\n\r\nIf of_clk_add_provider() fails in ca8210_register_ext_clock(),\nit calls clk_unregister() to release priv->clk and returns an\nerror. However, the caller ca8210_probe() then calls ca8210_remove(),\nwhere priv->clk is freed again in ca8210_unregister_ext_clock(). In\nthis case, a use-after-free may happen in the second time we call\nclk_unregister().\r\n\r\nFix this by removing the first clk_unregister(). Also, priv->clk could\nbe an error code on failure of clk_register_fixed_rate(). Use\nIS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().(CVE-2023-52510)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/srp: Do not call scsi_done() from srp_abort()\r\n\r\nAfter scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler\ncallback, it performs one of the following actions:\n* Call scsi_queue_insert().\n* Call scsi_finish_command().\n* Call scsi_eh_scmd_add().\nHence, SCSI abort handlers must not call scsi_done(). Otherwise all\nthe above actions would trigger a use-after-free. Hence remove the\nscsi_done() call from srp_abort(). Keep the srp_free_req() call\nbefore returning SUCCESS because we may not see the command again if\nSUCCESS is returned.(CVE-2023-52515)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock\r\n\r\n__dma_entry_alloc_check_leak() calls into printk -> serial console\noutput (qcom geni) and grabs port->lock under free_entries_lock\nspin lock, which is a reverse locking dependency chain as qcom_geni\nIRQ handler can call into dma-debug code and grab free_entries_lock\nunder port->lock.\r\n\r\nMove __dma_entry_alloc_check_leak() call out of free_entries_lock\nscope so that we don't acquire serial console's port->lock under it.\r\n\r\nTrimmed-down lockdep splat:\r\n\r\n The existing dependency chain (in reverse order) is:\r\n\r\n -> #2 (free_entries_lock){-.-.}-{2:2}:\n _raw_spin_lock_irqsave+0x60/0x80\n dma_entry_alloc+0x38/0x110\n debug_dma_map_page+0x60/0xf8\n dma_map_page_attrs+0x1e0/0x230\n dma_map_single_attrs.constprop.0+0x6c/0xc8\n geni_se_rx_dma_prep+0x40/0xcc\n qcom_geni_serial_isr+0x310/0x510\n __handle_irq_event_percpu+0x110/0x244\n handle_irq_event_percpu+0x20/0x54\n handle_irq_event+0x50/0x88\n handle_fasteoi_irq+0xa4/0xcc\n handle_irq_desc+0x28/0x40\n generic_handle_domain_irq+0x24/0x30\n gic_handle_irq+0xc4/0x148\n do_interrupt_handler+0xa4/0xb0\n el1_interrupt+0x34/0x64\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n arch_local_irq_enable+0x4/0x8\n ____do_softirq+0x18/0x24\n ...\r\n\r\n -> #1 (&port_lock_key){-.-.}-{2:2}:\n _raw_spin_lock_irqsave+0x60/0x80\n qcom_geni_serial_console_write+0x184/0x1dc\n console_flush_all+0x344/0x454\n console_unlock+0x94/0xf0\n vprintk_emit+0x238/0x24c\n vprintk_default+0x3c/0x48\n vprintk+0xb4/0xbc\n _printk+0x68/0x90\n register_console+0x230/0x38c\n uart_add_one_port+0x338/0x494\n qcom_geni_serial_probe+0x390/0x424\n platform_probe+0x70/0xc0\n really_probe+0x148/0x280\n __driver_probe_device+0xfc/0x114\n driver_probe_device+0x44/0x100\n __device_attach_driver+0x64/0xdc\n bus_for_each_drv+0xb0/0xd8\n __device_attach+0xe4/0x140\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x44/0xb0\n device_add+0x538/0x668\n of_device_add+0x44/0x50\n of_platform_device_create_pdata+0x94/0xc8\n of_platform_bus_create+0x270/0x304\n of_platform_populate+0xac/0xc4\n devm_of_platform_populate+0x60/0xac\n geni_se_probe+0x154/0x160\n platform_probe+0x70/0xc0\n ...\r\n\r\n -> #0 (console_owner){-...}-{0:0}:\n __lock_acquire+0xdf8/0x109c\n lock_acquire+0x234/0x284\n console_flush_all+0x330/0x454\n console_unlock+0x94/0xf0\n vprintk_emit+0x238/0x24c\n vprintk_default+0x3c/0x48\n vprintk+0xb4/0xbc\n _printk+0x68/0x90\n dma_entry_alloc+0xb4/0x110\n debug_dma_map_sg+0xdc/0x2f8\n __dma_map_sg_attrs+0xac/0xe4\n dma_map_sgtable+0x30/0x4c\n get_pages+0x1d4/0x1e4 [msm]\n msm_gem_pin_pages_locked+0x38/0xac [msm]\n msm_gem_pin_vma_locked+0x58/0x88 [msm]\n msm_ioctl_gem_submit+0xde4/0x13ac [msm]\n drm_ioctl_kernel+0xe0/0x15c\n drm_ioctl+0x2e8/0x3f4\n vfs_ioctl+0x30/0x50\n ...\r\n\r\n Chain exists of:\n console_owner --> &port_lock_key --> free_entries_lock\r\n\r\n Possible unsafe locking scenario:\r\n\r\n CPU0 CPU1\n ---- ----\n lock(free_entries_lock);\n lock(&port_lock_key);\n lock(free_entries_lock);\n lock(console_owner);\r\n\r\n *** DEADLOCK ***\r\n\r\n Call trace:\n dump_backtrace+0xb4/0xf0\n show_stack+0x20/0x30\n dump_stack_lvl+0x60/0x84\n dump_stack+0x18/0x24\n print_circular_bug+0x1cc/0x234\n check_noncircular+0x78/0xac\n __lock_acquire+0xdf8/0x109c\n lock_acquire+0x234/0x284\n console_flush_all+0x330/0x454\n consol\n---truncated---(CVE-2023-52516)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: fix possible store tearing in neigh_periodic_work()\r\n\r\nWhile looking at a related syzbot report involving neigh_periodic_work(),\nI found that I forgot to add an annotation when deleting an\nRCU protected item from a list.\r\n\r\nReaders use rcu_deference(*np), we need to use either\nrcu_assign_pointer() or WRITE_ONCE() on writer side\nto prevent store tearing.\r\n\r\nI use rcu_assign_pointer() to have lockdep support,\nthis was the choice made in neigh_flush_dev().(CVE-2023-52522)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: mac80211: fix potential key use-after-free\r\n\r\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add().(CVE-2023-52530)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()\r\n\r\nWhen CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y\nand CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected.\r\n\r\nSince commit 9f86d624292c (\"mm/damon/vaddr-test: remove unnecessary\nvariables\"), the damon_destroy_ctx() is removed, but still call\ndamon_new_target() and damon_new_region(), the damon_region which is\nallocated by kmem_cache_alloc() in damon_new_region() and the damon_target\nwhich is allocated by kmalloc in damon_new_target() are not freed. And\nthe damon_region which is allocated in damon_new_region() in\ndamon_set_regions() is also not freed.\r\n\r\nSo use damon_destroy_target to free all the damon_regions and damon_target.\r\n\r\n unreferenced object 0xffff888107c9a940 (size 64):\n comm \"kunit_try_catch\", pid 1069, jiffies 4294670592 (age 732.761s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk\n 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `...............\n backtrace:\n [] kmalloc_trace+0x27/0xa0\n [] damon_new_target+0x3f/0x1b0\n [] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0\n [] damon_test_apply_three_regions1+0x21e/0x260\n [] kunit_generic_run_threadfn_adapter+0x4a/0x90\n [] kthread+0x2b6/0x380\n [] ret_from_fork+0x2d/0x70\n [] ret_from_fork_asm+0x11/0x20\n unreferenced object 0xffff8881079cc740 (size 56):\n comm \"kunit_try_catch\", pid 1069, jiffies 4294670592 (age 732.761s)\n hex dump (first 32 bytes):\n 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................\n 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk\n backtrace:\n [] damon_new_region+0x22/0x1c0\n [] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0\n [] damon_test_apply_three_regions1+0x21e/0x260\n [] kunit_generic_run_threadfn_adapter+0x4a/0x90\n [] kthread+0x2b6/0x380\n [] ret_from_fork+0x2d/0x70\n [] ret_from_fork_asm+0x11/0x20\n unreferenced object 0xffff888107c9ac40 (size 64):\n comm \"kunit_try_catch\", pid 1071, jiffies 4294670595 (age 732.843s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk\n a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v.....\n backtrace:\n [] kmalloc_trace+0x27/0xa0\n [] damon_new_target+0x3f/0x1b0\n [] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0\n [] damon_test_apply_three_regions2+0x21e/0x260\n [] kunit_generic_run_threadfn_adapter+0x4a/0x90\n [] kthread+0x2b6/0x380\n [] ret_from_fork+0x2d/0x70\n [] ret_from_fork_asm+0x11/0x20\n unreferenced object 0xffff8881079ccc80 (size 56):\n comm \"kunit_try_catch\", pid 1071, jiffies 4294670595 (age 732.843s)\n hex dump (first 32 bytes):\n 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................\n 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk\n backtrace:\n [] damon_new_region+0x22/0x1c0\n [] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0\n [] damon_test_apply_three_regions2+0x21e/0x260\n [] kunit_generic_run_threadfn_adapter+0x4a/0x90\n [] kthread+0x2b6/0x380\n [] ret_from_fork+0x2d/0x70\n [b_page is dereferenced to put the page after that,\nwhich may result in a use-after-free bug. This patch moves the release\noperation after unlocking and putting the page.\r\n\r\nNOTE: The function in question is only called in GC, and in combination\nwith current userland tools, address translation using DAT does not occur\nin that function, so the code path that causes this issue will not be\nexecuted. However, it is possible to run that code path by intentionally\nmodifying the userland GC library or by calling the GC ioctl directly.\r\n\r\n[konishi.ryusuke@gmail.com: NOTE added to the commit log](CVE-2023-52566)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: rds: Fix possible NULL-pointer dereference\r\n\r\nIn rds_rdma_cm_event_handler_cmn() check, if conn pointer exists\nbefore dereferencing it as rdma_set_service_type() argument\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2023-52573)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: bridge: use DEV_STATS_INC()\r\n\r\nsyzbot/KCSAN reported data-races in br_handle_frame_finish() [1]\nThis function can run from multiple cpus without mutual exclusion.\r\n\r\nAdopt SMP safe DEV_STATS_INC() to update dev->stats fields.\r\n\r\nHandles updates to dev->stats.tx_dropped while we are at it.\r\n\r\n[1]\nBUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish\r\n\r\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\nrun_ksoftirqd+0x17/0x20 kernel/softirq.c:921\nsmpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\r\n\r\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\ndo_softirq+0x5e/0x90 kernel/softirq.c:454\n__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nbatadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356\nbatadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560\nprocess_one_work kernel/workqueue.c:2630 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703\nworker_thread+0x525/0x730 kernel/workqueue.c:2784\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\r\n\r\nvalue changed: 0x00000000000d7190 -> 0x00000000000d7191\r\n\r\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0(CVE-2023-52578)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nceph: fix deadlock or deadcode of misusing dget()\r\n\r\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\r\n\r\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it.(CVE-2023-52583)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nIB/ipoib: Fix mcast list locking\r\n\r\nReleasing the `priv->lock` while iterating the `priv->multicast_list` in\n`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to\nremove the items while in the middle of iteration. If the mcast is removed\nwhile the lock was dropped, the for loop spins forever resulting in a hard\nlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):\r\n\r\n Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)\n -----------------------------------+-----------------------------------\n ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)\n spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...)\n list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev)\n &priv->multicast_list, list) |\n ipoib_mcast_join(dev, mcast) |\n spin_unlock_irq(&priv->lock) |\n | spin_lock_irqsave(&priv->lock, flags)\n | list_for_each_entry_safe(mcast, tmcast,\n | &priv->multicast_list, list)\n | list_del(&mcast->list);\n | list_add_tail(&mcast->list, &remove_list)\n | spin_unlock_irqrestore(&priv->lock, flags)\n spin_lock_irq(&priv->lock) |\n | ipoib_mcast_remove_list(&remove_list)\n (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,\n `priv->multicast_list` and we keep | remove_list, list)\n spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done)\n the other thread which is blocked |\n and the list is still valid on |\n it's stack.)\r\n\r\nFix this by keeping the lock held and changing to GFP_ATOMIC to prevent\neventual sleeps.\nUnfortunately we could not reproduce the lockup and confirm this fix but\nbased on the code review I think this fix should address such lockups.\r\n\r\ncrash> bc 31\nPID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: \"kworker/u72:2\"\n--\n [exception RIP: ipoib_mcast_join_task+0x1b1]\n RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002\n RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000\n work (&priv->mcast_task{,.work})\n RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000\n &mcast->list\n RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000\n R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00\n mcast\n R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8\n dev priv (&priv->lock) &priv->multicast_list (aka head)\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n--- ---\n #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]\n #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967\r\n\r\ncrash> rx ff646f199a8c7e68\nff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work\r\n\r\ncrash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000\n(empty)\r\n\r\ncrash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000\n mcast_task.work.func = 0xffffffffc0944910 ,\n mcast_mutex.owner.counter = 0xff1c69998efec000\r\n\r\ncrash> b 8\nPID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: \"kworker/u72:0\"\n--\n #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646\n #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]\n #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]\n #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]\n #7 [ff\n---truncated---(CVE-2023-52587)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\r\n\r\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs->cnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs->txstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\r\n\r\nFound by a modified version of syzkaller.\r\n\r\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type '__wmi_event_txstatus [12]'\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt(CVE-2023-52594)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: rt2x00: restart beacon queue when hardware reset\r\n\r\nWhen a hardware reset is triggered, all registers are reset, so all\nqueues are forced to stop in hardware interface. However, mac80211\nwill not automatically stop the queue. If we don't manually stop the\nbeacon queue, the queue will be deadlocked and unable to start again.\nThis patch fixes the issue where Apple devices cannot connect to the\nAP after calling ieee80211_restart_hw().(CVE-2023-52595)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nKVM: s390: fix setting of fpc register\r\n\r\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\r\n\r\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\r\n\r\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\r\n\r\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\r\n\r\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\r\n\r\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c.(CVE-2023-52597)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ns390/ptrace: handle setting of fpc register correctly\r\n\r\nIf the content of the floating point control (fpc) register of a traced\nprocess is modified with the ptrace interface the new value is tested for\nvalidity by temporarily loading it into the fpc register.\r\n\r\nThis may lead to corruption of the fpc register of the tracing process:\nif an interrupt happens while the value is temporarily loaded into the\nfpc register, and within interrupt context floating point or vector\nregisters are used, the current fp/vx registers are saved with\nsave_fpu_regs() assuming they belong to user space and will be loaded into\nfp/vx registers when returning to user space.\r\n\r\ntest_fp_ctl() restores the original user space fpc register value, however\nit will be discarded, when returning to user space.\r\n\r\nIn result the tracer will incorrectly continue to run with the value that\nwas supposed to be used for the traced process.\r\n\r\nFix this by saving fpu register contents with save_fpu_regs() before using\ntest_fp_ctl().(CVE-2023-52598)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid online resizing failures due to oversized flex bg\r\n\r\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\r\n\r\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\r\n\r\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n \n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\r\n\r\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\r\n\r\n (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845\r\n\r\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed.(CVE-2023-52622)",
"cves": [
{
"id": "CVE-2023-52622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52622",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.135.0.162_openEuler-SA-2024-1498.json b/cusa/k/kernel/kernel-5.10.0-60.135.0.162_openEuler-SA-2024-1498.json
index 9c21a95..0f20aaa 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.135.0.162_openEuler-SA-2024-1498.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.135.0.162_openEuler-SA-2024-1498.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1498",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1498",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: qcom-rng - ensure buffer for generate is completely filled\r\n\r\nThe generate function in struct rng_alg expects that the destination\nbuffer is completely filled if the function returns 0. qcom_rng_read()\ncan run into a situation where the buffer is partially filled with\nrandomness and the remaining part of the buffer is zeroed since\nqcom_rng_generate() doesn't check the return value. This issue can\nbe reproduced by running the following from libkcapi:\r\n\r\n kcapi-rng -b 9000000 > OUTFILE\r\n\r\nThe generated OUTFILE will have three huge sections that contain all\nzeros, and this is caused by the code where the test\n'val & PRNG_STATUS_DATA_AVAIL' fails.\r\n\r\nLet's fix this issue by ensuring that qcom_rng_read() always returns\nwith a full buffer if the function returns success. Let's also have\nqcom_rng_generate() return the correct value.\r\n\r\nHere's some statistics from the ent project\n(https://www.fourmilab.ch/random/) that shows information about the\nquality of the generated numbers:\r\n\r\n $ ent -c qcom-random-before\n Value Char Occurrences Fraction\n 0 606748 0.067416\n 1 33104 0.003678\n 2 33001 0.003667\n ...\n 253 � 32883 0.003654\n 254 � 33035 0.003671\n 255 � 33239 0.003693\r\n\r\n Total: 9000000 1.000000\r\n\r\n Entropy = 7.811590 bits per byte.\r\n\r\n Optimum compression would reduce the size\n of this 9000000 byte file by 2 percent.\r\n\r\n Chi square distribution for 9000000 samples is 9329962.81, and\n randomly would exceed this value less than 0.01 percent of the\n times.\r\n\r\n Arithmetic mean value of data bytes is 119.3731 (127.5 = random).\n Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).\n Serial correlation coefficient is 0.159130 (totally uncorrelated =\n 0.0).\r\n\r\nWithout this patch, the results of the chi-square test is 0.01%, and\nthe numbers are certainly not random according to ent's project page.\nThe results improve with this patch:\r\n\r\n $ ent -c qcom-random-after\n Value Char Occurrences Fraction\n 0 35432 0.003937\n 1 35127 0.003903\n 2 35424 0.003936\n ...\n 253 � 35201 0.003911\n 254 � 34835 0.003871\n 255 � 35368 0.003930\r\n\r\n Total: 9000000 1.000000\r\n\r\n Entropy = 7.999979 bits per byte.\r\n\r\n Optimum compression would reduce the size\n of this 9000000 byte file by 0 percent.\r\n\r\n Chi square distribution for 9000000 samples is 258.77, and randomly\n would exceed this value 42.24 percent of the times.\r\n\r\n Arithmetic mean value of data bytes is 127.5006 (127.5 = random).\n Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).\n Serial correlation coefficient is 0.000468 (totally uncorrelated =\n 0.0).\r\n\r\nThis change was tested on a Nexus 5 phone (msm8974 SoC).(CVE-2022-48629)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\r\n\r\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false.(CVE-2023-52441)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm: Don't unref the same fb many times by mistake due to deadlock handling\r\n\r\nIf we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()\nwe proceed to unref the fb and then retry the whole thing from the top.\nBut we forget to reset the fb pointer back to NULL, and so if we then\nget another error during the retry, before the fb lookup, we proceed\nthe unref the same fb again without having gotten another reference.\nThe end result is that the fb will (eventually) end up being freed\nwhile it's still in use.\r\n\r\nReset fb to NULL once we've unreffed it to avoid doing it again\nuntil we've done another fb lookup.\r\n\r\nThis turned out to be pretty easy to hit on a DG2 when doing async\nflips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I\nsaw that drm_closefb() simply got stuck in a busy loop while walking\nthe framebuffer list. Fortunately I was able to convince it to oops\ninstead, and from there it was easier to track down the culprit.(CVE-2023-52486)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run\r\n\r\nIn mtk_jpeg_probe, &jpeg->job_timeout_work is bound with\nmtk_jpeg_job_timeout_work.\r\n\r\nIn mtk_jpeg_dec_device_run, if error happens in\nmtk_jpeg_set_dec_dst, it will finally start the worker while\nmark the job as finished by invoking v4l2_m2m_job_finish.\r\n\r\nThere are two methods to trigger the bug. If we remove the\nmodule, it which will call mtk_jpeg_remove to make cleanup.\nThe possible sequence is as follows, which will cause a\nuse-after-free bug.\r\n\r\nCPU0 CPU1\nmtk_jpeg_dec_... |\n start worker\t |\n |mtk_jpeg_job_timeout_work\nmtk_jpeg_remove |\n v4l2_m2m_release |\n kfree(m2m_dev); |\n |\n | v4l2_m2m_get_curr_priv\n | m2m_dev->curr_ctx //use\r\n\r\nIf we close the file descriptor, which will call mtk_jpeg_release,\nit will have a similar sequence.\r\n\r\nFix this bug by starting timeout worker only if started jpegdec worker\nsuccessfully. Then v4l2_m2m_job_finish will only be called in\neither mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.(CVE-2023-52491)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: fix NULL pointer in channel unregistration function\r\n\r\n__dma_async_device_channel_register() can fail. In case of failure,\nchan->local is freed (with free_percpu()), and chan->local is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[ 1.484499] Call trace:\n[ 1.486930] device_del+0x40/0x394\n[ 1.490314] device_unregister+0x20/0x7c\n[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0\r\n\r\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan->local is not NULL.\r\n\r\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function.(CVE-2023-52492)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbus: mhi: host: Drop chan lock before queuing buffers\r\n\r\nEnsure read and write locks for the channel are not taken in succession by\ndropping the read lock from parse_xfer_event() such that a callback given\nto client can potentially queue buffers and acquire the write lock in that\nprocess. Any queueing of buffers should be done without channel read lock\nacquired as it can result in multiple locks and a soft lockup.\r\n\r\n[mani: added fixes tag and cc'ed stable](CVE-2023-52493)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbus: mhi: host: Add alignment check for event ring read pointer\r\n\r\nThough we do check the event ring read pointer by \"is_valid_ring_ptr\"\nto make sure it is in the buffer range, but there is another risk the\npointer may be not aligned. Since we are expecting event ring elements\nare 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer\ncould lead to multiple issues like DoS or ring buffer memory corruption.\r\n\r\nSo add a alignment check for event ring read pointer.(CVE-2023-52494)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPM: sleep: Fix possible deadlocks in core system-wide PM code\r\n\r\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\r\n\r\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false.(CVE-2023-52498)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntee: amdtee: fix use-after-free vulnerability in amdtee_close_session\r\n\r\nThere is a potential race condition in amdtee_close_session that may\ncause use-after-free in amdtee_open_session. For instance, if a session\nhas refcount == 1, and one thread tries to free this session via:\r\n\r\n kref_put(&sess->refcount, destroy_session);\r\n\r\nthe reference count will get decremented, and the next step would be to\ncall destroy_session(). However, if in another thread,\namdtee_open_session() is called before destroy_session() has completed\nexecution, alloc_session() may return 'sess' that will be freed up\nlater in destroy_session() leading to use-after-free in\namdtee_open_session.\r\n\r\nTo fix this issue, treat decrement of sess->refcount and removal of\n'sess' from session list in destroy_session() as a critical section, so\nthat it is executed atomically.(CVE-2023-52503)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/alternatives: Disable KASAN in apply_alternatives()\r\n\r\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\r\n\r\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\r\n\r\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\r\n\r\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\r\n\r\nFix it for real by disabling KASAN while the kernel is patching alternatives.\r\n\r\n[ mingo: updated the changelog ](CVE-2023-52504)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: nfc: llcp: Add lock when modifying device list\r\n\r\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered.(CVE-2023-52524)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nteam: fix null-ptr-deref when team device type is changed\r\n\r\nGet a null-ptr-deref bug as follows with reproducer [1].\r\n\r\nBUG: kernel NULL pointer dereference, address: 0000000000000228\n...\nRIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]\n...\nCall Trace:\n \n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x150\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? vlan_dev_hard_header+0x35/0x140 [8021q]\n ? vlan_dev_hard_header+0x8e/0x140 [8021q]\n neigh_connected_output+0xb2/0x100\n ip6_finish_output2+0x1cb/0x520\n ? nf_hook_slow+0x43/0xc0\n ? ip6_mtu+0x46/0x80\n ip6_finish_output+0x2a/0xb0\n mld_sendpack+0x18f/0x250\n mld_ifc_work+0x39/0x160\n process_one_work+0x1e6/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\r\n\r\n[1]\n$ teamd -t team0 -d -c '{\"runner\": {\"name\": \"loadbalance\"}}'\n$ ip link add name t-dummy type dummy\n$ ip link add link t-dummy name t-dummy.100 type vlan id 100\n$ ip link add name t-nlmon type nlmon\n$ ip link set t-nlmon master team0\n$ ip link set t-nlmon nomaster\n$ ip link set t-dummy up\n$ ip link set team0 up\n$ ip link set t-dummy.100 down\n$ ip link set t-dummy.100 master team0\r\n\r\nWhen enslave a vlan device to team device and team device type is changed\nfrom non-ether to ether, header_ops of team device is changed to\nvlan_header_ops. That is incorrect and will trigger null-ptr-deref\nfor vlan->real_dev in vlan_dev_hard_header() because team device is not\na vlan device.\r\n\r\nCache eth_header_ops in team_setup(), then assign cached header_ops to\nheader_ops of team net device when its type is changed from non-ether\nto ether to fix the bug.(CVE-2023-52574)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\r\n\r\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.(CVE-2023-52607)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfirmware: arm_scmi: Check mailbox/SMT channel for consistency\r\n\r\nOn reception of a completion interrupt the shared memory area is accessed\nto retrieve the message header at first and then, if the message sequence\nnumber identifies a transaction which is still pending, the related\npayload is fetched too.\r\n\r\nWhen an SCMI command times out the channel ownership remains with the\nplatform until eventually a late reply is received and, as a consequence,\nany further transmission attempt remains pending, waiting for the channel\nto be relinquished by the platform.\r\n\r\nOnce that late reply is received the channel ownership is given back\nto the agent and any pending request is then allowed to proceed and\noverwrite the SMT area of the just delivered late reply; then the wait\nfor the reply to the new request starts.\r\n\r\nIt has been observed that the spurious IRQ related to the late reply can\nbe wrongly associated with the freshly enqueued request: when that happens\nthe SCMI stack in-flight lookup procedure is fooled by the fact that the\nmessage header now present in the SMT area is related to the new pending\ntransaction, even though the real reply has still to arrive.\r\n\r\nThis race-condition on the A2P channel can be detected by looking at the\nchannel status bits: a genuine reply from the platform will have set the\nchannel free bit before triggering the completion IRQ.\r\n\r\nAdd a consistency check to validate such condition in the A2P ISR.(CVE-2023-52608)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\r\n\r\nA PCI device hot removal may occur while stdev->cdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\r\n\r\nAt that later point in time, the devm cleanup has already removed the\nstdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale &stdev->pdev->dev pointer.\r\n\r\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent\nfuture accidents.\r\n\r\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com(CVE-2023-52617)\r\n\r\nA null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.(CVE-2023-7042)\r\n\r\nA race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\r\n\r\n\r\n\r\n\n(CVE-2024-24861)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nksmbd: fix global oob in ksmbd_nl_policy\r\n\r\nSimilar to a reported issue (check the commit b33fb5b801c6 (\"net:\nqualcomm: rmnet: fix global oob in rmnet_policy\"), my local fuzzer finds\nanother global out-of-bounds read for policy ksmbd_nl_policy. See bug\ntrace below:\r\n\r\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff8f24b100 by task syz-executor.1/62810\r\n\r\nCPU: 0 PID: 62810 Comm: syz-executor.1 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n __nlmsg_parse include/net/netlink.h:748 [inline]\n genl_family_rcv_msg_attrs_parse.constprop.0+0x1b0/0x290 net/netlink/genetlink.c:565\n genl_family_rcv_msg_doit+0xda/0x330 net/netlink/genetlink.c:734\n genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]\n genl_rcv_msg+0x441/0x780 net/netlink/genetlink.c:850\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n genl_rcv+0x24/0x40 net/netlink/genetlink.c:861\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdd66a8f359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdd65e00168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdd66bbcf80 RCX: 00007fdd66a8f359\nRDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003\nRBP: 00007fdd66ada493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffc84b81aff R14: 00007fdd65e00300 R15: 0000000000022000\n \r\n\r\nThe buggy address belongs to the variable:\n ksmbd_nl_policy+0x100/0xa80\r\n\r\nThe buggy address belongs to the physical page:\npage:0000000034f47940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccc4b\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00073312c8 ffffea00073312c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\r\n\r\nMemory state around the buggy address:\n ffffffff8f24b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffffffff8f24b080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n>ffffffff8f24b100: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 07 f9\n ^\n ffffffff8f24b180: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 05\n ffffffff8f24b200: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 00 04 f9\n==================================================================\r\n\r\nTo fix it, add a placeholder named __KSMBD_EVENT_MAX and let\nKSMBD_EVENT_MAX to be its original value - 1 according to what other\nnetlink families do. Also change two sites that refer the\nKSMBD_EVENT_MAX to correct value.(CVE-2024-26608)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\r\n\r\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\r\n\r\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d -H 'Connection: Close' \r\n\r\n- continuously dump SMC-D connections in parallel:\n watch -n 1 'smcss -D'\r\n\r\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n \n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\r\n\r\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn->rmb_desc. So fix it by checking before dump.(CVE-2024-26615)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: sh: aica: reorder cleanup operations to avoid UAF bugs\r\n\r\nThe dreamcastcard->timer could schedule the spu_dma_work and the\nspu_dma_work could also arm the dreamcastcard->timer.\r\n\r\nWhen the snd_pcm_substream is closing, the aica_channel will be\ndeallocated. But it could still be dereferenced in the worker\nthread. The reason is that del_timer() will return directly\nregardless of whether the timer handler is running or not and\nthe worker could be rescheduled in the timer handler. As a result,\nthe UAF bug will happen. The racy situation is shown below:\r\n\r\n (Thread 1) | (Thread 2)\nsnd_aicapcm_pcm_close() |\n ... | run_spu_dma() //worker\n | mod_timer()\n flush_work() |\n del_timer() | aica_period_elapsed() //timer\n kfree(dreamcastcard->channel) | schedule_work()\n | run_spu_dma() //worker\n ... | dreamcastcard->channel-> //USE\r\n\r\nIn order to mitigate this bug and other possible corner cases,\ncall mod_timer() conditionally in run_spu_dma(), then implement\nPCM sync_stop op to cancel both the timer and worker. The sync_stop\nop will be called from PCM core appropriately when needed.(CVE-2024-26654)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amdgpu: fix use-after-free bug\r\n\r\nThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctl\nto the AMDGPU DRM driver on any ASICs with an invalid address and size.\nThe bug was reported by Joonkyo Jung .\nFor example the following code:\r\n\r\nstatic void Syzkaller1(int fd)\n{\n\tstruct drm_amdgpu_gem_userptr arg;\n\tint ret;\r\n\r\n\targ.addr = 0xffffffffffff0000;\n\targ.size = 0x80000000; /*2 Gb*/\n\targ.flags = 0x7;\n\tret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &arg);\n}\r\n\r\nDue to the address and size are not valid there is a failure in\namdgpu_hmm_register->mmu_interval_notifier_insert->__mmu_interval_notifier_insert->\ncheck_shl_overflow, but we even the amdgpu_hmm_register failure we still call\namdgpu_hmm_unregister into amdgpu_gem_object_free which causes access to a bad address.\nThe following stack is below when the issue is reproduced when Kazan is enabled:\r\n\r\n[ +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340\n[ +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff <0f> 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80\n[ +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246\n[ +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b\n[ +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260\n[ +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25\n[ +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00\n[ +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260\n[ +0.000011] FS: 00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000\n[ +0.000012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0\n[ +0.000010] Call Trace:\n[ +0.000006] \n[ +0.000007] ? show_regs+0x6a/0x80\n[ +0.000018] ? __warn+0xa5/0x1b0\n[ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340\n[ +0.000018] ? report_bug+0x24a/0x290\n[ +0.000022] ? handle_bug+0x46/0x90\n[ +0.000015] ? exc_invalid_op+0x19/0x50\n[ +0.000016] ? asm_exc_invalid_op+0x1b/0x20\n[ +0.000017] ? kasan_save_stack+0x26/0x50\n[ +0.000017] ? mmu_interval_notifier_remove+0x23b/0x340\n[ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340\n[ +0.000019] ? mmu_interval_notifier_remove+0x23b/0x340\n[ +0.000020] ? __pfx_mmu_interval_notifier_remove+0x10/0x10\n[ +0.000017] ? kasan_save_alloc_info+0x1e/0x30\n[ +0.000018] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __kasan_kmalloc+0xb1/0xc0\n[ +0.000018] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_read+0x11/0x20\n[ +0.000020] amdgpu_hmm_unregister+0x34/0x50 [amdgpu]\n[ +0.004695] amdgpu_gem_object_free+0x66/0xa0 [amdgpu]\n[ +0.004534] ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu]\n[ +0.004291] ? do_syscall_64+0x5f/0xe0\n[ +0.000023] ? srso_return_thunk+0x5/0x5f\n[ +0.000017] drm_gem_object_free+0x3b/0x50 [drm]\n[ +0.000489] amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu]\n[ +0.004295] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[ +0.004270] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __this_cpu_preempt_check+0x13/0x20\n[ +0.000015] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? sysvec_apic_timer_interrupt+0x57/0xc0\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[ +0.000022] ? drm_ioctl_kernel+0x17b/0x1f0 [drm]\n[ +0.000496] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[ +0.004272] ? drm_ioctl_kernel+0x190/0x1f0 [drm]\n[ +0.000492] drm_ioctl_kernel+0x140/0x1f0 [drm]\n[ +0.000497] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[ +0.004297] ? __pfx_drm_ioctl_kernel+0x10/0x10 [d\n---truncated---(CVE-2024-26656)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()\r\n\r\nSyzbot reported a hang issue in migrate_pages_batch() called by mbind()\nand nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.\r\n\r\nWhile migrate_pages_batch() locks a folio and waits for the writeback to\ncomplete, the log writer thread that should bring the writeback to\ncompletion picks up the folio being written back in\nnilfs_lookup_dirty_data_buffers() that it calls for subsequent log\ncreation and was trying to lock the folio. Thus causing a deadlock.\r\n\r\nIn the first place, it is unexpected that folios/pages in the middle of\nwriteback will be updated and become dirty. Nilfs2 adds a checksum to\nverify the validity of the log being written and uses it for recovery at\nmount, so data changes during writeback are suppressed. Since this is\nbroken, an unclean shutdown could potentially cause recovery to fail.\r\n\r\nInvestigation revealed that the root cause is that the wait for writeback\ncompletion in nilfs_page_mkwrite() is conditional, and if the backing\ndevice does not require stable writes, data may be modified without\nwaiting.\r\n\r\nFix these issues by making nilfs_page_mkwrite() wait for writeback to\nfinish regardless of the stable write requirement of the backing device.(CVE-2024-26696)",
"cves": [
{
"id": "CVE-2024-26696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26696",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1524.json b/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1524.json
index 0826738..0625783 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1524.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1524.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1524",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1524",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\ncreate_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.(CVE-2024-25739)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/bridge: sii902x: Fix probing race issue\r\n\r\nA null pointer dereference crash has been observed rarely on TI\nplatforms using sii9022 bridge:\r\n\r\n[ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x]\n[ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x]\n[ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm]\n[ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]\n[ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]\n[ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm]\n[ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]\n[ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]\n[ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]\n[ 53.326401] drm_client_register+0x5c/0xa0 [drm]\n[ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]\n[ 53.336881] tidss_probe+0x128/0x264 [tidss]\n[ 53.341174] platform_probe+0x68/0xc4\n[ 53.344841] really_probe+0x188/0x3c4\n[ 53.348501] __driver_probe_device+0x7c/0x16c\n[ 53.352854] driver_probe_device+0x3c/0x10c\n[ 53.357033] __device_attach_driver+0xbc/0x158\n[ 53.361472] bus_for_each_drv+0x88/0xe8\n[ 53.365303] __device_attach+0xa0/0x1b4\n[ 53.369135] device_initial_probe+0x14/0x20\n[ 53.373314] bus_probe_device+0xb0/0xb4\n[ 53.377145] deferred_probe_work_func+0xcc/0x124\n[ 53.381757] process_one_work+0x1f0/0x518\n[ 53.385770] worker_thread+0x1e8/0x3dc\n[ 53.389519] kthread+0x11c/0x120\n[ 53.392750] ret_from_fork+0x10/0x20\r\n\r\nThe issue here is as follows:\r\n\r\n- tidss probes, but is deferred as sii902x is still missing.\n- sii902x starts probing and enters sii902x_init().\n- sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from\n DRM's perspective.\n- sii902x calls sii902x_audio_codec_init() and\n platform_device_register_data()\n- The registration of the audio platform device causes probing of the\n deferred devices.\n- tidss probes, which eventually causes sii902x_bridge_get_edid() to be\n called.\n- sii902x_bridge_get_edid() tries to use the i2c to read the edid.\n However, the sii902x driver has not set up the i2c part yet, leading\n to the crash.\r\n\r\nFix this by moving the drm_bridge_add() to the end of the\nsii902x_init(), which is also at the very end of sii902x_probe().(CVE-2024-26607)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: make sure init the accept_queue's spinlocks once\r\n\r\nWhen I run syz's reproduction C program locally, it causes the following\nissue:\npvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!\nWARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nRIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nCode: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7\n30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900\nRBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff\nR10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000\nR13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000\nFS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0\nCall Trace:\n\n _raw_spin_unlock (kernel/locking/spinlock.c:186)\n inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)\n inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)\n tcp_check_req (net/ipv4/tcp_minisocks.c:868)\n tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)\n ip_local_deliver_finish (net/ipv4/ip_input.c:234)\n __netif_receive_skb_one_core (net/core/dev.c:5529)\n process_backlog (./include/linux/rcupdate.h:779)\n __napi_poll (net/core/dev.c:6533)\n net_rx_action (net/core/dev.c:6604)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n\n\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4374)\n ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)\n __ip_queue_xmit (net/ipv4/ip_output.c:535)\n __tcp_transmit_skb (net/ipv4/tcp_output.c:1462)\n tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)\n tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)\n __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)\n release_sock (net/core/sock.c:3536)\n inet_wait_for_connect (net/ipv4/af_inet.c:609)\n __inet_stream_connect (net/ipv4/af_inet.c:702)\n inet_stream_connect (net/ipv4/af_inet.c:748)\n __sys_connect (./include/linux/file.h:45 net/socket.c:2064)\n __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n RIP: 0033:0x7fa10ff05a3d\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89\n c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48\n RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a\n RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d\n RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\n RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640\n R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20\n\r\n\r\nThe issue triggering process is analyzed as follows:\nThread A Thread B\ntcp_v4_rcv\t//receive ack TCP packet inet_shutdown\n tcp_check_req tcp_disconnect //disconnect sock\n ... tcp_set_state(sk, TCP_CLOSE)\n inet_csk_complete_hashdance ...\n inet_csk_reqsk_queue_add \n---truncated---(CVE-2024-26614)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: don't abort filesystem when attempting to snapshot deleted subvolume\r\n\r\nIf the source file descriptor to the snapshot ioctl refers to a deleted\nsubvolume, we get the following abort:\r\n\r\n BTRFS: Transaction aborted (error -2)\n WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs]\n Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c\n CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs]\n RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027\n RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840\n RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998\n R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe\n R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80\n FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0\n Call Trace:\n \n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? __warn+0x81/0x130\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? report_bug+0x171/0x1a0\n ? handle_bug+0x3a/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n create_pending_snapshots+0x92/0xc0 [btrfs]\n btrfs_commit_transaction+0x66b/0xf40 [btrfs]\n btrfs_mksubvol+0x301/0x4d0 [btrfs]\n btrfs_mksnapshot+0x80/0xb0 [btrfs]\n __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs]\n btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs]\n btrfs_ioctl+0x8a6/0x2650 [btrfs]\n ? kmem_cache_free+0x22/0x340\n ? do_sys_openat2+0x97/0xe0\n __x64_sys_ioctl+0x97/0xd0\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7fe20abe83af\n RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af\n RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58\n \n ---[ end trace 0000000000000000 ]---\n BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry\n BTRFS info (device vdc: state EA): forced readonly\n BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction.\n BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry\r\n\r\nThis happens because create_pending_snapshot() initializes the new root\nitem as a copy of the source root item. This includes the refs field,\nwhich is 0 for a deleted subvolume. The call to btrfs_insert_root()\ntherefore inserts a root with refs == 0. btrfs_get_new_fs_root() then\nfinds the root and returns -ENOENT if refs == 0, which causes\ncreate_pending_snapshot() to abort.\r\n\r\nFix it by checking the source root's refs before attempting the\nsnapshot, but after locking subvol_sem to avoid racing with deletion.(CVE-2024-26644)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhv_netvsc: Fix race condition between netvsc_probe and netvsc_remove\r\n\r\nIn commit ac5047671758 (\"hv_netvsc: Disable NAPI before closing the\nVMBus channel\"), napi_disable was getting called for all channels,\nincluding all subchannels without confirming if they are enabled or not.\r\n\r\nThis caused hv_netvsc getting hung at napi_disable, when netvsc_probe()\nhas finished running but nvdev->subchan_work has not started yet.\nnetvsc_subchan_work() -> rndis_set_subchannel() has not created the\nsub-channels and because of that netvsc_sc_open() is not running.\nnetvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which\nnetvsc_subchan_work did not run.\r\n\r\nnetif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI\ncannot be scheduled. Then netvsc_sc_open() -> napi_enable will clear the\nNAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the\nopposite.\r\n\r\nNow during netvsc_device_remove(), when napi_disable is called for those\nsubchannels, napi_disable gets stuck on infinite msleep.\r\n\r\nThis fix addresses this problem by ensuring that napi_disable() is not\ngetting called for non-enabled NAPI struct.\nBut netif_napi_del() is still necessary for these non-enabled NAPI struct\nfor cleanup purpose.\r\n\r\nCall trace:\n[ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002\n[ 654.568030] Call Trace:\n[ 654.571221] \n[ 654.573790] __schedule+0x2d6/0x960\n[ 654.577733] schedule+0x69/0xf0\n[ 654.581214] schedule_timeout+0x87/0x140\n[ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20\n[ 654.590291] msleep+0x2d/0x40\n[ 654.593625] napi_disable+0x2b/0x80\n[ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc]\n[ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc]\n[ 654.611101] ? do_wait_intr+0xb0/0xb0\n[ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc]\n[ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus](CVE-2024-26698)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nafs: Increase buffer size in afs_update_volume_status()\r\n\r\nThe max length of volume->vid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\r\n\r\n[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()](CVE-2024-26736)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nARM: ep93xx: Add terminator to gpiod_lookup_table\r\n\r\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops.(CVE-2024-26751)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\r\n\r\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\r\n\r\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\r\n\r\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio.(CVE-2024-26764)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\r\n\r\nPlaces the logic for checking if the group's block bitmap is corrupt under\nthe protection of the group lock to avoid allocating blocks from the group\nwith a corrupted block bitmap.(CVE-2024-26772)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\r\n\r\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\r\n\r\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn't use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac->ac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group(CVE-2024-26773)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: sis: Error out if pixclock equals zero\r\n\r\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\r\n\r\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\r\n\r\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8.(CVE-2024-26777)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: savage: Error out if pixclock equals zero\r\n\r\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\r\n\r\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo->var.pixclock is used as the divisor.\r\n\r\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8.(CVE-2024-26778)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: fsl-qdma: init irq after reg initialization\r\n\r\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don't get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\r\n\r\n Call trace:\n fsl_qdma_queue_handler+0xf8/0x3e8\n __handle_irq_event_percpu+0x78/0x2b0\n handle_irq_event_percpu+0x1c/0x68\n handle_irq_event+0x44/0x78\n handle_fasteoi_irq+0xc8/0x178\n generic_handle_irq+0x24/0x38\n __handle_domain_irq+0x90/0x100\n gic_handle_irq+0x5c/0xb8\n el1_irq+0xb8/0x180\n _raw_spin_unlock_irqrestore+0x14/0x40\n __setup_irq+0x4bc/0x798\n request_threaded_irq+0xd8/0x190\n devm_request_threaded_irq+0x74/0xe8\n fsl_qdma_probe+0x4d4/0xca8\n platform_drv_probe+0x50/0xa0\n really_probe+0xe0/0x3f8\n driver_probe_device+0x64/0x130\n device_driver_attach+0x6c/0x78\n __driver_attach+0xbc/0x158\n bus_for_each_dev+0x5c/0x98\n driver_attach+0x20/0x28\n bus_add_driver+0x158/0x220\n driver_register+0x60/0x110\n __platform_driver_register+0x44/0x50\n fsl_qdma_driver_init+0x18/0x20\n do_one_initcall+0x48/0x258\n kernel_init_freeable+0x1a4/0x23c\n kernel_init+0x10/0xf8\n ret_from_fork+0x10/0x18(CVE-2024-26788)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Lock external INTx masking ops\r\n\r\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\r\n\r\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\r\n\r\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.(CVE-2024-26810)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix stackmap overflow check on 32-bit arches\r\n\r\nThe stackmap code relies on roundup_pow_of_two() to compute the number\nof hash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code.\r\n\r\nThe commit in the fixes tag actually attempted to fix this, but the fix\ndid not account for the UB, so the fix only works on CPUs where an\noverflow does result in a neat truncation to zero, which is not\nguaranteed. Checking the value before rounding does not have this\nproblem.(CVE-2024-26883)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix hashtab overflow check on 32-bit arches\r\n\r\nThe hashtab code relies on roundup_pow_of_two() to compute the number of\nhash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code. So apply the same\nfix to hashtab, by moving the overflow check to before the roundup.(CVE-2024-26884)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\r\n\r\nThe devmap code allocates a number hash buckets equal to the next power\nof two of the max_entries value provided when creating the map. When\nrounding up to the next power of two, the 32-bit variable storing the\nnumber of buckets can overflow, and the code checks for overflow by\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\narches the rounding up itself can overflow mid-way through, because it\nends up doing a left-shift of 32 bits on an unsigned long value. If the\nsize of an unsigned long is four bytes, this is undefined behaviour, so\nthere is no guarantee that we'll end up with a nice and tidy 0-value at\nthe end.\r\n\r\nSyzbot managed to turn this into a crash on arm32 by creating a\nDEVMAP_HASH with max_entries > 0x80000000 and then trying to update it.\nFix this by moving the overflow check to before the rounding up\noperation.(CVE-2024-26885)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\r\n\r\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\r\n\r\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.(CVE-2024-27437)",
"cves": [
{
"id": "CVE-2024-27437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27437",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1569.json b/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1569.json
index 052cb8a..ad25bde 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1569.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.136.0.163_openEuler-SA-2024-1569.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1569",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1569",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntun: avoid double free in tun_free_netdev\r\n\r\nAvoid double free in tun_free_netdev() by moving the\ndev->tstats and tun->security allocs to a new ndo_init routine\n(tun_net_init()) that will be called by register_netdevice().\nndo_init is paired with the desctructor (tun_free_netdev()),\nso if there's an error in register_netdevice() the destructor\nwill handle the frees.\r\n\r\nBUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\r\n\r\nCPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1\nHardware name: Red Hat KVM, BIOS\nCall Trace:\n\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\nprint_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247\nkasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372\n____kasan_slab_free mm/kasan/common.c:346 [inline]\n__kasan_slab_free+0x107/0x120 mm/kasan/common.c:374\nkasan_slab_free include/linux/kasan.h:235 [inline]\nslab_free_hook mm/slub.c:1723 [inline]\nslab_free_freelist_hook mm/slub.c:1749 [inline]\nslab_free mm/slub.c:3513 [inline]\nkfree+0xac/0x2d0 mm/slub.c:4561\nselinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\nsecurity_tun_dev_free_security+0x4f/0x90 security/security.c:2342\ntun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215\nnetdev_run_todo+0x4df/0x840 net/core/dev.c:10627\nrtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112\n__tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302\ntun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:874 [inline]\n__se_sys_ioctl fs/ioctl.c:860 [inline]\n__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x44/0xae(CVE-2021-47082)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: core: Fix scsi_mode_sense() buffer length handling\r\n\r\nSeveral problems exist with scsi_mode_sense() buffer length handling:\r\n\r\n 1) The allocation length field of the MODE SENSE(10) command is 16-bits,\n occupying bytes 7 and 8 of the CDB. With this command, access to mode\n pages larger than 255 bytes is thus possible. However, the CDB\n allocation length field is set by assigning len to byte 8 only, thus\n truncating buffer length larger than 255.\r\n\r\n 2) If scsi_mode_sense() is called with len smaller than 8 with\n sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length\n is increased to 8 and 4 respectively, and the buffer is zero filled\n with these increased values, thus corrupting the memory following the\n buffer.\r\n\r\nFix these 2 problems by using put_unaligned_be16() to set the allocation\nlength field of MODE SENSE(10) CDB and by returning an error when len is\ntoo small.\r\n\r\nFurthermore, if len is larger than 255B, always try MODE SENSE(10) first,\neven if the device driver did not set sdev->use_10_for_ms. In case of\ninvalid opcode error for MODE SENSE(10), access to mode pages larger than\n255 bytes are not retried using MODE SENSE(6). To avoid buffer length\noverflows for the MODE_SENSE(10) case, check that len is smaller than 65535\nbytes.\r\n\r\nWhile at it, also fix the folowing:\r\n\r\n * Use get_unaligned_be16() to retrieve the mode data length and block\n descriptor length fields of the mode sense reply header instead of using\n an open coded calculation.\r\n\r\n * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable\n Block Descriptor, which is the opposite of what the dbd argument\n description was.(CVE-2021-47182)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: usb-audio: fix null pointer dereference on pointer cs_desc\r\n\r\nThe pointer cs_desc return from snd_usb_find_clock_source could\nbe null, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.(CVE-2021-47211)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: hub: Guard against accesses to uninitialized BOS descriptors\r\n\r\nMany functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h\naccess fields inside udev->bos without checking if it was allocated and\ninitialized. If usb_get_bos_descriptor() fails for whatever\nreason, udev->bos will be NULL and those accesses will result in a\ncrash:\r\n\r\nBUG: kernel NULL pointer dereference, address: 0000000000000018\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 \nHardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:hub_port_reset+0x193/0x788\nCode: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9\nRSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310\nRDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840\nRBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0\nCall Trace:\nhub_event+0x73f/0x156e\n? hub_activate+0x5b7/0x68f\nprocess_one_work+0x1a2/0x487\nworker_thread+0x11a/0x288\nkthread+0x13a/0x152\n? process_one_work+0x487/0x487\n? kthread_associate_blkcg+0x70/0x70\nret_from_fork+0x1f/0x30\r\n\r\nFall back to a default behavior if the BOS descriptor isn't accessible\nand skip all the functionalities that depend on it: LPM support checks,\nSuper Speed capabilitiy checks, U1/U2 states setup.(CVE-2023-52477)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nl2tp: pass correct message length to ip6_append_data\r\n\r\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\r\n\r\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\r\n\r\nHowever, the code which performed the calculation was incorrect:\r\n\r\n ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\r\n\r\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\r\n\r\nAdd parentheses to correct the calculation in line with the original\nintent.(CVE-2024-26752)",
"cves": [
{
"id": "CVE-2024-26752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26752",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.137.0.164_openEuler-SA-2024-1619.json b/cusa/k/kernel/kernel-5.10.0-60.137.0.164_openEuler-SA-2024-1619.json
index 2938962..40452f1 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.137.0.164_openEuler-SA-2024-1619.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.137.0.164_openEuler-SA-2024-1619.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1619",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1619",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfirmware: arm_scmi: Harden accesses to the reset domains\r\n\r\nAccessing reset domains descriptors by the index upon the SCMI drivers\nrequests through the SCMI reset operations interface can potentially\nlead to out-of-bound violations if the SCMI driver misbehave.\r\n\r\nAdd an internal consistency check before any such domains descriptors\naccesses.(CVE-2022-48655)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nftables: exthdr: fix 4-byte stack OOB write\r\n\r\nIf priv->len is a multiple of 4, then dst[len / 4] can write past\nthe destination array which leads to stack corruption.\r\n\r\nThis construct is necessary to clean the remainder of the register\nin case ->len is NOT a multiple of the register size, so make it\nconditional just like nft_payload.c does.\r\n\r\nThe bug was added in 4.1 cycle and then copied/inherited when\ntcp/sctp and ip option support was added.\r\n\r\nBug reported by Zero Day Initiative project (ZDI-CAN-21950,\nZDI-CAN-21951, ZDI-CAN-21961).(CVE-2023-52628)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: rc: bpf attach/detach requires write permission\r\n\r\nNote that bpf attach/detach also requires CAP_NET_ADMIN.(CVE-2023-52642)\r\n\r\nA flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.(CVE-2023-6270)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-mq: fix IO hang from sbitmap wakeup race\r\n\r\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\r\n\r\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can't get driver tag successfully.\r\n\r\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in < 30min when running it on my test VM\nin laptop.\r\n\r\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n \t--ioengine=libaio\r\n\r\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag.(CVE-2024-26671)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super\r\n\r\nWhen configuring a hugetlb filesystem via the fsconfig() syscall, there is\na possible NULL dereference in hugetlbfs_fill_super() caused by assigning\nNULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize\nis non valid.\r\n\r\nE.g: Taking the following steps:\r\n\r\n fd = fsopen(\"hugetlbfs\", FSOPEN_CLOEXEC);\n fsconfig(fd, FSCONFIG_SET_STRING, \"pagesize\", \"1024\", 0);\n fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);\r\n\r\nGiven that the requested \"pagesize\" is invalid, ctxt->hstate will be replaced\nwith NULL, losing its previous value, and we will print an error:\r\n\r\n ...\n ...\n case Opt_pagesize:\n ps = memparse(param->string, &rest);\n ctx->hstate = h;\n if (!ctx->hstate) {\n pr_err(\"Unsupported page size %lu MB\\n\", ps / SZ_1M);\n return -EINVAL;\n }\n return 0;\n ...\n ...\r\n\r\nThis is a problem because later on, we will dereference ctxt->hstate in\nhugetlbfs_fill_super()\r\n\r\n ...\n ...\n sb->s_blocksize = huge_page_size(ctx->hstate);\n ...\n ...\r\n\r\nCausing below Oops.\r\n\r\nFix this by replacing cxt->hstate value only when then pagesize is known\nto be valid.\r\n\r\n kernel: hugetlbfs: Unsupported page size 0 MB\n kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028\n kernel: #PF: supervisor read access in kernel mode\n kernel: #PF: error_code(0x0000) - not-present page\n kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0\n kernel: Oops: 0000 [#1] PREEMPT SMP PTI\n kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f\n kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017\n kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0\n kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28\n kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246\n kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004\n kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000\n kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004\n kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000\n kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400\n kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0\n kernel: Call Trace:\n kernel: \n kernel: ? __die_body+0x1a/0x60\n kernel: ? page_fault_oops+0x16f/0x4a0\n kernel: ? search_bpf_extables+0x65/0x70\n kernel: ? fixup_exception+0x22/0x310\n kernel: ? exc_page_fault+0x69/0x150\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: ? hugetlbfs_fill_super+0xb4/0x1a0\n kernel: ? hugetlbfs_fill_super+0x28/0x1a0\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: vfs_get_super+0x40/0xa0\n kernel: ? __pfx_bpf_lsm_capable+0x10/0x10\n kernel: vfs_get_tree+0x25/0xd0\n kernel: vfs_cmd_create+0x64/0xe0\n kernel: __x64_sys_fsconfig+0x395/0x410\n kernel: do_syscall_64+0x80/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? exc_page_fault+0x69/0x150\n kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76\n kernel: RIP: 0033:0x7ffbc0cb87c9\n kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48\n kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af\n kernel: RAX: fffffffffff\n---truncated---(CVE-2024-26688)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: fix double free of anonymous device after snapshot creation failure\r\n\r\nWhen creating a snapshot we may do a double free of an anonymous device\nin case there's an error committing the transaction. The second free may\nresult in freeing an anonymous device number that was allocated by some\nother subsystem in the kernel or another btrfs filesystem.\r\n\r\nThe steps that lead to this:\r\n\r\n1) At ioctl.c:create_snapshot() we allocate an anonymous device number\n and assign it to pending_snapshot->anon_dev;\r\n\r\n2) Then we call btrfs_commit_transaction() and end up at\n transaction.c:create_pending_snapshot();\r\n\r\n3) There we call btrfs_get_new_fs_root() and pass it the anonymous device\n number stored in pending_snapshot->anon_dev;\r\n\r\n4) btrfs_get_new_fs_root() frees that anonymous device number because\n btrfs_lookup_fs_root() returned a root - someone else did a lookup\n of the new root already, which could some task doing backref walking;\r\n\r\n5) After that some error happens in the transaction commit path, and at\n ioctl.c:create_snapshot() we jump to the 'fail' label, and after\n that we free again the same anonymous device number, which in the\n meanwhile may have been reallocated somewhere else, because\n pending_snapshot->anon_dev still has the same value as in step 1.\r\n\r\nRecently syzbot ran into this and reported the following trace:\r\n\r\n ------------[ cut here ]------------\n ida_free called for id=51 which is not allocated.\n WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525\n Modules linked in:\n CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\n RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525\n Code: 10 42 80 3c 28 (...)\n RSP: 0018:ffffc90015a67300 EFLAGS: 00010246\n RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000\n RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000\n RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4\n R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246\n R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246\n FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0\n Call Trace:\n \n btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346\n create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837\n create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931\n btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404\n create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848\n btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998\n btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044\n __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306\n btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393\n btrfs_ioctl+0xa74/0xd40\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:871 [inline]\n __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7fca3e67dda9\n Code: 28 00 00 00 (...)\n RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9\n RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658\n \r\n\r\nWhere we get an explicit message where we attempt to free an anonymous\ndevice number that is not currently allocated. It happens in a different\ncode path from the example below, at btrfs_get_root_ref(), so this change\nmay not fix the case triggered by sy\n---truncated---(CVE-2024-26792)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\namdkfd: use calloc instead of kzalloc to avoid integer overflow\r\n\r\nThis uses calloc instead of doing the multiplication which might\noverflow.(CVE-2024-26817)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nIB/hfi1: Fix a memleak in init_credit_return\r\n\r\nWhen dma_alloc_coherent fails to allocate dd->cr_base[i].va,\ninit_credit_return should deallocate dd->cr_base and\ndd->cr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered.(CVE-2024-26839)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncachefiles: fix memory leak in cachefiles_add_cache()\r\n\r\nThe following memory leak was reported after unbinding /dev/cachefiles:\r\n\r\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n comm \"cachefilesd2\", pid 680, jiffies 4294881224\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc ea38a44b):\n [] kmem_cache_alloc+0x2d5/0x370\n [] prepare_creds+0x26/0x2e0\n [] cachefiles_determine_cache_security+0x1f/0x120\n [] cachefiles_add_cache+0x13c/0x3a0\n [] cachefiles_daemon_write+0x146/0x1c0\n [] vfs_write+0xcb/0x520\n [] ksys_write+0x69/0xf0\n [] do_syscall_64+0x72/0x140\n [] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\r\n\r\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks.(CVE-2024-26840)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nefi: runtime: Fix potential overflow of soft-reserved region size\r\n\r\nmd_size will have been narrowed if we have >= 4GB worth of pages in a\nsoft-reserved region.(CVE-2024-26843)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\r\n\r\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration.(CVE-2024-26855)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: pvrusb2: fix uaf in pvr2_context_set_notify\r\n\r\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\nRead of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26\r\n\r\nCPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\n pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline]\n pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272\r\n\r\nFreed by task 906:\nkasan_save_stack+0x33/0x50 mm/kasan/common.c:47\nkasan_save_track+0x14/0x30 mm/kasan/common.c:68\nkasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\npoison_slab_object mm/kasan/common.c:241 [inline]\n__kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257\nkasan_slab_free include/linux/kasan.h:184 [inline]\nslab_free_hook mm/slub.c:2121 [inline]\nslab_free mm/slub.c:4299 [inline]\nkfree+0x105/0x340 mm/slub.c:4409\npvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline]\npvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158\r\n\r\n[Analyze]\nTask A set disconnect_flag = !0, which resulted in Task B's condition being met\nand releasing mp, leading to this issue.\r\n\r\n[Fix]\nPlace the disconnect_flag assignment operation after all code in pvr2_context_disconnect()\nto avoid this issue.(CVE-2024-26875)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nquota: Fix potential NULL pointer dereference\r\n\r\nBelow race may cause NULL pointer dereference\r\n\r\nP1\t\t\t\t\tP2\ndquot_free_inode\t\t\tquota_off\n\t\t\t\t\t drop_dquot_ref\n\t\t\t\t\t remove_dquot_ref\n\t\t\t\t\t dquots = i_dquot(inode)\n dquots = i_dquot(inode)\n srcu_read_lock\n dquots[cnt]) != NULL (1)\n\t\t\t\t\t dquots[type] = NULL (2)\n spin_lock(&dquots[cnt]->dq_dqb_lock) (3)\n ....\r\n\r\nIf dquot_free_inode(or other routines) checks inode's quota pointers (1)\nbefore quota_off sets it to NULL(2) and use it (3) after that, NULL pointer\ndereference will be triggered.\r\n\r\nSo let's fix it by using a temporary pointer to avoid this issue.(CVE-2024-26878)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfirmware: arm_scmi: Fix double free in SMC transport cleanup path\r\n\r\nWhen the generic SCMI code tears down a channel, it calls the chan_free\ncallback function, defined by each transport. Since multiple protocols\nmight share the same transport_info member, chan_free() might want to\nclean up the same member multiple times within the given SCMI transport\nimplementation. In this case, it is SMC transport. This will lead to a NULL\npointer dereference at the second time:\r\n\r\n | scmi_protocol scmi_dev.1: Enabled polling mode TX channel - prot_id:16\n | arm-scmi firmware:scmi: SCMI Notifications - Core Enabled.\n | arm-scmi firmware:scmi: unable to communicate with SCMI\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n | Mem abort info:\n | ESR = 0x0000000096000004\n | EC = 0x25: DABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | FSC = 0x04: level 0 translation fault\n | Data abort info:\n | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n | CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000881ef8000\n | [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n | Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 4 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc2-00124-g455ef3d016c9-dirty #793\n | Hardware name: FVP Base RevC (DT)\n | pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n | pc : smc_chan_free+0x3c/0x6c\n | lr : smc_chan_free+0x3c/0x6c\n | Call trace:\n | smc_chan_free+0x3c/0x6c\n | idr_for_each+0x68/0xf8\n | scmi_cleanup_channels.isra.0+0x2c/0x58\n | scmi_probe+0x434/0x734\n | platform_probe+0x68/0xd8\n | really_probe+0x110/0x27c\n | __driver_probe_device+0x78/0x12c\n | driver_probe_device+0x3c/0x118\n | __driver_attach+0x74/0x128\n | bus_for_each_dev+0x78/0xe0\n | driver_attach+0x24/0x30\n | bus_add_driver+0xe4/0x1e8\n | driver_register+0x60/0x128\n | __platform_driver_register+0x28/0x34\n | scmi_driver_init+0x84/0xc0\n | do_one_initcall+0x78/0x33c\n | kernel_init_freeable+0x2b8/0x51c\n | kernel_init+0x24/0x130\n | ret_from_fork+0x10/0x20\n | Code: f0004701 910a0021 aa1403e5 97b91c70 (b9400280)\n | ---[ end trace 0000000000000000 ]---\r\n\r\nSimply check for the struct pointer being NULL before trying to access\nits members, to avoid this situation.\r\n\r\nThis was found when a transport doesn't really work (for instance no SMC\nservice), the probe routines then tries to clean up, and triggers a crash.(CVE-2024-26893)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\r\n\r\nThis patch is against CVE-2023-6270. The description of cve is:\r\n\r\n A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n `struct net_device`, and a use-after-free can be triggered by racing\n between the free on the struct and the access through the `skbtxq`\n global queue. This could lead to a denial of service condition or\n potential code execution.\r\n\r\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\r\n\r\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().(CVE-2024-26898)",
"cves": [
{
"id": "CVE-2024-26898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26898",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.138.0.165_openEuler-SA-2024-1647.json b/cusa/k/kernel/kernel-5.10.0-60.138.0.165_openEuler-SA-2024-1647.json
index 77d2654..16b458f 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.138.0.165_openEuler-SA-2024-1647.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.138.0.165_openEuler-SA-2024-1647.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1647",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1647",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()\r\n\r\nmemcpy() is called in a loop while 'operation->length' upper bound\nis not checked and 'data_idx' also increments.(CVE-2022-48632)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm/slub: fix to return errno if kmalloc() fails\r\n\r\nIn create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to\nout-of-memory, if it fails, return errno correctly rather than\ntriggering panic via BUG_ON();\r\n\r\nkernel BUG at mm/slub.c:5893!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\r\n\r\nCall trace:\n sysfs_slab_add+0x258/0x260 mm/slub.c:5973\n __kmem_cache_create+0x60/0x118 mm/slub.c:4899\n create_cache mm/slab_common.c:229 [inline]\n kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335\n kmem_cache_create+0x1c/0x28 mm/slab_common.c:390\n f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline]\n f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808\n f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149\n mount_bdev+0x1b8/0x210 fs/super.c:1400\n f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512\n legacy_get_tree+0x30/0x74 fs/fs_context.c:610\n vfs_get_tree+0x40/0x140 fs/super.c:1530\n do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040\n path_mount+0x358/0x914 fs/namespace.c:3370\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]\n __se_sys_mount fs/namespace.c:3568 [inline]\n __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568(CVE-2022-48659)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngpiolib: cdev: Set lineevent_state::irq after IRQ register successfully\r\n\r\nWhen running gpio test on nxp-ls1028 platform with below command\ngpiomon --num-events=3 --rising-edge gpiochip1 25\nThere will be a warning trace as below:\nCall trace:\nfree_irq+0x204/0x360\nlineevent_free+0x64/0x70\ngpio_ioctl+0x598/0x6a0\n__arm64_sys_ioctl+0xb4/0x100\ninvoke_syscall+0x5c/0x130\n......\nel0t_64_sync+0x1a0/0x1a4\nThe reason of this issue is that calling request_threaded_irq()\nfunction failed, and then lineevent_free() is invoked to release\nthe resource. Since the lineevent_state::irq was already set, so\nthe subsequent invocation of free_irq() would trigger the above\nwarning call trace. To fix this issue, set the lineevent_state::irq\nafter the IRQ register successfully.(CVE-2022-48660)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbinder: fix race between mmput() and do_exit()\r\n\r\nTask A calls binder_update_page_range() to allocate and insert pages on\na remote address space from Task B. For this, Task A pins the remote mm\nvia mmget_not_zero() first. This can race with Task B do_exit() and the\nfinal mmput() refcount decrement will come from Task A.\r\n\r\n Task A | Task B\n ------------------+------------------\n mmget_not_zero() |\n | do_exit()\n | exit_mm()\n | mmput()\n mmput() |\n exit_mmap() |\n remove_vma() |\n fput() |\r\n\r\nIn this case, the work of ____fput() from Task B is queued up in Task A\nas TWA_RESUME. So in theory, Task A returns to userspace and the cleanup\nwork gets executed. However, Task A instead sleep, waiting for a reply\nfrom Task B that never comes (it's dead).\r\n\r\nThis means the binder_deferred_release() is blocked until an unrelated\nbinder event forces Task A to go back to userspace. All the associated\ndeath notifications will also be delayed until then.\r\n\r\nIn order to fix this use mmput_async() that will schedule the work in\nthe corresponding mm->async_put_work WQ instead of Task A.(CVE-2023-52609)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng\r\n\r\nThere is a dead-lock in the hwrng device read path. This triggers\nwhen the user reads from /dev/hwrng into memory also mmap-ed from\n/dev/hwrng. The resulting page fault triggers a recursive read\nwhich then dead-locks.\r\n\r\nFix this by using a stack buffer when calling copy_to_user.(CVE-2023-52615)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init\r\n\r\nWhen the mpi_ec_ctx structure is initialized, some fields are not\ncleared, causing a crash when referencing the field when the\nstructure was released. Initially, this issue was ignored because\nmemory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.\nFor example, this error will be triggered when calculating the\nZa value for SM2 separately.(CVE-2023-52616)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock/rnbd-srv: Check for unlikely string overflow\r\n\r\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\r\n\r\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~\nIn function 'rnbd_srv_get_full_path',\n inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n 617 | dev_search_path, dev_name);\n | ~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present).(CVE-2023-52618)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow timeout for anonymous sets\r\n\r\nNever used from userspace, disallow these parameters.(CVE-2023-52620)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\r\n\r\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\r\n\r\n WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\n CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:bpf_map_lookup_elem+0x54/0x60\n ......\n Call Trace:\n \n ? __warn+0xa5/0x240\n ? bpf_map_lookup_elem+0x54/0x60\n ? report_bug+0x1ba/0x1f0\n ? handle_bug+0x40/0x80\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1b/0x20\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ? rcu_lockdep_current_cpu_online+0x65/0xb0\n ? rcu_is_watching+0x23/0x50\n ? bpf_map_lookup_elem+0x54/0x60\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ___bpf_prog_run+0x513/0x3b70\n __bpf_prog_run32+0x9d/0xd0\n ? __bpf_prog_enter_sleepable_recur+0xad/0x120\n ? __bpf_prog_enter_sleepable_recur+0x3e/0x120\n bpf_trampoline_6442580665+0x4d/0x1000\n __x64_sys_getpgid+0x5/0x30\n ? do_syscall_64+0x36/0xb0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n (CVE-2023-52621)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nSUNRPC: Fix a suspicious RCU usage warning\r\n\r\nI received the following warning while running cthon against an ontap\nserver running pNFS:\r\n\r\n[ 57.202521] =============================\n[ 57.202522] WARNING: suspicious RCU usage\n[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted\n[ 57.202525] -----------------------------\n[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!\n[ 57.202527]\n other info that might help us debug this:\r\n\r\n[ 57.202528]\n rcu_scheduler_active = 2, debug_locks = 1\n[ 57.202529] no locks held by test5/3567.\n[ 57.202530]\n stack backtrace:\n[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e\n[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022\n[ 57.202536] Call Trace:\n[ 57.202537] \n[ 57.202540] dump_stack_lvl+0x77/0xb0\n[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0\n[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202866] write_cache_pages+0x265/0x450\n[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202913] do_writepages+0xd2/0x230\n[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80\n[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80\n[ 57.202924] filemap_write_and_wait_range+0xd9/0x170\n[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202969] __se_sys_close+0x46/0xd0\n[ 57.202972] do_syscall_64+0x68/0x100\n[ 57.202975] ? do_syscall_64+0x77/0x100\n[ 57.202976] ? do_syscall_64+0x77/0x100\n[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 57.202982] RIP: 0033:0x7fe2b12e4a94\n[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3\n[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94\n[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003\n[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49\n[ 57.202993] R10: 00007f\n---truncated---(CVE-2023-52623)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsh: push-switch: Reorder cleanup operations to avoid use-after-free bug\r\n\r\nThe original code puts flush_work() before timer_shutdown_sync()\nin switch_drv_remove(). Although we use flush_work() to stop\nthe worker, it could be rescheduled in switch_timer(). As a result,\na use-after-free bug can occur. The details are shown below:\r\n\r\n (cpu 0) | (cpu 1)\nswitch_drv_remove() |\n flush_work() |\n ... | switch_timer // timer\n | schedule_work(&psw->work)\n timer_shutdown_sync() |\n ... | switch_work_handler // worker\n kfree(psw) // free |\n | psw->state = 0 // use\r\n\r\nThis patch puts timer_shutdown_sync() before flush_work() to\nmitigate the bugs. As a result, the worker and timer will be\nstopped safely before the deallocate operations.(CVE-2023-52629)\r\n\r\nRejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2023-52630)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\num: time-travel: fix time corruption\r\n\r\nIn 'basic' time-travel mode (without =inf-cpu or =ext), we\nstill get timer interrupts. These can happen at arbitrary\npoints in time, i.e. while in timer_read(), which pushes\ntime forward just a little bit. Then, if we happen to get\nthe interrupt after calculating the new time to push to,\nbut before actually finishing that, the interrupt will set\nthe time to a value that's incompatible with the forward,\nand we'll crash because time goes backwards when we do the\nforwarding.\r\n\r\nFix this by reading the time_travel_time, calculating the\nadjustment, and doing the adjustment all with interrupts\ndisabled.(CVE-2023-52633)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPM / devfreq: Synchronize devfreq_monitor_[start/stop]\r\n\r\nThere is a chance if a frequent switch of the governor\ndone in a loop result in timer list corruption where\ntimer cancel being done from two place one from\ncancel_delayed_work_sync() and followed by expire_timers()\ncan be seen from the traces[1].\r\n\r\nwhile true\ndo\n echo \"simple_ondemand\" > /sys/class/devfreq/1d84000.ufshc/governor\n echo \"performance\" > /sys/class/devfreq/1d84000.ufshc/governor\ndone\r\n\r\nIt looks to be issue with devfreq driver where\ndevice_monitor_[start/stop] need to synchronized so that\ndelayed work should get corrupted while it is either\nbeing queued or running or being cancelled.\r\n\r\nLet's use polling flag and devfreq lock to synchronize the\nqueueing the timer instance twice and work data being\ncorrupted.\r\n\r\n[1]\n...\n..\n-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428\n-0 [003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c\n-0 [003] 9436.209718: timer_expire_exit timer=0xffffff80444f0428\nkworker/u16:6-14217 [003] 9436.209863: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b now=0x10022da1c flags=182452227\nvendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532\nvendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428\nxxxyyyTraceManag-7795 [004] 9436.261641: timer_cancel timer=0xffffff80444f0428\r\n\r\n[2]\r\n\r\n 9436.261653][ C4] Unable to handle kernel paging request at virtual address dead00000000012a\n[ 9436.261664][ C4] Mem abort info:\n[ 9436.261666][ C4] ESR = 0x96000044\n[ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 9436.261671][ C4] SET = 0, FnV = 0\n[ 9436.261673][ C4] EA = 0, S1PTW = 0\n[ 9436.261675][ C4] Data abort info:\n[ 9436.261677][ C4] ISV = 0, ISS = 0x00000044\n[ 9436.261680][ C4] CM = 0, WnR = 1\n[ 9436.261682][ C4] [dead00000000012a] address between user and kernel address ranges\n[ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP\n[ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0\n...\r\n\r\n[ 9436.262138][ C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1\n[ 9436.262141][ C4] Hardware name: Qualcomm Technologies, Inc. (DT)\n[ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=--)\n[ 9436.262161][ C4] pc : expire_timers+0x9c/0x438\n[ 9436.262164][ C4] lr : expire_timers+0x2a4/0x438\n[ 9436.262168][ C4] sp : ffffffc010023dd0\n[ 9436.262171][ C4] x29: ffffffc010023df0 x28: ffffffd0636fdc18\n[ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008\n[ 9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280\n[ 9436.262185][ C4] x23: 00000000000000e0 x22: dead000000000122\n[ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80\n[ 9436.262191][ C4] x19: ffffffc010023e50 x18: ffffffc010025038\n[ 9436.262195][ C4] x17: 0000000000000240 x16: 0000000000000201\n[ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100\n[ 9436.262203][ C4] x13: ffffff889f3c3100 x12: 00000000049f56b8\n[ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff\n[ 9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122\n[ 9436.262216][ C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8\n[ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101\n[ 9436.262223][ C4] x3 : 0000000000000080 x2 : ffffff8\n---truncated---(CVE-2023-52635)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncan: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)\r\n\r\nLock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)\nmodifies jsk->filters while receiving packets.\r\n\r\nFollowing trace was seen on affected system:\n ==================================================================\n BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n Read of size 4 at addr ffff888012144014 by task j1939/350\r\n\r\n CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n print_report+0xd3/0x620\n ? kasan_complete_mode_report_info+0x7d/0x200\n ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n kasan_report+0xc2/0x100\n ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n __asan_load4+0x84/0xb0\n j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n j1939_sk_recv+0x20b/0x320 [can_j1939]\n ? __kasan_check_write+0x18/0x20\n ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]\n ? j1939_simple_recv+0x69/0x280 [can_j1939]\n ? j1939_ac_recv+0x5e/0x310 [can_j1939]\n j1939_can_recv+0x43f/0x580 [can_j1939]\n ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n ? raw_rcv+0x42/0x3c0 [can_raw]\n ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n can_rcv_filter+0x11f/0x350 [can]\n can_receive+0x12f/0x190 [can]\n ? __pfx_can_rcv+0x10/0x10 [can]\n can_rcv+0xdd/0x130 [can]\n ? __pfx_can_rcv+0x10/0x10 [can]\n __netif_receive_skb_one_core+0x13d/0x150\n ? __pfx___netif_receive_skb_one_core+0x10/0x10\n ? __kasan_check_write+0x18/0x20\n ? _raw_spin_lock_irq+0x8c/0xe0\n __netif_receive_skb+0x23/0xb0\n process_backlog+0x107/0x260\n __napi_poll+0x69/0x310\n net_rx_action+0x2a1/0x580\n ? __pfx_net_rx_action+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? handle_irq_event+0x7d/0xa0\n __do_softirq+0xf3/0x3f8\n do_softirq+0x53/0x80\n \n \n __local_bh_enable_ip+0x6e/0x70\n netif_rx+0x16b/0x180\n can_send+0x32b/0x520 [can]\n ? __pfx_can_send+0x10/0x10 [can]\n ? __check_object_size+0x299/0x410\n raw_sendmsg+0x572/0x6d0 [can_raw]\n ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n ? apparmor_socket_sendmsg+0x2f/0x40\n ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n sock_sendmsg+0xef/0x100\n sock_write_iter+0x162/0x220\n ? __pfx_sock_write_iter+0x10/0x10\n ? __rtnl_unlock+0x47/0x80\n ? security_file_permission+0x54/0x320\n vfs_write+0x6ba/0x750\n ? __pfx_vfs_write+0x10/0x10\n ? __fget_light+0x1ca/0x1f0\n ? __rcu_read_unlock+0x5b/0x280\n ksys_write+0x143/0x170\n ? __pfx_ksys_write+0x10/0x10\n ? __kasan_check_read+0x15/0x20\n ? fpregs_assert_state_consistent+0x62/0x70\n __x64_sys_write+0x47/0x60\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6d/0x90\n ? irqentry_exit+0x3f/0x50\n ? exc_page_fault+0x79/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\r\n\r\n Allocated by task 348:\n kasan_save_stack+0x2a/0x50\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x1f/0x30\n __kasan_kmalloc+0xb5/0xc0\n __kmalloc_node_track_caller+0x67/0x160\n j1939_sk_setsockopt+0x284/0x450 [can_j1939]\n __sys_setsockopt+0x15c/0x2f0\n __x64_sys_setsockopt+0x6b/0x80\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\r\n\r\n Freed by task 349:\n kasan_save_stack+0x2a/0x50\n kasan_set_track+0x29/0x40\n kasan_save_free_info+0x2f/0x50\n __kasan_slab_free+0x12e/0x1c0\n __kmem_cache_free+0x1b9/0x380\n kfree+0x7a/0x120\n j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]\n __sys_setsockopt+0x15c/0x2f0\n __x64_sys_setsockopt+0x6b/0x80\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2023-52637)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nKVM: s390: vsie: fix race during shadow creation\r\n\r\nRight now it is possible to see gmap->private being zero in\nkvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the\nfact that we add gmap->private == kvm after creation:\r\n\r\nstatic int acquire_gmap_shadow(struct kvm_vcpu *vcpu,\n struct vsie_page *vsie_page)\n{\n[...]\n gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);\n if (IS_ERR(gmap))\n return PTR_ERR(gmap);\n gmap->private = vcpu->kvm;\r\n\r\nLet children inherit the private field of the parent.(CVE-2023-52639)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled\r\n\r\nWhen QoS is disabled, the queue priority value will not map to the correct\nieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS\nis disabled to prevent trying to stop/wake a non-existent queue and failing\nto stop/wake the actual queue instantiated.\r\n\r\nLog of issue before change (with kernel parameter qos=0):\n [ +5.112651] ------------[ cut here ]------------\n [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3\n [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common\n [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]\n [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS\n [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019\n [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00\n [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097\n [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000\n [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900\n [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0\n [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000\n [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40\n [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000\n [ +0.000001] CS: 0010 DS: 0\n---truncated---(CVE-2023-52644)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: aqc111: check packet for fixup for true limit\r\n\r\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\r\n\r\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\r\n\r\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver.(CVE-2023-52655)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\npowerpc/imc-pmu: Add a null pointer check in update_events_in_group()\r\n\r\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.(CVE-2023-52675)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Guard stack limits against 32bit overflow\r\n\r\nThis patch promotes the arithmetic around checking stack bounds to be\ndone in the 64-bit domain, instead of the current 32bit. The arithmetic\nimplies adding together a 64-bit register with a int offset. The\nregister was checked to be below 1<<29 when it was variable, but not\nwhen it was fixed. The offset either comes from an instruction (in which\ncase it is 16 bit), from another register (in which case the caller\nchecked it to be below 1<<29 [1]), or from the size of an argument to a\nkfunc (in which case it can be a u32 [2]). Between the register being\ninconsistently checked to be below 1<<29, and the offset being up to an\nu32, it appears that we were open to overflowing the `int`s which were\ncurrently used for arithmetic.\r\n\r\n[1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498\n[2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904(CVE-2023-52676)\r\n\r\n\r\nA race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\r\n\r\n\r\n\r\n\n(CVE-2024-24860)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: fix a memory corruption\r\n\r\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we'll write past the buffer.(CVE-2024-26610)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\r\n\r\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\r\n\r\nReading frag_off can only be done if we pulled enough bytes\nto skb->head. Currently we might access garbage.\r\n\r\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---(CVE-2024-26633)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: Drop support for ETH_P_TR_802_2.\r\n\r\nsyzbot reported an uninit-value bug below. [0]\r\n\r\nllc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2\n(0x0011), and syzbot abused the latter to trigger the bug.\r\n\r\n write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', \"90e5dd\"}}}}, 0x16)\r\n\r\nllc_conn_handler() initialises local variables {saddr,daddr}.mac\nbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes\nthem to __llc_lookup().\r\n\r\nHowever, the initialisation is done only when skb->protocol is\nhtons(ETH_P_802_2), otherwise, __llc_lookup_established() and\n__llc_lookup_listener() will read garbage.\r\n\r\nThe missing initialisation existed prior to commit 211ed865108e\n(\"net: delete all instances of special processing for token ring\").\r\n\r\nIt removed the part to kick out the token ring stuff but forgot to\nclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().\r\n\r\nLet's remove llc_tr_packet_type and complete the deprecation.\r\n\r\n[0]:\nBUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90\n __llc_lookup_established+0xe9d/0xf90\n __llc_lookup net/llc/llc_conn.c:611 [inline]\n llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n __netif_receive_skb_one_core net/core/dev.c:5527 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641\n netif_receive_skb_internal net/core/dev.c:5727 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5786\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x8ef/0x1490 fs/read_write.c:584\n ksys_write+0x20f/0x4c0 fs/read_write.c:637\n __do_sys_write fs/read_write.c:649 [inline]\n __se_sys_write fs/read_write.c:646 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:646\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nLocal variable daddr created at:\n llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\r\n\r\nCPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023(CVE-2024-26635)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: make llc_ui_sendmsg() more robust against bonding changes\r\n\r\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\r\n\r\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\r\n\r\nThis fix:\r\n\r\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\r\n\r\n[1]\r\n\r\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\r\n\r\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n skb_panic net/core/skbuff.c:189 [inline]\n skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n skb_push+0xf0/0x108 net/core/skbuff.c:2451\n eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3188 [inline]\n llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x194/0x274 net/socket.c:767\n splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n do_splice_from fs/splice.c:933 [inline]\n direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n do_splice_direct+0x20c/0x348 fs/splice.c:1194\n do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)(CVE-2024-26636)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: add sanity checks to rx zerocopy\r\n\r\nTCP rx zerocopy intent is to map pages initially allocated\nfrom NIC drivers, not pages owned by a fs.\r\n\r\nThis patch adds to can_map_frag() these additional checks:\r\n\r\n- Page must not be a compound one.\n- page->mapping must be NULL.\r\n\r\nThis fixes the panic reported by ZhangPeng.\r\n\r\nsyzbot was able to loopback packets built with sendfile(),\nmapping pages owned by an ext4 file to TCP rx zerocopy.\r\n\r\nr3 = socket$inet_tcp(0x2, 0x1, 0x0)\nmmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)\nr4 = socket$inet_tcp(0x2, 0x1, 0x0)\nbind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)\nconnect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)\nr5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\\x00',\n 0x181e42, 0x0)\nfallocate(r5, 0x0, 0x0, 0x85b8)\nsendfile(r4, r5, 0x0, 0x8ba0)\ngetsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,\n &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,\n 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40)\nr6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\\x00',\n 0x181e42, 0x0)(CVE-2024-26640)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\r\n\r\nsyzbot found __ip6_tnl_rcv() could access unitiliazed data [1].\r\n\r\nCall pskb_inet_may_pull() to fix this, and initialize ipv6h\nvariable after this call as it can change skb->head.\r\n\r\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727\n __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845\n ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888\n gre_rcv+0x143f/0x1870\n ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:461 [inline]\n ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5532 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646\n netif_receive_skb_internal net/core/dev.c:5732 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5791\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n tun_alloc_skb drivers/net/tun.c:1531 [inline]\n tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023(CVE-2024-26641)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow anonymous set with timeout flag\r\n\r\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work.(CVE-2024-26642)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing: Ensure visibility when inserting an element into tracing_map\r\n\r\nRunning the following two commands in parallel on a multi-processor\nAArch64 machine can sporadically produce an unexpected warning about\nduplicate histogram entries:\r\n\r\n $ while true; do\n echo hist:key=id.syscall:val=hitcount > \\\n /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger\n cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist\n sleep 0.001\n done\n $ stress-ng --sysbadaddr $(nproc)\r\n\r\nThe warning looks as follows:\r\n\r\n[ 2911.172474] ------------[ cut here ]------------\n[ 2911.173111] Duplicates detected: 1\n[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408\n[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)\n[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1\n[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01\n[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018\n[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.185310] sp : ffff8000a1513900\n[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001\n[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008\n[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180\n[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff\n[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8\n[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731\n[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c\n[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8\n[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000\n[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480\n[ 2911.194259] Call trace:\n[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408\n[ 2911.195220] hist_show+0x124/0x800\n[ 2911.195692] seq_read_iter+0x1d4/0x4e8\n[ 2911.196193] seq_read+0xe8/0x138\n[ 2911.196638] vfs_read+0xc8/0x300\n[ 2911.197078] ksys_read+0x70/0x108\n[ 2911.197534] __arm64_sys_read+0x24/0x38\n[ 2911.198046] invoke_syscall+0x78/0x108\n[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8\n[ 2911.199157] do_el0_svc+0x28/0x40\n[ 2911.199613] el0_svc+0x40/0x178\n[ 2911.200048] el0t_64_sync_handler+0x13c/0x158\n[ 2911.200621] el0t_64_sync+0x1a8/0x1b0\n[ 2911.201115] ---[ end trace 0000000000000000 ]---\r\n\r\nThe problem appears to be caused by CPU reordering of writes issued from\n__tracing_map_insert().\r\n\r\nThe check for the presence of an element with a given key in this\nfunction is:\r\n\r\n val = READ_ONCE(entry->val);\n if (val && keys_match(key, val->key, map->key_size)) ...\r\n\r\nThe write of a new entry is:\r\n\r\n elt = get_free_elt(map);\n memcpy(elt->key, key, map->key_size);\n entry->val = elt;\r\n\r\nThe \"memcpy(elt->key, key, map->key_size);\" and \"entry->val = elt;\"\nstores may become visible in the reversed order on another CPU. This\nsecond CPU might then incorrectly determine that a new key doesn't match\nan already present val->key and subse\n---truncated---(CVE-2024-26645)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'\r\n\r\nIn \"u32 otg_inst = pipe_ctx->stream_res.tg->inst;\"\npipe_ctx->stream_res.tg could be NULL, it is relying on the caller to\nensure the tg is not NULL.(CVE-2024-26661)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntunnels: fix out of bounds access when building IPv6 PMTU error\r\n\r\nIf the ICMPv6 error is built from a non-linear skb we get the following\nsplat,\r\n\r\n BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240\n Read of size 4 at addr ffff88811d402c80 by task netperf/820\n CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543\n ...\n kasan_report+0xd8/0x110\n do_csum+0x220/0x240\n csum_partial+0xc/0x20\n skb_tunnel_check_pmtu+0xeb9/0x3280\n vxlan_xmit_one+0x14c2/0x4080\n vxlan_xmit+0xf61/0x5c00\n dev_hard_start_xmit+0xfb/0x510\n __dev_queue_xmit+0x7cd/0x32a0\n br_dev_queue_push_xmit+0x39d/0x6a0\r\n\r\nUse skb_checksum instead of csum_partial who cannot deal with non-linear\nSKBs.(CVE-2024-26665)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nft_limit: reject configurations that cause integer overflow\r\n\r\nReject bogus configs where internal token counter wraps around.\nThis only occurs with very very large requests, such as 17gbyte/s.\r\n\r\nIts better to reject this rather than having incorrect ratelimit.(CVE-2024-26668)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: flower: Fix chain template offload\r\n\r\nWhen a qdisc is deleted from a net device the stack instructs the\nunderlying driver to remove its flow offload callback from the\nassociated filter block using the 'FLOW_BLOCK_UNBIND' command. The stack\nthen continues to replay the removal of the filters in the block for\nthis driver by iterating over the chains in the block and invoking the\n'reoffload' operation of the classifier being used. In turn, the\nclassifier in its 'reoffload' operation prepares and emits a\n'FLOW_CLS_DESTROY' command for each filter.\r\n\r\nHowever, the stack does not do the same for chain templates and the\nunderlying driver never receives a 'FLOW_CLS_TMPLT_DESTROY' command when\na qdisc is deleted. This results in a memory leak [1] which can be\nreproduced using [2].\r\n\r\nFix by introducing a 'tmplt_reoffload' operation and have the stack\ninvoke it with the appropriate arguments as part of the replay.\nImplement the operation in the sole classifier that supports chain\ntemplates (flower) by emitting the 'FLOW_CLS_TMPLT_{CREATE,DESTROY}'\ncommand based on whether a flow offload callback is being bound to a\nfilter block or being unbound from one.\r\n\r\nAs far as I can tell, the issue happens since cited commit which\nreordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()\nin __tcf_block_put(). The order cannot be reversed as the filter block\nis expected to be freed after flushing all the chains.\r\n\r\n[1]\nunreferenced object 0xffff888107e28800 (size 2048):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[......\n 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................\n backtrace:\n [] __kmem_cache_alloc_node+0x1e8/0x320\n [] __kmalloc+0x4e/0x90\n [] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0\n [] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [] tc_setup_cb_call+0x183/0x340\n [] fl_tmplt_create+0x3da/0x4c0\n [] tc_ctl_chain+0xa15/0x1170\n [] rtnetlink_rcv_msg+0x3cc/0xed0\n [] netlink_rcv_skb+0x170/0x440\n [] netlink_unicast+0x540/0x820\n [] netlink_sendmsg+0x8d8/0xda0\n [] ____sys_sendmsg+0x30f/0xa80\n [] ___sys_sendmsg+0x13a/0x1e0\n [] __sys_sendmsg+0x11c/0x1f0\n [] do_syscall_64+0x40/0xe0\nunreferenced object 0xffff88816d2c0400 (size 1024):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8.....\n 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m....\n backtrace:\n [] __kmem_cache_alloc_node+0x1e8/0x320\n [] __kmalloc_node+0x51/0x90\n [] kvmalloc_node+0xa6/0x1f0\n [] bucket_table_alloc.isra.0+0x83/0x460\n [] rhashtable_init+0x43b/0x7c0\n [] mlxsw_sp_acl_ruleset_get+0x428/0x7a0\n [] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [] tc_setup_cb_call+0x183/0x340\n [] fl_tmplt_create+0x3da/0x4c0\n [] tc_ctl_chain+0xa15/0x1170\n [] rtnetlink_rcv_msg+0x3cc/0xed0\n [] netlink_rcv_skb+0x170/0x440\n [] netlink_unicast+0x540/0x820\n [] netlink_sendmsg+0x8d8/0xda0\n [] ____sys_sendmsg+0x30f/0xa80\r\n\r\n[2]\n # tc qdisc add dev swp1 clsact\n # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32\n # tc qdisc del dev\n---truncated---(CVE-2024-26669)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nppp_async: limit MRU to 64K\r\n\r\nsyzbot triggered a warning [1] in __alloc_pages():\r\n\r\nWARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)\r\n\r\nWillem fixed a similar issue in commit c0a2a1b0d631 (\"ppp: limit MRU to 64K\")\r\n\r\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\r\n\r\n[1]:\r\n\r\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n __do_kmalloc_node mm/slub.c:3969 [inline]\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860(CVE-2024-26675)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ninet: read sk->sk_family once in inet_recv_error()\r\n\r\ninet_recv_error() is called without holding the socket lock.\r\n\r\nIPv6 socket could mutate to IPv4 with IPV6_ADDRFORM\nsocket option and trigger a KCSAN warning.(CVE-2024-26679)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: atlantic: Fix DMA mapping for PTP hwts ring\r\n\r\nFunction aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes\nfor PTP HWTS ring but then generic aq_ring_free() does not take this\ninto account.\nCreate and use a specific function to free HWTS ring to fix this\nissue.\r\n\r\nTrace:\n[ 215.351607] ------------[ cut here ]------------\n[ 215.351612] DMA-API: atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes]\n[ 215.351635] WARNING: CPU: 33 PID: 10759 at kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360\n...\n[ 215.581176] Call Trace:\n[ 215.583632] \n[ 215.585745] ? show_trace_log_lvl+0x1c4/0x2df\n[ 215.590114] ? show_trace_log_lvl+0x1c4/0x2df\n[ 215.594497] ? debug_dma_free_coherent+0x196/0x210\n[ 215.599305] ? check_unmap+0xa6f/0x2360\n[ 215.603147] ? __warn+0xca/0x1d0\n[ 215.606391] ? check_unmap+0xa6f/0x2360\n[ 215.610237] ? report_bug+0x1ef/0x370\n[ 215.613921] ? handle_bug+0x3c/0x70\n[ 215.617423] ? exc_invalid_op+0x14/0x50\n[ 215.621269] ? asm_exc_invalid_op+0x16/0x20\n[ 215.625480] ? check_unmap+0xa6f/0x2360\n[ 215.629331] ? mark_lock.part.0+0xca/0xa40\n[ 215.633445] debug_dma_free_coherent+0x196/0x210\n[ 215.638079] ? __pfx_debug_dma_free_coherent+0x10/0x10\n[ 215.643242] ? slab_free_freelist_hook+0x11d/0x1d0\n[ 215.648060] dma_free_attrs+0x6d/0x130\n[ 215.651834] aq_ring_free+0x193/0x290 [atlantic]\n[ 215.656487] aq_ptp_ring_free+0x67/0x110 [atlantic]\n...\n[ 216.127540] ---[ end trace 6467e5964dd2640b ]---\n[ 216.132160] DMA-API: Mapped at:\n[ 216.132162] debug_dma_alloc_coherent+0x66/0x2f0\n[ 216.132165] dma_alloc_attrs+0xf5/0x1b0\n[ 216.132168] aq_ring_hwts_rx_alloc+0x150/0x1f0 [atlantic]\n[ 216.132193] aq_ptp_ring_alloc+0x1bb/0x540 [atlantic]\n[ 216.132213] aq_nic_init+0x4a1/0x760 [atlantic](CVE-2024-26680)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: stmmac: xgmac: fix handling of DPP safety error for DMA channels\r\n\r\nCommit 56e58d6c8a56 (\"net: stmmac: Implement Safety Features in\nXGMAC core\") checks and reports safety errors, but leaves the\nData Path Parity Errors for each channel in DMA unhandled at all, lead to\na storm of interrupt.\nFix it by checking and clearing the DMA_DPP_Interrupt_Status register.(CVE-2024-26684)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix potential bug in end_buffer_async_write\r\n\r\nAccording to a syzbot report, end_buffer_async_write(), which handles the\ncompletion of block device writes, may detect abnormal condition of the\nbuffer async_write flag and cause a BUG_ON failure when using nilfs2.\r\n\r\nNilfs2 itself does not use end_buffer_async_write(). But, the async_write\nflag is now used as a marker by commit 7f42ec394156 (\"nilfs2: fix issue\nwith race condition of competition between segments for dirty blocks\") as\na means of resolving double list insertion of dirty blocks in\nnilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the\nresulting crash.\r\n\r\nThis modification is safe as long as it is used for file data and b-tree\nnode blocks where the page caches are independent. However, it was\nirrelevant and redundant to also introduce async_write for segment summary\nand super root blocks that share buffers with the backing device. This\nled to the possibility that the BUG_ON check in end_buffer_async_write\nwould fail as described above, if independent writebacks of the backing\ndevice occurred in parallel.\r\n\r\nThe use of async_write for segment summary buffers has already been\nremoved in a previous change.\r\n\r\nFix this issue by removing the manipulation of the async_write flag for\nthe remaining super root block buffer.(CVE-2024-26685)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats\r\n\r\nlock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call\ndo_task_stat() at the same time and the process has NR_THREADS, it will\nspin with irqs disabled O(NR_CPUS * NR_THREADS) time.\r\n\r\nChange do_task_stat() to use sig->stats_lock to gather the statistics\noutside of ->siglock protected section, in the likely case this code will\nrun lockless.(CVE-2024-26686)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nceph: prevent use-after-free in encode_cap_msg()\r\n\r\nIn fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was\ncaught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This\nimplies before the refcount could be increment here, it was freed.\r\n\r\nIn same file, in \"handle_cap_grant()\" refcount is decremented by this\nline - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race\noccurred and resource was freed by the latter line before the former\nline could increment it.\r\n\r\nencode_cap_msg() is called by __send_cap() and __send_cap() is called by\nceph_check_caps() after calling __prep_cap(). __prep_cap() is where\narg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where\nthe refcount must be increased to prevent \"use after free\" error.(CVE-2024-26689)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix data corruption in dsync block recovery for small block sizes\r\n\r\nThe helper function nilfs_recovery_copy_block() of\nnilfs_recovery_dsync_blocks(), which recovers data from logs created by\ndata sync writes during a mount after an unclean shutdown, incorrectly\ncalculates the on-page offset when copying repair data to the file's page\ncache. In environments where the block size is smaller than the page\nsize, this flaw can cause data corruption and leak uninitialized memory\nbytes during the recovery process.\r\n\r\nFix these issues by correcting this byte offset calculation on the page.(CVE-2024-26697)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC\r\n\r\nRecently, we encounter kernel crash in function rm3100_common_probe\ncaused by out of bound access of array rm3100_samp_rates (because of\nunderlying hardware failures). Add boundary check to prevent out of\nbound access.(CVE-2024-26702)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nparisc: Fix random data corruption from exception handler\r\n\r\nThe current exception handler implementation, which assists when accessing\nuser space memory, may exhibit random data corruption if the compiler decides\nto use a different register than the specified register %r29 (defined in\nASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another\nregister, the fault handler will nevertheless store -EFAULT into %r29 and thus\ntrash whatever this register is used for.\nLooking at the assembly I found that this happens sometimes in emulate_ldd().\r\n\r\nTo solve the issue, the easiest solution would be if it somehow is\npossible to tell the fault handler which register is used to hold the error\ncode. Using %0 or %1 in the inline assembly is not posssible as it will show\nup as e.g. %r29 (with the \"%r\" prefix), which the GNU assembler can not\nconvert to an integer.\r\n\r\nThis patch takes another, better and more flexible approach:\nWe extend the __ex_table (which is out of the execution path) by one 32-word.\nIn this word we tell the compiler to insert the assembler instruction\n\"or %r0,%r0,%reg\", where %reg references the register which the compiler\nchoosed for the error return code.\nIn case of an access failure, the fault handler finds the __ex_table entry and\ncan examine the opcode. The used register is encoded in the lowest 5 bits, and\nthe fault handler can then store -EFAULT into this register.\r\n\r\nSince we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT\nconfig option any longer.(CVE-2024-26706)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()\r\n\r\nSyzkaller reported [1] hitting a warning after failing to allocate\nresources for skb in hsr_init_skb(). Since a WARN_ONCE() call will\nnot help much in this case, it might be prudent to switch to\nnetdev_warn_once(). At the very least it will suppress syzkaller\nreports such as [1].\r\n\r\nJust in case, use netdev_warn_once() in send_prp_supervision_frame()\nfor similar reasons.\r\n\r\n[1]\nHSR: Could not send supervision frame\nWARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\nRIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\n...\nCall Trace:\n \n hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382\n call_timer_fn+0x193/0x590 kernel/time/timer.c:1700\n expire_timers kernel/time/timer.c:1751 [inline]\n __run_timers+0x764/0xb20 kernel/time/timer.c:2022\n run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n invoke_softirq kernel/softirq.c:427 [inline]\n __irq_exit_rcu kernel/softirq.c:632 [inline]\n irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644\n sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076\n \n \n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649\n...\r\n\r\nThis issue is also found in older kernels (at least up to 5.10).(CVE-2024-26707)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\npowerpc/kasan: Fix addr error caused by page alignment\r\n\r\nIn kasan_init_region, when k_start is not page aligned, at the begin of\nfor loop, k_cur = k_start & PAGE_MASK is less than k_start, and then\n`va = block + k_cur - k_start` is less than block, the addr va is invalid,\nbecause the memory address space from va to block is not alloced by\nmemblock_alloc, which will not be reserved by memblock_reserve later, it\nwill be used by other places.\r\n\r\nAs a result, memory overwriting occurs.\r\n\r\nfor example:\nint __init __weak kasan_init_region(void *start, size_t size)\n{\n[...]\n\t/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\n\tblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\n\t[...]\n\tfor (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {\n\t\t/* at the begin of for loop\n\t\t * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\n\t\t * va(dcd96c00) is less than block(dcd97000), va is invalid\n\t\t */\n\t\tvoid *va = block + k_cur - k_start;\n\t\t[...]\n\t}\n[...]\n}\r\n\r\nTherefore, page alignment is performed on k_start before\nmemblock_alloc() to ensure the validity of the VA address.(CVE-2024-26712)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\r\n\r\n(struct dirty_throttle_control *)->thresh is an unsigned long, but is\npassed as the u32 divisor argument to div_u64(). On architectures where\nunsigned long is 64 bytes, the argument will be implicitly truncated.\r\n\r\nUse div64_u64() instead of div_u64() so that the value used in the \"is\nthis a safe division\" check is the same as the divisor.\r\n\r\nAlso, remove redundant cast of the numerator to u64, as that should happen\nimplicitly.\r\n\r\nThis would be difficult to exploit in memcg domain, given the ratio-based\narithmetic domain_drity_limits() uses, but is much easier in global\nwriteback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. \nvm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)(CVE-2024-26720)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: don't drop extent_map for free space inode on write error\r\n\r\nWhile running the CI for an unrelated change I hit the following panic\nwith generic/648 on btrfs_holes_spacecache.\r\n\r\nassertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385\n------------[ cut here ]------------\nkernel BUG at fs/btrfs/extent_io.c:1385!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1\nRIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0\nCall Trace:\n \n extent_write_cache_pages+0x2ac/0x8f0\n extent_writepages+0x87/0x110\n do_writepages+0xd5/0x1f0\n filemap_fdatawrite_wbc+0x63/0x90\n __filemap_fdatawrite_range+0x5c/0x80\n btrfs_fdatawrite_range+0x1f/0x50\n btrfs_write_out_cache+0x507/0x560\n btrfs_write_dirty_block_groups+0x32a/0x420\n commit_cowonly_roots+0x21b/0x290\n btrfs_commit_transaction+0x813/0x1360\n btrfs_sync_file+0x51a/0x640\n __x64_sys_fdatasync+0x52/0x90\n do_syscall_64+0x9c/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\r\n\r\nThis happens because we fail to write out the free space cache in one\ninstance, come back around and attempt to write it again. However on\nthe second pass through we go to call btrfs_get_extent() on the inode to\nget the extent mapping. Because this is a new block group, and with the\nfree space inode we always search the commit root to avoid deadlocking\nwith the tree, we find nothing and return a EXTENT_MAP_HOLE for the\nrequested range.\r\n\r\nThis happens because the first time we try to write the space cache out\nwe hit an error, and on an error we drop the extent mapping. This is\nnormal for normal files, but the free space cache inode is special. We\nalways expect the extent map to be correct. Thus the second time\nthrough we end up with a bogus extent map.\r\n\r\nSince we're deprecating this feature, the most straightforward way to\nfix this is to simply skip dropping the extent map range for this failed\nrange.\r\n\r\nI shortened the test by using error injection to stress the area to make\nit easier to reproduce. With this patch in place we no longer panic\nwith my error injection test.(CVE-2024-26726)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\narp: Prevent overflow in arp_req_get().\r\n\r\nsyzkaller reported an overflown write in arp_req_get(). [0]\r\n\r\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh->ha to struct arpreq.arp_ha.sa_data.\r\n\r\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\r\n\r\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it's\nnot a problem.\r\n\r\nHowever, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\r\n\r\nTo avoid the overflow, let's limit the max length of memcpy().\r\n\r\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\r\n\r\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r->arp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n (CVE-2024-26733)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndevlink: fix possible use-after-free and memory leaks in devlink_init()\r\n\r\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.\r\n\r\nMake an unregister in case of unsuccessful registration.(CVE-2024-26734)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: sr: fix possible use-after-free and null-ptr-deref\r\n\r\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.(CVE-2024-26735)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: act_mirred: use the backlog for mirred ingress\r\n\r\nThe test Davide added in commit ca22da2fbd69 (\"act_mirred: use the backlog\nfor nested calls to mirred ingress\") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by\nlockdep.\r\n\r\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -> ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -> ingress reversals, not just once\nwe started to nest mirred calls.\r\n\r\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue.(CVE-2024-26740)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/qedr: Fix qedr_create_user_qp error flow\r\n\r\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\r\n\r\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n\n--[ end trace 888a9b92e04c5c97 ]--(CVE-2024-26743)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/srpt: Support specifying the srpt_service_guid parameter\r\n\r\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\r\n\r\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76(CVE-2024-26744)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()\r\n\r\nThe gtp_net_ops pernet operations structure for the subsystem must be\nregistered before registering the generic netlink family.\r\n\r\nSyzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug:\r\n\r\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\nRIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]\nCode: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86\n df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80>\n 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74\nRSP: 0018:ffff888014107220 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000\nFS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \n ? show_regs+0x90/0xa0\n ? die_addr+0x50/0xd0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? gtp_genl_dump_pdp+0x1be/0x800 [gtp]\n ? __alloc_skb+0x1dd/0x350\n ? __pfx___alloc_skb+0x10/0x10\n genl_dumpit+0x11d/0x230\n netlink_dump+0x5b9/0xce0\n ? lockdep_hardirqs_on_prepare+0x253/0x430\n ? __pfx_netlink_dump+0x10/0x10\n ? kasan_save_track+0x10/0x40\n ? __kasan_kmalloc+0x9b/0xa0\n ? genl_start+0x675/0x970\n __netlink_dump_start+0x6fc/0x9f0\n genl_family_rcv_msg_dumpit+0x1bb/0x2d0\n ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10\n ? genl_op_from_small+0x2a/0x440\n ? cap_capable+0x1d0/0x240\n ? __pfx_genl_start+0x10/0x10\n ? __pfx_genl_dumpit+0x10/0x10\n ? __pfx_genl_done+0x10/0x10\n ? security_capable+0x9d/0xe0(CVE-2024-26754)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm-crypt: don't modify the data when using authenticated encryption\r\n\r\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\r\n\r\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\r\n\r\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/(CVE-2024-26763)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nspi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected\r\n\r\nReturn IRQ_NONE from the interrupt handler when no interrupt was\ndetected. Because an empty interrupt will cause a null pointer error:\r\n\r\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000008\n Call trace:\n complete+0x54/0x100\n hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]\n __handle_irq_event_percpu+0x64/0x1e0\n handle_irq_event+0x7c/0x1cc(CVE-2024-26776)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmptcp: fix double-free on socket dismantle\r\n\r\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to 'inet_opt' for the new socket has the same\nvalue as the original one: as a consequence, on program exit it's possible\nto observe the following splat:\r\n\r\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\r\n\r\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n \n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n \n \n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n \r\n\r\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\r\n\r\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\r\n\r\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\r\n\r\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\r\n\r\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---(CVE-2024-26782)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmmc: mmci: stm32: fix DMA API overlapping mappings warning\r\n\r\nTurning on CONFIG_DMA_API_DEBUG_SG results in the following warning:\r\n\r\nDMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,\noverlapping mappings aren't supported\nWARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568\nadd_dma_entry+0x234/0x2f4\nModules linked in:\nCPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1\nHardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)\nWorkqueue: events_freezable mmc_rescan\nCall trace:\nadd_dma_entry+0x234/0x2f4\ndebug_dma_map_sg+0x198/0x350\n__dma_map_sg_attrs+0xa0/0x110\ndma_map_sg_attrs+0x10/0x2c\nsdmmc_idma_prep_data+0x80/0xc0\nmmci_prep_data+0x38/0x84\nmmci_start_data+0x108/0x2dc\nmmci_request+0xe4/0x190\n__mmc_start_request+0x68/0x140\nmmc_start_request+0x94/0xc0\nmmc_wait_for_req+0x70/0x100\nmmc_send_tuning+0x108/0x1ac\nsdmmc_execute_tuning+0x14c/0x210\nmmc_execute_tuning+0x48/0xec\nmmc_sd_init_uhs_card.part.0+0x208/0x464\nmmc_sd_init_card+0x318/0x89c\nmmc_attach_sd+0xe4/0x180\nmmc_rescan+0x244/0x320\r\n\r\nDMA API debug brings to light leaking dma-mappings as dma_map_sg and\ndma_unmap_sg are not correctly balanced.\r\n\r\nIf an error occurs in mmci_cmd_irq function, only mmci_dma_error\nfunction is called and as this API is not managed on stm32 variant,\ndma_unmap_sg is never called in this error path.(CVE-2024-26787)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: dev-replace: properly validate device names\r\n\r\nThere's a syzbot report that device name buffers passed to device\nreplace are not properly checked for string termination which could lead\nto a read out of bounds in getname_kernel().\r\n\r\nAdd a helper that validates both source and target device name buffers.\nFor devid as the source initialize the buffer to empty string in case\nsomething tries to read it later.\r\n\r\nThis was originally analyzed and fixed in a different way by Edward Adam\nDavis (see links).(CVE-2024-26791)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: Avoid potential use-after-free in hci_error_reset\r\n\r\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\r\n\r\nHere's the call trace observed on a ChromeOS device with Intel AX201:\n queue_work_on+0x3e/0x6c\n __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth ]\n ? init_wait_entry+0x31/0x31\n __hci_cmd_sync+0x16/0x20 [bluetooth ]\n hci_error_reset+0x4f/0xa4 [bluetooth ]\n process_one_work+0x1d8/0x33f\n worker_thread+0x21b/0x373\n kthread+0x13a/0x152\n ? pr_cont_work+0x54/0x54\n ? kthread_blkcg+0x31/0x31\n ret_from_fork+0x1f/0x30\r\n\r\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash.(CVE-2024-26801)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\r\n\r\nsyzbot reported the following uninit-value access issue [1]:\r\n\r\nnetlink_to_full_skb() creates a new `skb` and puts the `skb->data`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb->end` that is not data offset but buffer offset. The\n`skb->end` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\r\n\r\nThis patch resolved this issue by correct the len from `skb->end` to\n`skb->len`, which is the actual data offset.\r\n\r\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\r\n\r\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---(CVE-2024-26805)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\r\n\r\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list.(CVE-2024-26808)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\r\n\r\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\r\n\r\nThis fix requires:\r\n\r\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\r\n\r\nwhich came after:\r\n\r\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\").(CVE-2024-26809)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nksmbd: validate payload size in ipc response\r\n\r\nIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc\nresponse to ksmbd kernel server. ksmbd should validate payload size of\nipc response from ksmbd.mountd to avoid memory overrun or\nslab-out-of-bounds. This patch validate 3 ipc response that has payload.(CVE-2024-26811)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Create persistent INTx handler\r\n\r\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\r\n\r\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\r\n\r\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks.(CVE-2024-26812)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncifs: fix underflow in parse_server_interfaces()\r\n\r\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need. However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t. That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending.(CVE-2024-26828)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\r\n\r\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\r\n\r\nvmlinux get_bitmap(b=75) + 712\n\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\nvmlinux DecodeRasMessage() + 304\n\nvmlinux ras_help() + 684\n\nvmlinux nf_confirm() + 188\n\r\n\r\nDue to abnormal data in skb->data, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding.(CVE-2024-26851)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: hns3: fix kernel crash when 1588 is received on HIP08 devices\r\n\r\nThe HIP08 devices does not register the ptp devices, so the\nhdev->ptp is NULL, but the hardware can receive 1588 messages,\nand set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the\naccess of hdev->ptp->flags will cause a kernel crash:\r\n\r\n[ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n[ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]\n[ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge]\n[ 5889.279101] sp : ffff800012c3bc50\n[ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040\n[ 5889.289927] x27: ffff800009116484 x26: 0000000080007500\n[ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000\n[ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000\n[ 5889.309134] x21: 0000000000000000 x20: ffff204004220080\n[ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000\n[ 5889.321897] x17: 0000000000000000 x16: 0000000000000000\n[ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000\n[ 5889.334617] x13: 0000000000000000 x12: 00000000010011df\n[ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000\n[ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d\n[ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480\n[ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000\n[ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000\n[ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080\n[ 5889.378857] Call trace:\n[ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]\n[ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3]\n[ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3]\n[ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3]\n[ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3]\n[ 5889.411084] napi_poll+0xcc/0x264\n[ 5889.415329] net_rx_action+0xd4/0x21c\n[ 5889.419911] __do_softirq+0x130/0x358\n[ 5889.424484] irq_exit+0x134/0x154\n[ 5889.428700] __handle_domain_irq+0x88/0xf0\n[ 5889.433684] gic_handle_irq+0x78/0x2c0\n[ 5889.438319] el1_irq+0xb8/0x140\n[ 5889.442354] arch_cpu_idle+0x18/0x40\n[ 5889.446816] default_idle_call+0x5c/0x1c0\n[ 5889.451714] cpuidle_idle_call+0x174/0x1b0\n[ 5889.456692] do_idle+0xc8/0x160\n[ 5889.460717] cpu_startup_entry+0x30/0xfc\n[ 5889.465523] secondary_start_kernel+0x158/0x1ec\n[ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80)\n[ 5889.477950] SMP: stopping secondary CPUs\n[ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95\n[ 5890.522951] Starting crashdump kernel...(CVE-2024-26881)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmd: fix kmemleak of rdev->serial\r\n\r\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\r\n\r\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n [<00000000f206d60a>] kvmalloc_node+0x74/0x150\n [<0000000034bf3363>] rdev_init_serial+0x67/0x170\n [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n [<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n [<0000000085086a11>] vfs_ioctl+0x22/0x60\n [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n [<00000000e54e675e>] do_syscall_64+0x71/0x150\n [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74(CVE-2024-26900)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\r\n\r\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\r\n\r\n[1]\n\"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\r\n\r\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\r\n\r\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240\"\r\n\r\nPer Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem.(CVE-2024-26901)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\r\n\r\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\r\n\r\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\r\n\r\n2. In our fuzz test case, the timing of the controller's response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\r\n\r\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`,\nspecifically when accessing `conn->hcon`, a null-ptr-deref error occurred.\r\n\r\nTo fix this bug, check if `sk->sk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx.(CVE-2024-26903)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\r\n\r\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field \"eseg->inline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---(CVE-2024-26907)\r\n\r\nRejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2024-26908)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\r\n\r\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\r\n\r\nTo prevent this, it should be changed to hlist_for_each_entry_safe.(CVE-2024-27395)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: gtp: Fix Use-After-Free in gtp_dellink\r\n\r\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\r\n\r\nTo prevent this, it should be changed to hlist_for_each_entry_safe.(CVE-2024-27396)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncpumap: Zero-initialise xdp_rxq_info struct before running XDP program\r\n\r\nWhen running an XDP program that is attached to a cpumap entry, we don't\ninitialise the xdp_rxq_info data structure being used in the xdp_buff\nthat backs the XDP program invocation. Tobias noticed that this leads to\nrandom values being returned as the xdp_md->rx_queue_index value for XDP\nprograms running in a cpumap.\r\n\r\nThis means we're basically returning the contents of the uninitialised\nmemory, which is bad. Fix this by zero-initialising the rxq data\nstructure before running the XDP program.(CVE-2024-27431)",
"cves": [
{
"id": "CVE-2024-27431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27431",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.139.0.166_openEuler-SA-2024-1679.json b/cusa/k/kernel/kernel-5.10.0-60.139.0.166_openEuler-SA-2024-1679.json
index 74340d3..73f3269 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.139.0.166_openEuler-SA-2024-1679.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.139.0.166_openEuler-SA-2024-1679.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1679",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1679",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/tegra: dsi: Add missing check for of_find_device_by_node\r\n\r\nAdd check for the return value of of_find_device_by_node() and return\nthe error if it fails in order to avoid NULL pointer dereference.(CVE-2023-52650)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\npstore: ram_core: fix possible overflow in persistent_ram_init_ecc()\r\n\r\nIn persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return\n64-bit value since persistent_ram_zone::buffer_size has type size_t which\nis derived from the 64-bit *unsigned long*, while the ecc_blocks variable\nthis value gets assigned to has (always 32-bit) *int* type. Even if that\nvalue fits into *int* type, an overflow is still possible when calculating\nthe size_t typed ecc_total variable further below since there's no cast to\nany 64-bit type before multiplication. Declaring the ecc_blocks variable\nas *size_t* should fix this mess...\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.(CVE-2023-52685)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/bridge: tpd12s015: Drop buggy __exit annotation for remove function\r\n\r\nWith tpd12s015_remove() marked with __exit this function is discarded\nwhen the driver is compiled as a built-in. The result is that when the\ndriver unbinds there is no cleanup done which results in resource\nleakage or worse.(CVE-2023-52694)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: pcrypt - Fix hungtask for PADATA_RESET\r\n\r\nWe found a hungtask bug in test_aead_vec_cfg as follows:\r\n\r\nINFO: task cryptomgr_test:391009 blocked for more than 120 seconds.\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\nCall trace:\n __switch_to+0x98/0xe0\n __schedule+0x6c4/0xf40\n schedule+0xd8/0x1b4\n schedule_timeout+0x474/0x560\n wait_for_common+0x368/0x4e0\n wait_for_completion+0x20/0x30\n wait_for_completion+0x20/0x30\n test_aead_vec_cfg+0xab4/0xd50\n test_aead+0x144/0x1f0\n alg_test_aead+0xd8/0x1e0\n alg_test+0x634/0x890\n cryptomgr_test+0x40/0x70\n kthread+0x1e0/0x220\n ret_from_fork+0x10/0x18\n Kernel panic - not syncing: hung_task: blocked tasks\r\n\r\nFor padata_do_parallel, when the return err is 0 or -EBUSY, it will call\nwait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal\ncase, aead_request_complete() will be called in pcrypt_aead_serial and the\nreturn err is 0 for padata_do_parallel. But, when pinst->flags is\nPADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it\nwon't call aead_request_complete(). Therefore, test_aead_vec_cfg will\nhung at wait_for_completion(&wait->completion), which will cause\nhungtask.\r\n\r\nThe problem comes as following:\n(padata_do_parallel) |\n rcu_read_lock_bh(); |\n err = -EINVAL; | (padata_replace)\n | pinst->flags |= PADATA_RESET;\n err = -EBUSY |\n if (pinst->flags & PADATA_RESET) |\n rcu_read_unlock_bh() |\n return err\r\n\r\nIn order to resolve the problem, we replace the return err -EBUSY with\n-EAGAIN, which means parallel_data is changing, and the caller should call\nit again.\r\n\r\nv3:\nremove retry and just change the return err.\nv2:\nintroduce padata_try_do_parallel() in pcrypt_aead_encrypt and\npcrypt_aead_decrypt to solve the hungtask.(CVE-2023-52813)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL\r\n\r\nIn certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:\r\n\r\n1. Navigate to the directory: /sys/kernel/debug/dri/0\n2. Execute command: cat amdgpu_regs_smc\n3. Exception Log::\n[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[4005007.702562] #PF: supervisor instruction fetch in kernel mode\n[4005007.702567] #PF: error_code(0x0010) - not-present page\n[4005007.702570] PGD 0 P4D 0\n[4005007.702576] Oops: 0010 [#1] SMP NOPTI\n[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u\n[4005007.702590] RIP: 0010:0x0\n[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.\n[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206\n[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68\n[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000\n[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980\n[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000\n[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000\n[4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000\n[4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0\n[4005007.702633] Call Trace:\n[4005007.702636] \n[4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu]\n[4005007.703002] full_proxy_read+0x5c/0x80\n[4005007.703011] vfs_read+0x9f/0x1a0\n[4005007.703019] ksys_read+0x67/0xe0\n[4005007.703023] __x64_sys_read+0x19/0x20\n[4005007.703028] do_syscall_64+0x5c/0xc0\n[4005007.703034] ? do_user_addr_fault+0x1e3/0x670\n[4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0\n[4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20\n[4005007.703052] ? irqentry_exit+0x19/0x30\n[4005007.703057] ? exc_page_fault+0x89/0x160\n[4005007.703062] ? asm_exc_page_fault+0x8/0x30\n[4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[4005007.703075] RIP: 0033:0x7f5e07672992\n[4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24\n[4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992\n[4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003\n[4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010\n[4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000\n[4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000\n[4005007.703105] \n[4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca\n[4005007.703184] CR2: 0000000000000000\n[4005007.703188] ---[ en\n---truncated---(CVE-2023-52817)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnbd: fix uaf in nbd_open\r\n\r\nCommit 4af5f2e03013 (\"nbd: use blk_mq_alloc_disk and\nblk_cleanup_disk\") cleans up disk by blk_cleanup_disk() and it won't set\ndisk->private_data as NULL as before. UAF may be triggered in nbd_open()\nif someone tries to open nbd device right after nbd_put() since nbd has\nbeen free in nbd_dev_remove().\r\n\r\nFix this by implementing ->free_disk and free private data in it.(CVE-2023-52837)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/radeon: possible buffer overflow\r\n\r\nBuffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is\nchecked after access.(CVE-2023-52867)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing: Have trace_event_file have ref counters\r\n\r\nThe following can crash the kernel:\r\n\r\n # cd /sys/kernel/tracing\n # echo 'p:sched schedule' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\r\n\r\nThe above commands:\r\n\r\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn't matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\r\n\r\nThe above causes a crash!\r\n\r\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\r\n\r\nWhat happens here is that the kprobe event creates a trace_event_file\n\"file\" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the \"enable\" file gets a reference to the event \"file\" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event \"file\"\ndescriptor.\r\n\r\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event \"file\" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent \"file\" descriptor that was just freed, causing a use-after-free bug.\r\n\r\nTo solve this, add a ref count to the event \"file\" descriptor as well as a\nnew flag called \"FREED\". The \"file\" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there's still a reference to the event \"file\" descriptor.(CVE-2023-52879)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: access device through ctx instead of peer\r\n\r\nThe previous commit fixed a bug that led to a NULL peer->device being\ndereferenced. It's actually easier and faster performance-wise to\ninstead get the device from ctx->wg. This semantically makes more sense\ntoo, since ctx->wg->peer_allowedips.seq is compared with\nctx->allowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers.(CVE-2024-26950)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfs: fix UAF in direct writes\r\n\r\nIn production we have been hitting the following warning consistently\r\n\r\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0\nWorkqueue: nfsiod nfs_direct_write_schedule_work [nfs]\nRIP: 0010:refcount_warn_saturate+0x9c/0xe0\nPKRU: 55555554\nCall Trace:\n \n ? __warn+0x9f/0x130\n ? refcount_warn_saturate+0x9c/0xe0\n ? report_bug+0xcc/0x150\n ? handle_bug+0x3d/0x70\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? refcount_warn_saturate+0x9c/0xe0\n nfs_direct_write_schedule_work+0x237/0x250 [nfs]\n process_one_work+0x12f/0x4a0\n worker_thread+0x14e/0x3b0\n ? ZSTD_getCParams_internal+0x220/0x220\n kthread+0xdc/0x120\n ? __btf_name_valid+0xa0/0xa0\n ret_from_fork+0x1f/0x30\r\n\r\nThis is because we're completing the nfs_direct_request twice in a row.\r\n\r\nThe source of this is when we have our commit requests to submit, we\nprocess them and send them off, and then in the completion path for the\ncommit requests we have\r\n\r\nif (nfs_commit_end(cinfo.mds))\n\tnfs_direct_write_complete(dreq);\r\n\r\nHowever since we're submitting asynchronous requests we sometimes have\none that completes before we submit the next one, so we end up calling\ncomplete on the nfs_direct_request twice.\r\n\r\nThe only other place we use nfs_generic_commit_list() is in\n__nfs_commit_inode, which wraps this call in a\r\n\r\nnfs_commit_begin();\nnfs_commit_end();\r\n\r\nWhich is a common pattern for this style of completion handling, one\nthat is also repeated in the direct code with get_dreq()/put_dreq()\ncalls around where we process events as well as in the completion paths.\r\n\r\nFix this by using the same pattern for the commit requests.\r\n\r\nBefore with my 200 node rocksdb stress running this warning would pop\nevery 10ish minutes. With my patch the stress test has been running for\nseveral hours without popping.(CVE-2024-26958)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: fix llsec key resources release in mac802154_llsec_key_del\r\n\r\nmac802154_llsec_key_del() can free resources of a key directly without\nfollowing the RCU rules for waiting before the end of a grace period. This\nmay lead to use-after-free in case llsec_lookup_key() is traversing the\nlist of keys in parallel with a key deletion:\r\n\r\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0\nModules linked in:\nCPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x162/0x2a0\nCall Trace:\n \n llsec_lookup_key.isra.0+0x890/0x9e0\n mac802154_llsec_encrypt+0x30c/0x9c0\n ieee802154_subif_start_xmit+0x24/0x1e0\n dev_hard_start_xmit+0x13e/0x690\n sch_direct_xmit+0x2ae/0xbc0\n __dev_queue_xmit+0x11dd/0x3c20\n dgram_sendmsg+0x90b/0xd60\n __sys_sendto+0x466/0x4c0\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x45/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\r\n\r\nAlso, ieee802154_llsec_key_entry structures are not freed by\nmac802154_llsec_key_del():\r\n\r\nunreferenced object 0xffff8880613b6980 (size 64):\n comm \"iwpan\", pid 2176, jiffies 4294761134 (age 60.475s)\n hex dump (first 32 bytes):\n 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x.......\".......\n 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................\n backtrace:\n [] __kmem_cache_alloc_node+0x1e2/0x2d0\n [] kmalloc_trace+0x25/0xc0\n [] mac802154_llsec_key_add+0xac9/0xcf0\n [] ieee802154_add_llsec_key+0x5a/0x80\n [] nl802154_add_llsec_key+0x426/0x5b0\n [] genl_family_rcv_msg_doit+0x1fe/0x2f0\n [] genl_rcv_msg+0x531/0x7d0\n [] netlink_rcv_skb+0x169/0x440\n [] genl_rcv+0x28/0x40\n [] netlink_unicast+0x53c/0x820\n [] netlink_sendmsg+0x93b/0xe60\n [] ____sys_sendmsg+0xac5/0xca0\n [] ___sys_sendmsg+0x11d/0x1c0\n [] __sys_sendmsg+0xfa/0x1d0\n [] do_syscall_64+0x45/0xf0\n [] entry_SYSCALL_64_after_hwframe+0x6e/0x76\r\n\r\nHandle the proper resource release in the RCU callback function\nmac802154_llsec_key_del_rcu().\r\n\r\nNote that if llsec_lookup_key() finds a key, it gets a refcount via\nllsec_key_get() and locally copies key id from key_entry (which is a\nlist element). So it's safe to call llsec_key_put() and free the list\nentry after the RCU grace period elapses.\r\n\r\nFound by Linux Verification Center (linuxtesting.org).(CVE-2024-26961)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: qcom: mmcc-msm8974: fix terminating of frequency table arrays\r\n\r\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\r\n\r\nOnly compile tested.(CVE-2024-26965)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nubifs: ubifs_symlink: Fix memleak of inode->i_link in error path\r\n\r\nFor error handling path in ubifs_symlink(), inode will be marked as\nbad first, then iput() is invoked. If inode->i_link is initialized by\nfscrypt_encrypt_symlink() in encryption scenario, inode->i_link won't\nbe freed by callchain ubifs_free_inode -> fscrypt_free_inode in error\nhandling path, because make_bad_inode() has changed 'inode->i_mode' as\n'S_IFREG'.\nFollowing kmemleak is easy to be reproduced by injecting error in\nubifs_jnl_update() when doing symlink in encryption scenario:\n unreferenced object 0xffff888103da3d98 (size 8):\n comm \"ln\", pid 1692, jiffies 4294914701 (age 12.045s)\n backtrace:\n kmemdup+0x32/0x70\n __fscrypt_encrypt_symlink+0xed/0x1c0\n ubifs_symlink+0x210/0x300 [ubifs]\n vfs_symlink+0x216/0x360\n do_symlinkat+0x11a/0x190\n do_syscall_64+0x3b/0xe0\nThere are two ways fixing it:\n 1. Remove make_bad_inode() in error handling path. We can do that\n because ubifs_evict_inode() will do same processes for good\n symlink inode and bad symlink inode, for inode->i_nlink checking\n is before is_bad_inode().\n 2. Free inode->i_link before marking inode bad.\nMethod 2 is picked, it has less influence, personally, I think.(CVE-2024-26972)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\r\n\r\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\r\n\r\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can't return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can't return until async_pf_execute() finishes:\r\n\r\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n \n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n \n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \r\n\r\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there's no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won't do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\r\n\r\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that's a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\r\n\r\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\r\n\r\n __kvm_vcpu_wake_up(vcpu);\r\n\r\n mmput(mm);\r\n\r\nand mmput() can't drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won't get stuck tearing down page tables.\r\n\r\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren't actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\r\n\r\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---(CVE-2024-26976)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\r\n\r\nThe sysfs_break_active_protection() routine has an obvious reference\nleak in its error path. If the call to kernfs_find_and_get() fails then\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\nroutine won't get called (and would only cause an access violation by\ntrying to dereference kn->parent if it was called). As a result, the\nreference to kobj acquired at the start of the function will never be\nreleased.\r\n\r\nFix the leak by adding an explicit kobject_put() call when kn is NULL.(CVE-2024-26993)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nserial: mxs-auart: add spinlock around changing cts state\r\n\r\nThe uart_handle_cts_change() function in serial_core expects the caller\nto hold uport->lock. For example, I have seen the below kernel splat,\nwhen the Bluetooth driver is loaded on an i.MX28 board.\r\n\r\n [ 85.119255] ------------[ cut here ]------------\n [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec\n [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs\n [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1\n [ 85.151396] Hardware name: Freescale MXS (Device Tree)\n [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth]\n (...)\n [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4\n [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210\n (...)(CVE-2024-27000)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm: nv04: Fix out of bounds access\r\n\r\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\r\n\r\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-27008)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'\r\n\r\nTell snprintf() to store at most 10 bytes in the output buffer\ninstead of 30.\r\n\r\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10(CVE-2024-27045)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nUSB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\r\n\r\nThe isd200 sub-driver in usb-storage uses the HEADS and SECTORS values\nin the ATA ID information to calculate cylinder and head values when\ncreating a CDB for READ or WRITE commands. The calculation involves\ndivision and modulus operations, which will cause a crash if either of\nthese values is 0. While this never happens with a genuine device, it\ncould happen with a flawed or subversive emulation, as reported by the\nsyzbot fuzzer.\r\n\r\nProtect against this possibility by refusing to bind to the device if\neither the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID\ninformation is 0. This requires isd200_Initialization() to return a\nnegative error code when initialization fails; currently it always\nreturns 0 (even when there is an error).(CVE-2024-27059)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: ttpci: fix two memleaks in budget_av_attach\r\n\r\nWhen saa7146_register_device and saa7146_vv_init fails, budget_av_attach\nshould free the resources it allocates, like the error-handling of\nttpci_budget_init does. Besides, there are two fixme comment refers to\nsuch deallocations.(CVE-2024-27073)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: dvb-frontends: avoid stack overflow warnings with clang\r\n\r\nA previous patch worked around a KASAN issue in stv0367, now a similar\nproblem showed up with clang:\r\n\r\ndrivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]\n 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)\r\n\r\nRework the stv0367_writereg() function to be simpler and mark both\nregister access functions as noinline_for_stack so the temporary\ni2c_msg structures do not get duplicated on the stack when KASAN_STACK\nis enabled.(CVE-2024-27075)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\npstore: inode: Only d_invalidate() is needed\r\n\r\nUnloading a modular pstore backend with records in pstorefs would\ntrigger the dput() double-drop warning:\r\n\r\n WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410\r\n\r\nUsing the combo of d_drop()/dput() (as mentioned in\nDocumentation/filesystems/vfs.rst) isn't the right approach here, and\nleads to the reference counting problem seen above. Use d_invalidate()\nand update the code to not bother checking for error codes that can\nnever happen.\r\n\r\n---(CVE-2024-27389)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\r\n\r\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it.(CVE-2024-35845)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\r\n\r\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\r\n\r\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\n Uninit was created at:\n __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n __do_kmalloc_node mm/slub.c:3954 [inline]\n __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n kmalloc_node include/linux/slab.h:648 [inline]\n kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n kvmalloc include/linux/slab.h:766 [inline]\n init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\n Bytes 40-65535 of 65536 are uninitialized\n Memory access of size 65536 starts at ffff888045a40000\r\n\r\nThis happens, because we're copying a 'struct btrfs_data_container' back\nto user-space. This btrfs_data_container is allocated in\n'init_data_container()' via kvmalloc(), which does not zero-fill the\nmemory.\r\n\r\nFix this by using kvzalloc() which zeroes out the memory on allocation.(CVE-2024-35849)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()\r\n\r\nThe call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an\nunsuccessful status. In such cases, the elsiocb is not issued, the\ncompletion is not called, and thus the elsiocb resource is leaked.\r\n\r\nCheck return value after calling lpfc_sli4_resume_rpi() and conditionally\nrelease the elsiocb resource.(CVE-2024-35930)",
"cves": [
{
"id": "CVE-2024-35930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35930",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.20.0.52_openEuler-SA-2022-1614.json b/cusa/k/kernel/kernel-5.10.0-60.20.0.52_openEuler-SA-2022-1614.json
index 544745d..5f35809 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.20.0.52_openEuler-SA-2022-1614.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.20.0.52_openEuler-SA-2022-1614.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1614",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1614",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.(CVE-2022-26966)\r\n\r\nIn drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.(CVE-2022-27223)",
"cves": [
{
"id": "CVE-2022-27223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27223",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.27.0.57_openEuler-SA-2022-1621.json b/cusa/k/kernel/kernel-5.10.0-60.27.0.57_openEuler-SA-2022-1621.json
index 6b7334f..2a0e9c3 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.27.0.57_openEuler-SA-2022-1621.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.27.0.57_openEuler-SA-2022-1621.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1621",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1621",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.(CVE-2022-27666)\r\n\r\nIn aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel(CVE-2021-39698)\n\nVulnerability Summary for CVE-2022-1198.(CVE-2022-1198)\n\nems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28390)\n\nA flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.(CVE-2022-1016)\n\nProduct: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel.(CVE-2021-39713)\n\nA use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5.(CVE-2022-1055)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23039)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23040)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23041)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042.(CVE-2022-23042)\n\nThe SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.(CVE-2022-28893)",
"cves": [
{
"id": "CVE-2022-28893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28893",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.28.0.58_openEuler-SA-2022-1660.json b/cusa/k/kernel/kernel-5.10.0-60.28.0.58_openEuler-SA-2022-1660.json
index a8b7fa9..d0b5701 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.28.0.58_openEuler-SA-2022-1660.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.28.0.58_openEuler-SA-2022-1660.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1660",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1660",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nInsufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.(CVE-2021-33061)",
"cves": [
{
"id": "CVE-2021-33061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33061",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.31.0.60_openEuler-SA-2022-1666.json b/cusa/k/kernel/kernel-5.10.0-60.31.0.60_openEuler-SA-2022-1666.json
index 6b768a0..ac0a8c9 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.31.0.60_openEuler-SA-2022-1666.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.31.0.60_openEuler-SA-2022-1666.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1666",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1666",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nusb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28388)\n\nmcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.(CVE-2022-28389)\n\nIn the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.(CVE-2022-28356)",
"cves": [
{
"id": "CVE-2022-28356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28356",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.32.0.61_openEuler-SA-2022-1677.json b/cusa/k/kernel/kernel-5.10.0-60.32.0.61_openEuler-SA-2022-1677.json
index b947a9b..c055fbd 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.32.0.61_openEuler-SA-2022-1677.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.32.0.61_openEuler-SA-2022-1677.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1677",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1677",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\n\n\nSecurity Fix(es):\n\nA NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.(CVE-2022-1205)\n\nUAF causes the system to crash Exploit conditions: The root user reduces the reference count of drm_vgem_gem_object through ioctl$DRM_IOCTL_MODE_DESTROY_DUMB, and vgem_gem_dumb_create will access the released drm_vgem_gem_object Technical reason: The gpu driver can reduce the reference count of drm_vgem_gem_object through ioctl Concurrency causes uaf judgment method: CONFIG_DRM is not configured No circumvention measures are involved: none(CVE-2022-1419)\n\nA concurrency use-after-free issue was discovered between reset_interrupt and floppy_end_request in the latest kernel version (5.17.5 for now). The root cause is that after deallocating current_req in floppy_end_request, reset_interrupt still holds the freed current_req->error_count and accesses it concurrently.(CVE-2022-1652)",
"cves": [
{
"id": "CVE-2022-1652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1652",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.35.0.64_openEuler-SA-2022-1691.json b/cusa/k/kernel/kernel-5.10.0-60.35.0.64_openEuler-SA-2022-1691.json
index f287034..7a4324b 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.35.0.64_openEuler-SA-2022-1691.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.35.0.64_openEuler-SA-2022-1691.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1691",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1691",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nNon-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-0002)\r\n\r\nIn the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.(CVE-2022-29582)\r\n\r\nA use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.(CVE-2022-1195)\r\n\r\nIn mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel(CVE-2022-20008)\r\n\r\nDue to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service.(CVE-2022-1012)\r\n\r\nA flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space.(CVE-2022-1734)\r\n\r\nImproper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.(CVE-2022-29581)\r\n\r\nA NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.(CVE-2022-1516)",
"cves": [
{
"id": "CVE-2022-1516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1516",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.37.0.66_openEuler-SA-2022-1705.json b/cusa/k/kernel/kernel-5.10.0-60.37.0.66_openEuler-SA-2022-1705.json
index 3199f1c..5c7dcdf 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.37.0.66_openEuler-SA-2022-1705.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.37.0.66_openEuler-SA-2022-1705.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1705",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1705",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nThere are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker to crash linux kernel by simulating ax25 device from user space.(CVE-2022-1204)\r\n\r\nThe Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.(CVE-2022-30594)",
"cves": [
{
"id": "CVE-2022-30594",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30594",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.38.0.67_openEuler-SA-2022-1714.json b/cusa/k/kernel/kernel-5.10.0-60.38.0.67_openEuler-SA-2022-1714.json
index d47fbdd..04797a7 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.38.0.67_openEuler-SA-2022-1714.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.38.0.67_openEuler-SA-2022-1714.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1714",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1714",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\nAn out-of-bound write vulnerability was identified within the netfilter subsystem which can be exploited to achieve privilege escalation to root.(CVE-2022-1972)\n\r\nA use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.(CVE-2022-1974)\n\nA use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-1786)",
"cves": [
{
"id": "CVE-2022-1786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1786",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1631.json b/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1631.json
index b7882d9..37070fc 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1631.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1631.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1631",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1631",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system(CVE-2022-1205)\n\nA flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.(CVE-2022-1199)\n\nA vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.(CVE-2022-1353)\n\nCertain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.(CVE-2022-23960)\n\ndrivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.(CVE-2022-29156)\n\nA flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-0500)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23036)\n\nIn several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel(CVE-2021-39686)\n\nNon-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-0001)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23038)\n\nLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23037)",
"cves": [
{
"id": "CVE-2022-23037",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23037",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1725.json b/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1725.json
index 546b0eb..a7ab1cd 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1725.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.39.0.68_openEuler-SA-2022-1725.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1725",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1725",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\nIn lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel(CVE-2022-20132)\n\r\nIn lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel(CVE-2022-20154)\n\nA use-after-free vulnerability was found in the Linux kernel s Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.(CVE-2022-1966)\n\nThe Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.(CVE-2022-32296)\n\nAn issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\nnet/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.(CVE-2022-32250)",
"cves": [
{
"id": "CVE-2022-32250",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32250",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.40.0.69_openEuler-SA-2022-1727.json b/cusa/k/kernel/kernel-5.10.0-60.40.0.69_openEuler-SA-2022-1727.json
index db11fba..fac5518 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.40.0.69_openEuler-SA-2022-1727.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.40.0.69_openEuler-SA-2022-1727.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1727",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1727",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1048)\r\n\r\nThe SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.(CVE-2022-1158)\r\n\r\nKGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21499)",
"cves": [
{
"id": "CVE-2022-21499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21499",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.41.0.70_openEuler-SA-2022-1730.json b/cusa/k/kernel/kernel-5.10.0-60.41.0.70_openEuler-SA-2022-1730.json
index 61d5afb..e90daa7 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.41.0.70_openEuler-SA-2022-1730.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.41.0.70_openEuler-SA-2022-1730.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1730",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1730",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nNFC: netlink: fix sleep in atomic bug when firmware download timeout(CVE-2022-1975)\r\n\r\nIn various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel(CVE-2022-20166)\r\n\r\nA NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.(CVE-2022-1852)",
"cves": [
{
"id": "CVE-2022-1852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1852",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.42.0.71_openEuler-SA-2022-1746.json b/cusa/k/kernel/kernel-5.10.0-60.42.0.71_openEuler-SA-2022-1746.json
index 960771f..17a8a87 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.42.0.71_openEuler-SA-2022-1746.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.42.0.71_openEuler-SA-2022-1746.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2022-1746",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1746",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\ndrivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.(CVE-2022-33981)\r\n\r\nA vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.(CVE-2022-2078)\n\nNo description is available for this CVE.(CVE-2022-2153)",
"cves": [
{
diff --git a/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1748.json b/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1748.json
index 102ee1c..29edf5a 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1748.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1748.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1748",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1748",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nUsing the ioctl function to modify the vc_font.height value through PIO_FONT can cause the KASAN: vmalloc-out-of-bounds in sys_imageblit problem. Requires tty group permissions to access the device file /dev/tty1.(CVE-2021-33656)",
"cves": [
{
"id": "CVE-2021-33656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33656",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1750.json b/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1750.json
index 415aa1b..896a1e9 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1750.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.43.0.72_openEuler-SA-2022-1750.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1750",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1750",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIncomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-21123)\n\nIncomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-21125)\n\nIncomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-21166)",
"cves": [
{
"id": "CVE-2022-21166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21166",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.46.0.74_openEuler-SA-2022-1774.json b/cusa/k/kernel/kernel-5.10.0-60.46.0.74_openEuler-SA-2022-1774.json
index 0f6e5f2..1bd5645 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.46.0.74_openEuler-SA-2022-1774.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.46.0.74_openEuler-SA-2022-1774.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1774",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1774",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nThere are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.(CVE-2022-2318)\r\n\r\nAn issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.(CVE-2022-34918)\r\n\r\nArm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.(CVE-2022-33744)\r\n\r\nLinux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-26365)\r\n\r\nLinux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33740)\r\n\r\nLinux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33741)\r\n\r\nLinux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33742)\r\n\r\nnetwork backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.(CVE-2022-33743)\n\nWhen setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(CVE-2021-33656)",
"cves": [
{
"id": "CVE-2021-33656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33656",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.47.0.75_openEuler-SA-2022-1794.json b/cusa/k/kernel/kernel-5.10.0-60.47.0.75_openEuler-SA-2022-1794.json
index 23059c6..2d37c87 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.47.0.75_openEuler-SA-2022-1794.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.47.0.75_openEuler-SA-2022-1794.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1794",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1794",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nThe Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.(CVE-2022-2380)\n\nIn USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel(CVE-2022-20227)\n\nKernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled.(CVE-2022-21505)",
"cves": [
{
"id": "CVE-2022-21505",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21505",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1802.json b/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1802.json
index 25c9681..b5cc81f 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1802.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1802.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1802",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1802",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2022-1508)\r\n\r\nWhen sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(CVE-2021-33655)",
"cves": [
{
"id": "CVE-2021-33655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33655",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1842.json b/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1842.json
index 2ad564b..c194c3f 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1842.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.48.0.76_openEuler-SA-2022-1842.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1842",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1842",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.(CVE-2022-36879)",
"cves": [
{
"id": "CVE-2022-36879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36879",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.50.0.78_openEuler-SA-2022-1824.json b/cusa/k/kernel/kernel-5.10.0-60.50.0.78_openEuler-SA-2022-1824.json
index d096012..1a424a6 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.50.0.78_openEuler-SA-2022-1824.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.50.0.78_openEuler-SA-2022-1824.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1824",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1824",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nnfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.(CVE-2022-36946)\n\nA use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1679)\n\nio_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859(CVE-2022-2327)\n\nAn integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)",
"cves": [
{
"id": "CVE-2022-2639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.51.0.79_openEuler-SA-2022-1845.json b/cusa/k/kernel/kernel-5.10.0-60.51.0.79_openEuler-SA-2022-1845.json
index 8e71480..70e7498 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.51.0.79_openEuler-SA-2022-1845.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.51.0.79_openEuler-SA-2022-1845.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1845",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1845",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nst21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.(CVE-2022-26490)\r\n\r\nThe Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.(CVE-2022-36123)\n\nA use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local, privileged attacker to crash the system, possibly leading to a local privilege escalation issue.(CVE-2022-2588)\n\nIt was discovered that when exec ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.(CVE-2022-2585)",
"cves": [
{
"id": "CVE-2022-2585",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2585",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.52.0.80_openEuler-SA-2022-1872.json b/cusa/k/kernel/kernel-5.10.0-60.52.0.80_openEuler-SA-2022-1872.json
index b94d196..366746b 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.52.0.80_openEuler-SA-2022-1872.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.52.0.80_openEuler-SA-2022-1872.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1872",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1872",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel(CVE-2022-20369)",
"cves": [
{
"id": "CVE-2022-20369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20369",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1893.json b/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1893.json
index 95b9fc7..3c18905 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1893.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1893.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1893",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1893",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.(CVE-2022-1462)\r\n\r\nDm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5(CVE-2022-2503)\r\n\r\nA race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.(CVE-2022-2959)\r\n\r\nA flaw was found in the kernels implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.\r\n\r\nReferences:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f(CVE-2022-2977)\r\n\r\nThe linux kernels driver for the \"ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices\" contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. \r\n\r\n\nReferences:\r\n\r\nhttps://www.spinics.net/lists/stable/msg536418.html\r\n\r\nUpstream commit:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581(CVE-2022-2964)\r\n\r\nA race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.(CVE-2022-3028)",
"cves": [
{
"id": "CVE-2022-3028",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3028",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1910.json b/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1910.json
index 8bea280..d01372c 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1910.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.54.0.82_openEuler-SA-2022-1910.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1910",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1910",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.(CVE-2022-2938)\n\nA use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.(CVE-2022-2586)",
"cves": [
{
"id": "CVE-2022-2586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2586",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.56.0.84_openEuler-SA-2022-1927.json b/cusa/k/kernel/kernel-5.10.0-60.56.0.84_openEuler-SA-2022-1927.json
index a47a860..bf75ca2 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.56.0.84_openEuler-SA-2022-1927.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.56.0.84_openEuler-SA-2022-1927.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1927",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1927",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842)\n\nAn issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.(CVE-2022-39190)\n\nAn issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.(CVE-2022-39189)\n\nFound Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error.(CVE-2022-3061)\n\nAn issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.(CVE-2022-2663)",
"cves": [
{
"id": "CVE-2022-2663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2663",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.57.0.85_openEuler-SA-2022-1942.json b/cusa/k/kernel/kernel-5.10.0-60.57.0.85_openEuler-SA-2022-1942.json
index 6c56943..2e73685 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.57.0.85_openEuler-SA-2022-1942.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.57.0.85_openEuler-SA-2022-1942.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1942",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1942",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nNon-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-26373)\r\n\r\nA heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.(CVE-2022-2991)\r\n\r\nAn out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.(CVE-2022-2905)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.(CVE-2022-3078)\r\n\r\nAn issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.(CVE-2022-40307)",
"cves": [
{
"id": "CVE-2022-40307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40307",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1968.json b/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1968.json
index 105165e..1805fd3 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1968.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1968.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1968",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1968",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.(CVE-2022-39188)",
"cves": [
{
"id": "CVE-2022-39188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39188",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1984.json b/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1984.json
index 05d4806..745e1eb 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1984.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.58.0.86_openEuler-SA-2022-1984.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1984",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1984",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2022-3239)",
"cves": [
{
"id": "CVE-2022-3239",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3239",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2015.json b/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2015.json
index 54f3ce9..39b803a 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2015.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2015.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2015",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2015",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)\r\n\r\nA race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition(CVE-2022-3303)\r\n\r\ndrivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.(CVE-2022-41849)\r\n\r\nIn binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel(CVE-2022-20421)\r\n\r\nIn emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel(CVE-2022-20422)\n\nA vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.(CVE-2022-3435)\n\nAn issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.(CVE-2022-41674)\n\nroccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.(CVE-2022-41850)\n\nmm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.(CVE-2022-42703)\n\nA use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.(CVE-2022-42719)\n\nVarious refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.(CVE-2022-42720)\n\nA list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.(CVE-2022-42721)",
"cves": [
{
"id": "CVE-2022-42721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42721",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2027.json b/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2027.json
index 50bb702..7ddd42f 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2027.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.61.0.88_openEuler-SA-2022-2027.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2027",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2027",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel(CVE-2022-20423)",
"cves": [
{
"id": "CVE-2022-20423",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20423",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.63.0.89_openEuler-SA-2022-2033.json b/cusa/k/kernel/kernel-5.10.0-60.63.0.89_openEuler-SA-2022-2033.json
index e92b249..796ff25 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.63.0.89_openEuler-SA-2022-2033.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.63.0.89_openEuler-SA-2022-2033.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-3577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3577",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.65.0.90_openEuler-SA-2022-2045.json b/cusa/k/kernel/kernel-5.10.0-60.65.0.90_openEuler-SA-2022-2045.json
index 0044250..c809210 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.65.0.90_openEuler-SA-2022-2045.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.65.0.90_openEuler-SA-2022-2045.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2045",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2045",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.(CVE-2022-3523)\r\n\r\nA vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.(CVE-2022-3535)\r\n\r\nA vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.(CVE-2022-3621)\r\n\r\nA vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.(CVE-2022-3623)\r\n\r\nA vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.(CVE-2022-3625)\r\n\r\nA vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.(CVE-2022-3635)\r\n\r\ndrivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.(CVE-2022-43750)\n\nA flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2022-2978)\n\nA vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.(CVE-2022-3629)\n\nVUL-0: CVE-2022-42432: kernel-source-rt,kernel-source-azure,kernel-source: nftables: leak of stale stack data to userspace via nf_osf_find()(CVE-2022-42432)\n\nA vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.(CVE-2022-3646)",
"cves": [
{
"id": "CVE-2022-3646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3646",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2071.json b/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2071.json
index 0d5d64e..1eff452 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2071.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2071.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2071",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2071",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.(CVE-2022-3542)\r\n\r\nA vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.(CVE-2022-3606)\n\ndrivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.(CVE-2022-40768)",
"cves": [
{
"id": "CVE-2022-40768",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40768",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2103.json b/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2103.json
index e100af4..3f9bd48 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2103.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.66.0.91_openEuler-SA-2022-2103.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2103",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2103",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nVUL-0: CVE-2022-3628: kernel: USB-accessible buffer overflow in Linux kernel driver brcmfmac(CVE-2022-3628)",
"cves": [
{
"id": "CVE-2022-3628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3628",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.68.0.93_openEuler-SA-2022-2117.json b/cusa/k/kernel/kernel-5.10.0-60.68.0.93_openEuler-SA-2022-2117.json
index 2261d19..bee3317 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.68.0.93_openEuler-SA-2022-2117.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.68.0.93_openEuler-SA-2022-2117.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2117",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2117",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nThere is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url(CVE-2022-42895)\r\n\r\nThere are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url(CVE-2022-42896)",
"cves": [
{
"id": "CVE-2022-42896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42896",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.70.0.94_openEuler-SA-2022-2130.json b/cusa/k/kernel/kernel-5.10.0-60.70.0.94_openEuler-SA-2022-2130.json
index a50926f..ac9133e 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.70.0.94_openEuler-SA-2022-2130.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.70.0.94_openEuler-SA-2022-2130.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2130",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2130",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn incorrect TLB flush issue was found in the Linux kernel?s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.(CVE-2022-4139)\r\n\r\nAn issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.(CVE-2022-45934)",
"cves": [
{
"id": "CVE-2022-45934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45934",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2022-2162.json b/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2022-2162.json
index fcecb2c..a152993 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2022-2162.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2022-2162.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-3108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3108",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2023-1012.json b/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2023-1012.json
index bfc0e4f..2f34c8c 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2023-1012.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.74.0.98_openEuler-SA-2023-1012.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-47939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47939",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.77.0.101_openEuler-SA-2023-1035.json b/cusa/k/kernel/kernel-5.10.0-60.77.0.101_openEuler-SA-2023-1035.json
index 6fb7566..a440a7f 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.77.0.101_openEuler-SA-2023-1035.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.77.0.101_openEuler-SA-2023-1035.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1035",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1035",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.(CVE-2022-2873)\r\n\r\nAn incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.(CVE-2022-3903)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.(CVE-2022-3104)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().(CVE-2022-3111)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.(CVE-2022-3107)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.(CVE-2022-3112)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.(CVE-2022-3113)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.(CVE-2022-3115)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.(CVE-2022-3114)\r\n\r\nA regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a(CVE-2022-2196)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.(CVE-2022-47942)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.(CVE-2022-47940)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.(CVE-2022-47943)",
"cves": [
{
"id": "CVE-2022-47943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47943",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.78.0.102_openEuler-SA-2023-1038.json b/cusa/k/kernel/kernel-5.10.0-60.78.0.102_openEuler-SA-2023-1038.json
index 4c04861..262a730 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.78.0.102_openEuler-SA-2023-1038.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.78.0.102_openEuler-SA-2023-1038.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1038",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1038",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in the Linux kernel?s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-3424)\r\n\r\nA flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.(CVE-2022-4662)\r\n\r\nAn issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.(CVE-2022-47946)\n\nA flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.(CVE-2022-4842)",
"cves": [
{
"id": "CVE-2022-4842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4842",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1056.json b/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1056.json
index d6f93b5..c3ceb0d 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1056.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1056.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1056",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1056",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nIn binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel(CVE-2023-20928)\r\n\r\nA heap overflow bug in ksmbd_decode_ntlmssp_auth_blob in which nt_len can be less than CIFS_ENCPWD_SIZE. This results in a negative blen argument for ksmbd_auth_ntlmv2, where it calls memcpy using blen on memory allocated by kmalloc(blen + CIFS_CRYPTO_KEY_SIZE). Note that CIFS_ENCPWD_SIZE is 16 and CIFS_CRYPTO_KEY_SIZE is 8. We believe this bug can only result in a remote DOS and not privilege escalation nor RCE, as the heap overflow occurs when blen is in range (-8, -1].”\r\n\r\nReference:\nhttps://securityonline.info/cve-2023-0210-flaw-in-linux-kernel-allows-unauthenticated-remote-dos-attacks/\nhttps://www.spinics.net/lists/stable-commits/msg282893.html(CVE-2023-0210)\r\n\r\nIn rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.(CVE-2023-23559)\r\n\r\nThere exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above(CVE-2022-4696)",
"cves": [
{
"id": "CVE-2022-4696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4696",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1071.json b/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1071.json
index 21fca23..975d776 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1071.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.79.0.103_openEuler-SA-2023-1071.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1071",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1071",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.(CVE-2023-0179)\r\n\r\natm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23455)\r\n\r\ncbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23454)",
"cves": [
{
"id": "CVE-2023-23454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23454",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.80.0.104_openEuler-SA-2023-1084.json b/cusa/k/kernel/kernel-5.10.0-60.80.0.104_openEuler-SA-2023-1084.json
index b49821e..91af3b1 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.80.0.104_openEuler-SA-2023-1084.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.80.0.104_openEuler-SA-2023-1084.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1084",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1084",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.(CVE-2022-3707)\r\n\r\nA NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.(CVE-2023-0394)\r\n\r\nA use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem leading to a denial-of-service problem. \r\n\r\nReference:\nhttps://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/\r\n\r\n\nCrash:\n BUG: KASAN: use-after-free in __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066\n Read of size 4 at addr ffff88802065e038 by task syz-executor.4/21027\n \n CPU: 0 PID: 21027 Comm: syz-executor.4 Not tainted 6.0.0-rc3-syzkaller-00363-g7726d4c3e60b #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022\n Call Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066\n __tcf_qdisc_find net/sched/cls_api.c:1051 [inline]\n tc_new_tfilter+0x34f/0x2200 net/sched/cls_api.c:2018\n rtnetlink_rcv_msg+0x955/0xca0 net/core/rtnetlink.c:6081\n netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:734\n ____sys_sendmsg+0x6eb/0x810 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f5efaa89279(CVE-2023-0590)",
"cves": [
{
"id": "CVE-2023-0590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0590",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.83.0.107_openEuler-SA-2023-1144.json b/cusa/k/kernel/kernel-5.10.0-60.83.0.107_openEuler-SA-2023-1144.json
index 555cc20..329265c 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.83.0.107_openEuler-SA-2023-1144.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.83.0.107_openEuler-SA-2023-1144.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1144",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1144",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.(CVE-2023-0240)\r\n\r\nA memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.(CVE-2023-0615)\r\n\r\nThe Linux kernel does not correctly mitigate SMT attacks, as discovered\nthrough a strange pattern in the kernel API using STIBP as a mitigation[1\n], leaving the\nprocess exposed for a short period of time after a syscall. The kernel also\ndoes not issue an IBPB immediately during the syscall.\nThe ib_prctl_set [2\n]function\nupdates the Thread Information Flags (TIFs) for the task and updates the\nSPEC_CTRL MSR on the function __speculation_ctrl_update [3\n],\nbut the IBPB is only issued on the next schedule, when the TIF bits are\nchecked. This leaves the victim vulnerable to values already injected on\nthe BTB, prior to the prctl syscall.\nThe behavior is only corrected after a reschedule of the task happens.\nFurthermore, the kernel entrance (due to the syscall itself), does not\nissue an IBPB in the default scenarios (i.e., when the kernel protects\nitself via retpoline or eIBRS).(CVE-2023-0045)\r\n\r\nREMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified..(CVE-2021-33639)",
"cves": [
{
"id": "CVE-2021-33639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33639",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1152.json b/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1152.json
index 6906f38..8a720ea 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1152.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1152.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1152",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1152",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nDue to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring(CVE-2023-23586)\r\n\r\nIn the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.(CVE-2023-26607)",
"cves": [
{
"id": "CVE-2023-26607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26607",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1177.json b/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1177.json
index cde5203..81d6347 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1177.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.84.0.108_openEuler-SA-2023-1177.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1177",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1177",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel(CVE-2023-20938)\r\n\r\nThere is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c(CVE-2023-0461)\r\n\r\nA flaw in the Linux Kernel found. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.\r\n\r\n\nReference:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb(CVE-2023-1075)\r\n\r\nA flaw found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user.\nIt is known how to trigger this, which causes an OOB access, and a lock corruption.\r\n\r\nReference:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d(CVE-2023-1078)\r\n\r\nA flaw found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function.\nWhile it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability.\nThis would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.\r\n\r\nReferences:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff\nhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a(CVE-2023-1076)\r\n\r\nIn the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.(CVE-2023-22995)\r\n\r\nA flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2023-1118)\n\nIn the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.(CVE-2023-26545)",
"cves": [
{
"id": "CVE-2023-26545",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26545",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.87.0.111_openEuler-SA-2023-1188.json b/cusa/k/kernel/kernel-5.10.0-60.87.0.111_openEuler-SA-2023-1188.json
index fddb185..66752a6 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.87.0.111_openEuler-SA-2023-1188.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.87.0.111_openEuler-SA-2023-1188.json
@@ -2,18 +2,18 @@
"id": "openEuler-SA-2023-1188",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1188",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.(CVE-2022-27672)\r\n\r\nA flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.(CVE-2023-1079)\r\n\r\nIn the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-23004)\r\n\r\nA use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (\"coredump: Use the vma snapshot in fill_files_note\") not applied yet, then kernel could be affected.(CVE-2023-1249)\r\n\r\n\nKernel: denial of service in tipc_conn_close(CVE-2023-1382)\r\n\r\ndo_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).(CVE-2023-28466)\r\n\r\nIn the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.(CVE-2022-48424)\r\n\r\nIn the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.(CVE-2022-48423)\r\n\r\nIn the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.(CVE-2022-48425)\r\n\r\nUse After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.(CVE-2023-1281)\n\nIn the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-22999)",
"cves": [
{
"id": "CVE-2023-1382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1382",
- "severity": "Moderate"
+ "severity": "Medium"
},
{
"id": "CVE-2023-22999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22999",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.88.0.112_openEuler-SA-2023-1199.json b/cusa/k/kernel/kernel-5.10.0-60.88.0.112_openEuler-SA-2023-1199.json
index 0497cbd..4ca04df 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.88.0.112_openEuler-SA-2023-1199.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.88.0.112_openEuler-SA-2023-1199.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1199",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1199",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e(CVE-2023-0266)",
"cves": [
{
"id": "CVE-2023-0266",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0266",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.89.0.113_openEuler-SA-2023-1210.json b/cusa/k/kernel/kernel-5.10.0-60.89.0.113_openEuler-SA-2023-1210.json
index f9558c8..4da19b6 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.89.0.113_openEuler-SA-2023-1210.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.89.0.113_openEuler-SA-2023-1210.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1210",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1210",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIntel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.(CVE-2022-29901)\r\n\r\nA flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.(CVE-2022-4269)\r\n\r\nA null pointer dereference issue was found in the unix protocol in net/unix/diag.c in Linux before 6.0. In unix_diag_get_exact, the newly allocated skb does not have sk, leading to null pointer. A local user could use this flaw to crash the system or potentially cause a denial of service.\r\n\r\nReference:\nhttps://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/\nhttps://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/\nhttps://lore.kernel.org/netdev/20221127012412.37969-3-kuniyu@amazon.com/T/(CVE-2023-28327)\r\n\r\n\nKernel: A denial of service issue in az6027 driver in\ndrivers/media/usb/dev-usb/az6027.c(CVE-2023-28328)\r\n\r\nA slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.(CVE-2023-1380)\r\n\r\nA flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.(CVE-2023-1513)",
"cves": [
{
"id": "CVE-2023-1513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1513",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.90.0.114_openEuler-SA-2023-1228.json b/cusa/k/kernel/kernel-5.10.0-60.90.0.114_openEuler-SA-2023-1228.json
index 7fa9ee2..4060c48 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.90.0.114_openEuler-SA-2023-1228.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.90.0.114_openEuler-SA-2023-1228.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1228",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1228",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea(CVE-2023-1611)\r\n\r\nA flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.(CVE-2023-1670)\r\n\r\nA use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.(CVE-2023-1859)\n\nA race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.(CVE-2023-1582)\n\nA double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-4744)",
"cves": [
{
"id": "CVE-2022-4744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4744",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.91.0.115_openEuler-SA-2023-1253.json b/cusa/k/kernel/kernel-5.10.0-60.91.0.115_openEuler-SA-2023-1253.json
index 237bd59..52aa8fa 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.91.0.115_openEuler-SA-2023-1253.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.91.0.115_openEuler-SA-2023-1253.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1253",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1253",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.(CVE-2022-1015)\r\n\r\nAn out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).(CVE-2022-36280)\r\n\r\nAn issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.(CVE-2023-30456)\r\n\r\nA use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.(CVE-2023-1989)\r\n\r\nA use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.\r\n\r\n(CVE-2023-1829)",
"cves": [
{
"id": "CVE-2023-1829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1829",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.92.0.116_openEuler-SA-2023-1268.json b/cusa/k/kernel/kernel-5.10.0-60.92.0.116_openEuler-SA-2023-1268.json
index d209a19..5b310d3 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.92.0.116_openEuler-SA-2023-1268.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.92.0.116_openEuler-SA-2023-1268.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1268",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1268",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.(CVE-2023-1855)\r\n\r\nA use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.(CVE-2023-1990)\r\n\r\nA use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\r\n\r\nThe io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\r\n\r\nWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.\r\n\r\n(CVE-2023-1872)\r\n\r\nA race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2006)\r\n\r\nThe Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.(CVE-2023-30772)",
"cves": [
{
"id": "CVE-2023-30772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30772",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.93.0.117_openEuler-SA-2023-1274.json b/cusa/k/kernel/kernel-5.10.0-60.93.0.117_openEuler-SA-2023-1274.json
index 726296c..f026eb6 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.93.0.117_openEuler-SA-2023-1274.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.93.0.117_openEuler-SA-2023-1274.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1274",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1274",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.(CVE-2022-4382)\r\n\r\nThe Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\r\n\r\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\r\n\r\n\n(CVE-2023-1998)\r\n\r\nThe specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2007)\r\n\r\nA null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.(CVE-2023-2166)\r\n\r\nA vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.(CVE-2023-2176)\r\n\r\nAn out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.(CVE-2023-2194)\r\n\r\nA denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.(CVE-2023-2269)\r\n\r\nA speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11(CVE-2023-0458)\r\n\r\nqfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.(CVE-2023-31436)\n\nA flaw was found in the Linux kernel s udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2008)",
"cves": [
{
"id": "CVE-2023-2008",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2008",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.94.0.118_openEuler-SA-2023-1284.json b/cusa/k/kernel/kernel-5.10.0-60.94.0.118_openEuler-SA-2023-1284.json
index 551b1ee..495b427 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.94.0.118_openEuler-SA-2023-1284.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.94.0.118_openEuler-SA-2023-1284.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1284",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1284",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.(CVE-2023-2002)\r\n\r\nA speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11(CVE-2023-0458)\r\n\r\nIn emac_probe, &adpt->work_thread is bound with emac_work_thread. Then it will be started by timeout handler emac_tx_timeout or a IRQ handler emac_isr. If we remove the driver which will call emac_remove to make cleanup, there may be a unfinished work. This could lead to a use-after-free.\r\n\r\nUpstream fix:\nhttps://github.com/torvalds/linux/commit/6b6bc5b8bd2d(CVE-2023-2483)\r\n\r\nAn issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.(CVE-2023-32269)\r\n\r\nIn the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.(CVE-2023-26544)\n\nNo description is available for this CVE(CVE-2023-0459)\n\nA null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.(CVE-2023-2177)\n\nA use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.(CVE-2023-2513)",
"cves": [
{
"id": "CVE-2023-2513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2513",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.95.0.119_openEuler-SA-2023-1293.json b/cusa/k/kernel/kernel-5.10.0-60.95.0.119_openEuler-SA-2023-1293.json
index e2270b9..9c592f9 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.95.0.119_openEuler-SA-2023-1293.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.95.0.119_openEuler-SA-2023-1293.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1293",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1293",
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.(CVE-2023-2162)\r\n\r\nAn out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system(CVE-2023-2124)\r\n\r\nIn the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.(CVE-2023-32233)",
"cves": [
{
"id": "CVE-2023-32233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32233",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.96.0.120_openEuler-SA-2023-1323.json b/cusa/k/kernel/kernel-5.10.0-60.96.0.120_openEuler-SA-2023-1323.json
index 7141dd8..4ec5d16 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.96.0.120_openEuler-SA-2023-1323.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.96.0.120_openEuler-SA-2023-1323.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1323",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1323",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-22998)",
"cves": [
{
"id": "CVE-2023-22998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22998",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1361.json b/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1361.json
index 225f46f..ba6fcfc 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1361.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1361.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1361",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1361",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.(CVE-2022-48502)",
"cves": [
{
"id": "CVE-2022-48502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48502",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1369.json b/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1369.json
index 5b4c9c4..90c04af 100644
--- a/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1369.json
+++ b/cusa/k/kernel/kernel-5.10.0-60.98.0.122_openEuler-SA-2023-1369.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1369",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1369",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nAn issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.(CVE-2023-33288)\n\nA use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.(CVE-2023-2985)\n\nAn issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.(CVE-2022-48502)",
"cves": [
{
"id": "CVE-2022-48502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48502",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kexec-tools/kexec-tools-2.0.23-5_openEuler-SA-2022-1825.json b/cusa/k/kexec-tools/kexec-tools-2.0.23-5_openEuler-SA-2022-1825.json
index 6fbde59..32eddd2 100644
--- a/cusa/k/kexec-tools/kexec-tools-2.0.23-5_openEuler-SA-2022-1825.json
+++ b/cusa/k/kexec-tools/kexec-tools-2.0.23-5_openEuler-SA-2022-1825.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1825",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1825",
"title": "An update for kexec-tools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "kexec-tools provides /sbin/kexec binary that facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. This package contains the /sbin/kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.(CVE-2021-20269)",
"cves": [
{
"id": "CVE-2021-20269",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20269",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/krb5/krb5-1.19.2-8_openEuler-SA-2023-1528.json b/cusa/k/krb5/krb5-1.19.2-8_openEuler-SA-2023-1528.json
index 3878830..4000621 100644
--- a/cusa/k/krb5/krb5-1.19.2-8_openEuler-SA-2023-1528.json
+++ b/cusa/k/krb5/krb5-1.19.2-8_openEuler-SA-2023-1528.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1528",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1528",
"title": "An update for krb5 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.\r\n\r\nSecurity Fix(es):\r\n\r\nlib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.(CVE-2023-36054)",
"cves": [
{
"id": "CVE-2023-36054",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36054",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kubernetes/kubernetes-1.20.2-20_openEuler-SA-2023-1414.json b/cusa/k/kubernetes/kubernetes-1.20.2-20_openEuler-SA-2023-1414.json
index 3f1e66b..d780f76 100644
--- a/cusa/k/kubernetes/kubernetes-1.20.2-20_openEuler-SA-2023-1414.json
+++ b/cusa/k/kubernetes/kubernetes-1.20.2-20_openEuler-SA-2023-1414.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1414",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1414",
"title": "An update for kubernetes is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Container cluster management.\n\nSecurity Fix(es):\n\nUsers authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.(CVE-2022-3162)\n\nUsers may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.(CVE-2022-3294)\n\nA security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.(CVE-2023-2431)\n\nUsers may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n(CVE-2023-2727)\n\nUsers may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\n(CVE-2023-2728)",
"cves": [
{
"id": "CVE-2023-2728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2728",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/k/kubernetes/kubernetes-1.20.2-9_openEuler-SA-2022-1979.json b/cusa/k/kubernetes/kubernetes-1.20.2-9_openEuler-SA-2022-1979.json
index 519c193..9982106 100644
--- a/cusa/k/kubernetes/kubernetes-1.20.2-9_openEuler-SA-2022-1979.json
+++ b/cusa/k/kubernetes/kubernetes-1.20.2-9_openEuler-SA-2022-1979.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1979",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1979",
"title": "An update for kubernetes is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Container cluster management.\r\n\r\nSecurity Fix(es):\r\n\r\nA security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the\nclient performing unexpected actions as well as forwarding the client's API server credentials to third parties.\r\n\r\nref: https://github.com/kubernetes/kubernetes/issues/112513(CVE-2022-3172)",
"cves": [
{
"id": "CVE-2022-3172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3172",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/LibRaw/LibRaw-0.20.2-7_openEuler-SA-2024-1450.json b/cusa/l/LibRaw/LibRaw-0.20.2-7_openEuler-SA-2024-1450.json
index 1068dac..2a89599 100644
--- a/cusa/l/LibRaw/LibRaw-0.20.2-7_openEuler-SA-2024-1450.json
+++ b/cusa/l/LibRaw/LibRaw-0.20.2-7_openEuler-SA-2024-1450.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1450",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1450",
"title": "An update for LibRaw is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.(CVE-2021-32142)",
"cves": [
{
"id": "CVE-2021-32142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32142",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/lcr/lcr-2.0.9-7_openEuler-SA-2023-1692.json b/cusa/l/lcr/lcr-2.0.9-7_openEuler-SA-2023-1692.json
index a9435b7..e6eb178 100644
--- a/cusa/l/lcr/lcr-2.0.9-7_openEuler-SA-2023-1692.json
+++ b/cusa/l/lcr/lcr-2.0.9-7_openEuler-SA-2023-1692.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1692",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1692",
"title": "An update for lcr is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIsula uses the lxc runtime (default) to run malicious images, which can cause DOS.(CVE-2021-33634)",
"cves": [
{
"id": "CVE-2021-33634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33634",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/leptonica/leptonica-1.79.0-3_openEuler-SA-2023-1134.json b/cusa/l/leptonica/leptonica-1.79.0-3_openEuler-SA-2023-1134.json
index 289c317..2a9797d 100644
--- a/cusa/l/leptonica/leptonica-1.79.0-3_openEuler-SA-2023-1134.json
+++ b/cusa/l/leptonica/leptonica-1.79.0-3_openEuler-SA-2023-1134.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1134",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1134",
"title": "An update for leptonica is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The library supports many operations that are useful on\n\t\t* Document images\n\t\t* Natural images\n\t\tFundamental image processing and image analysis operations\n\t\t* Rasterop (aka bitblt)\n\t\t* Affine transforms (scaling, translation, rotation, shear)on images of arbitrary pixel depth\n\t\t* Projective and bi-linear transforms\n\t\t* Binary and gray scale morphology, rank order filters, and convolution\n\t\t* Seed-fill and connected components\n\t\t* Image transformations with changes in pixel depth, both at the same scale and with scale change\n\t\t* Pixelwise masking, blending, enhancement, arithmetic ops,etc.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.(CVE-2022-38266)",
"cves": [
{
"id": "CVE-2022-38266",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38266",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/less/less-590-4_openEuler-SA-2023-1129.json b/cusa/l/less/less-590-4_openEuler-SA-2023-1129.json
index 735de1c..07f0976 100644
--- a/cusa/l/less/less-590-4_openEuler-SA-2023-1129.json
+++ b/cusa/l/less/less-590-4_openEuler-SA-2023-1129.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1129",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1129",
"title": "An update for less is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Less is a pager. A pager is a program that displays text files.Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files.Less is not an editor. You can't change the contents of the file you're viewing. Less is not a windowing system. It doesn't have fancy scroll bars or other GUI (graphical user interface) elements.\r\n\r\nSecurity Fix(es):\r\n\r\nIn GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.(CVE-2022-46663)",
"cves": [
{
"id": "CVE-2022-46663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46663",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/less/less-590-6_openEuler-SA-2024-1502.json b/cusa/l/less/less-590-6_openEuler-SA-2024-1502.json
index ee9721e..d4ffbc7 100644
--- a/cusa/l/less/less-590-6_openEuler-SA-2024-1502.json
+++ b/cusa/l/less/less-590-6_openEuler-SA-2024-1502.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1502",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1502",
"title": "An update for less is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files.\r\n\r\nSecurity Fix(es):\r\n\r\nless through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.(CVE-2024-32487)",
"cves": [
{
"id": "CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libX11/libX11-1.7.2-4_openEuler-SA-2022-2022.json b/cusa/l/libX11/libX11-1.7.2-4_openEuler-SA-2022-2022.json
index f82d79f..ef941f2 100644
--- a/cusa/l/libX11/libX11-1.7.2-4_openEuler-SA-2022-2022.json
+++ b/cusa/l/libX11/libX11-1.7.2-4_openEuler-SA-2022-2022.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2022",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2022",
"title": "An update for libX11 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The libX11-devel package contains libraries and header files for libX11.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055.(CVE-2022-3555)\r\n\r\nA vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability.(CVE-2022-3554)",
"cves": [
{
"id": "CVE-2022-3554",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3554",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libX11/libX11-1.7.2-7_openEuler-SA-2023-1378.json b/cusa/l/libX11/libX11-1.7.2-7_openEuler-SA-2023-1378.json
index 783bd86..fe665b3 100644
--- a/cusa/l/libX11/libX11-1.7.2-7_openEuler-SA-2023-1378.json
+++ b/cusa/l/libX11/libX11-1.7.2-7_openEuler-SA-2023-1378.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1378",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1378",
"title": "An update for libX11 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Core X11 protocol client library.\n\nSecurity Fix(es):\n\nA vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.(CVE-2023-3138)",
"cves": [
{
"id": "CVE-2023-3138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3138",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libX11/libX11-1.7.2-8_openEuler-SA-2023-1708.json b/cusa/l/libX11/libX11-1.7.2-8_openEuler-SA-2023-1708.json
index ca26e92..91b2d6a 100644
--- a/cusa/l/libX11/libX11-1.7.2-8_openEuler-SA-2023-1708.json
+++ b/cusa/l/libX11/libX11-1.7.2-8_openEuler-SA-2023-1708.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1708",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1708",
"title": "An update for libX11 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Core X11 protocol client library.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43785)\r\n\r\nA vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.(CVE-2023-43786)\r\n\r\nA vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.(CVE-2023-43787)",
"cves": [
{
"id": "CVE-2023-43787",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43787",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libXpm/libXpm-3.5.13-4_openEuler-SA-2023-1078.json b/cusa/l/libXpm/libXpm-3.5.13-4_openEuler-SA-2023-1078.json
index 501f814..b8ce0c2 100644
--- a/cusa/l/libXpm/libXpm-3.5.13-4_openEuler-SA-2023-1078.json
+++ b/cusa/l/libXpm/libXpm-3.5.13-4_openEuler-SA-2023-1078.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1078",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1078",
"title": "An update for libXpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 libXpm runtime library\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.(CVE-2022-4883)\r\n\r\nA flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.(CVE-2022-44617)\r\n\r\nA flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.(CVE-2022-46285)",
"cves": [
{
"id": "CVE-2022-46285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46285",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libXpm/libXpm-3.5.13-5_openEuler-SA-2023-1710.json b/cusa/l/libXpm/libXpm-3.5.13-5_openEuler-SA-2023-1710.json
index 0e43fa4..cbaa8b1 100644
--- a/cusa/l/libXpm/libXpm-3.5.13-5_openEuler-SA-2023-1710.json
+++ b/cusa/l/libXpm/libXpm-3.5.13-5_openEuler-SA-2023-1710.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1710",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1710",
"title": "An update for libXpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "X.Org X11 libXpm runtime library\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43788)\r\n\r\nA vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.(CVE-2023-43789)",
"cves": [
{
"id": "CVE-2023-43789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43789",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libcap/libcap-2.61-5_openEuler-SA-2023-1345.json b/cusa/l/libcap/libcap-2.61-5_openEuler-SA-2023-1345.json
index 2882579..01e1798 100644
--- a/cusa/l/libcap/libcap-2.61-5_openEuler-SA-2023-1345.json
+++ b/cusa/l/libcap/libcap-2.61-5_openEuler-SA-2023-1345.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2023-1345",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1345",
"title": "An update for libcap is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.(CVE-2023-2602)\r\n\r\nA vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.(CVE-2023-2603)",
"cves": [
{
diff --git a/cusa/l/libconfuse/libconfuse-3.3-2_openEuler-SA-2022-1928.json b/cusa/l/libconfuse/libconfuse-3.3-2_openEuler-SA-2022-1928.json
index d026563..6ffbfcc 100644
--- a/cusa/l/libconfuse/libconfuse-3.3-2_openEuler-SA-2022-1928.json
+++ b/cusa/l/libconfuse/libconfuse-3.3-2_openEuler-SA-2022-1928.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1928",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1928",
"title": "An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and (lists of) values (strings, integers, floats, booleans or other sections), as well as some other features (such as single/double-quoted strings, environment variable expansion, functions and nested include statements). It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is not to be the configuration file parser library with a gazillion of features. Instead, it aims to be easy to use and quick to integrate with your code.\r\n\r\nSecurity Fix(es):\r\n\r\ncfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320)",
"cves": [
{
"id": "CVE-2022-40320",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40320",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libcue/libcue-2.2.1-2_openEuler-SA-2023-1744.json b/cusa/l/libcue/libcue-2.2.1-2_openEuler-SA-2023-1744.json
index 7373d5d..503d5de 100644
--- a/cusa/l/libcue/libcue-2.2.1-2_openEuler-SA-2023-1744.json
+++ b/cusa/l/libcue/libcue-2.2.1-2_openEuler-SA-2023-1744.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1744",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1744",
"title": "An update for libcue is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libcue is intended for parsing a so-called cue sheet from a char string or a file pointer. For handling of the parsed data a convenient API is available.\r\n\r\nSecurity Fix(es):\r\n\r\nlibcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.(CVE-2023-43641)",
"cves": [
{
"id": "CVE-2023-43641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43641",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libdwarf/libdwarf-0.9.1-1_openEuler-SA-2024-1434.json b/cusa/l/libdwarf/libdwarf-0.9.1-1_openEuler-SA-2024-1434.json
index 11ab23f..949f592 100644
--- a/cusa/l/libdwarf/libdwarf-0.9.1-1_openEuler-SA-2024-1434.json
+++ b/cusa/l/libdwarf/libdwarf-0.9.1-1_openEuler-SA-2024-1434.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1434",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1434",
"title": "An update for libdwarf is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libdwarf is a library of functions to provide read/write DWARF debugging records.\r\n\r\nSecurity Fix(es):\r\n\r\nA double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.(CVE-2024-2002)",
"cves": [
{
"id": "CVE-2024-2002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2002",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libdwarf/libdwarf-20210528-1_openEuler-SA-2022-1818.json b/cusa/l/libdwarf/libdwarf-20210528-1_openEuler-SA-2022-1818.json
index 165b2e5..6ed1f43 100644
--- a/cusa/l/libdwarf/libdwarf-20210528-1_openEuler-SA-2022-1818.json
+++ b/cusa/l/libdwarf/libdwarf-20210528-1_openEuler-SA-2022-1818.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1818",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1818",
"title": "An update for libdwarf is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libdwarf is a library of functions to provide read/write DWARF debugging records.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in libdwarf. A possible null pointer dereference vulnerability allows an attacker to input a specially crafted file, leading to a crash. The highest threat from this vulnerability is to system availability.(CVE-2020-28163)",
"cves": [
{
"id": "CVE-2020-28163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28163",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libfastjson/libfastjson-0.99.9-3_openEuler-SA-2023-1186.json b/cusa/l/libfastjson/libfastjson-0.99.9-3_openEuler-SA-2023-1186.json
index 6bbf118..a908cbf 100644
--- a/cusa/l/libfastjson/libfastjson-0.99.9-3_openEuler-SA-2023-1186.json
+++ b/cusa/l/libfastjson/libfastjson-0.99.9-3_openEuler-SA-2023-1186.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1186",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1186",
"title": "An update for libfastjson is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "libfastjson is a fork from json-c, and is currently under development. The aim of this is not to provide a slightly modified clone of json-c. It's aim is to provide: a small library with essential json handling functions, sufficiently good json support (not 100% standards compliant), be very fast in processing.\r\n\r\nSecurity Fix(es):\r\n\r\njson-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762)",
"cves": [
{
"id": "CVE-2020-12762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12762",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libgit2/libgit2-0.27.8-6_openEuler-SA-2023-1957.json b/cusa/l/libgit2/libgit2-0.27.8-6_openEuler-SA-2023-1957.json
index 364c3dc..663f77a 100644
--- a/cusa/l/libgit2/libgit2-0.27.8-6_openEuler-SA-2023-1957.json
+++ b/cusa/l/libgit2/libgit2-0.27.8-6_openEuler-SA-2023-1957.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1957",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1957",
"title": "An update for libgit2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings.\r\n\r\nSecurity Fix(es):\r\n\r\nlibgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.(CVE-2023-22742)",
"cves": [
{
"id": "CVE-2023-22742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22742",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libgit2/libgit2-0.27.8-8_openEuler-SA-2024-1188.json b/cusa/l/libgit2/libgit2-0.27.8-8_openEuler-SA-2024-1188.json
index 54e7da5..fee504e 100644
--- a/cusa/l/libgit2/libgit2-0.27.8-8_openEuler-SA-2024-1188.json
+++ b/cusa/l/libgit2/libgit2-0.27.8-8_openEuler-SA-2024-1188.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1188",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1188",
"title": "An update for libgit2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings.\r\n\r\nSecurity Fix(es):\r\n\r\nlibgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.(CVE-2024-24577)",
"cves": [
{
"id": "CVE-2024-24577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24577",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libgsasl/libgsasl-1.8.1-2_openEuler-SA-2024-1443.json b/cusa/l/libgsasl/libgsasl-1.8.1-2_openEuler-SA-2024-1443.json
index d3d6ddf..37d4f39 100644
--- a/cusa/l/libgsasl/libgsasl-1.8.1-2_openEuler-SA-2024-1443.json
+++ b/cusa/l/libgsasl/libgsasl-1.8.1-2_openEuler-SA-2024-1443.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1443",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1443",
"title": "An update for libgsasl is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client(CVE-2022-2469)",
"cves": [
{
"id": "CVE-2022-2469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2469",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libinput/libinput-1.19.2-2_openEuler-SA-2022-1709.json b/cusa/l/libinput/libinput-1.19.2-2_openEuler-SA-2022-1709.json
index 8c6ea57..4f1ea3d 100644
--- a/cusa/l/libinput/libinput-1.19.2-2_openEuler-SA-2022-1709.json
+++ b/cusa/l/libinput/libinput-1.19.2-2_openEuler-SA-2022-1709.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1709",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1709",
"title": "An update for libinput is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "libinput is a library to handle input devices in Wayland compositors and to provide a generic X.Org input driver.It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code compositors need to provide the common set of functionality that users expect.\n\r\n\r\nSecurity Fix(es):\r\n\r\nA format string vulnerability was found in libinput(CVE-2022-1215)",
"cves": [
{
"id": "CVE-2022-1215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1215",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libksba/libksba-1.6.0-2_openEuler-SA-2022-2021.json b/cusa/l/libksba/libksba-1.6.0-2_openEuler-SA-2022-2021.json
index 02c82a6..d1c901f 100644
--- a/cusa/l/libksba/libksba-1.6.0-2_openEuler-SA-2022-2021.json
+++ b/cusa/l/libksba/libksba-1.6.0-2_openEuler-SA-2022-2021.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2021",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2021",
"title": "An update for libksba is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libksba is a library to make the tasks of working with X.509 certificates,CMS data and related objects more easy. It provides a highlevel interface to the implemented protocols and presents the data in a consistent way.\r\n\r\nSecurity Fix(es):\r\n\r\nA bug found in libksba, the library used by GnuPG for parsing the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba before 1.6.2 and may be used for remote code execution. \r\n\r\nhttps://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html\nhttps://dev.gnupg.org/T6230\nhttps://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b\nhttps://lwn.net/Articles/911467/(CVE-2022-3515)",
"cves": [
{
"id": "CVE-2022-3515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3515",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libksba/libksba-1.6.0-3_openEuler-SA-2022-2159.json b/cusa/l/libksba/libksba-1.6.0-3_openEuler-SA-2022-2159.json
index 8fb46ea..11718d9 100644
--- a/cusa/l/libksba/libksba-1.6.0-3_openEuler-SA-2022-2159.json
+++ b/cusa/l/libksba/libksba-1.6.0-3_openEuler-SA-2022-2159.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2159",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2159",
"title": "An update for libksba is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libksba is a library to make the tasks of working with X.509 certificates,CMS data and related objects more easy. It provides a highlevel interface to the implemented protocols and presents the data in a consistent way.\r\n\r\nSecurity Fix(es):\r\n\r\nLibksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.(CVE-2022-47629)",
"cves": [
{
"id": "CVE-2022-47629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47629",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libldb/libldb-2.4.1-2_openEuler-SA-2022-1806.json b/cusa/l/libldb/libldb-2.4.1-2_openEuler-SA-2022-1806.json
index ed7cd34..6932541 100644
--- a/cusa/l/libldb/libldb-2.4.1-2_openEuler-SA-2022-1806.json
+++ b/cusa/l/libldb/libldb-2.4.1-2_openEuler-SA-2022-1806.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1806",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1806",
"title": "An update for libldb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746)",
"cves": [
{
"id": "CVE-2022-32746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32746",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libldb/libldb-2.4.1-3_openEuler-SA-2023-1221.json b/cusa/l/libldb/libldb-2.4.1-3_openEuler-SA-2023-1221.json
index 6a8eac4..b09a5d9 100644
--- a/cusa/l/libldb/libldb-2.4.1-3_openEuler-SA-2023-1221.json
+++ b/cusa/l/libldb/libldb-2.4.1-3_openEuler-SA-2023-1221.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1221",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1221",
"title": "An update for libldb is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases.\r\n\r\nSecurity Fix(es):\r\n\r\nThe fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.(CVE-2023-0614)",
"cves": [
{
"id": "CVE-2023-0614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0614",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/liblouis/liblouis-3.7.0-5_openEuler-SA-2023-1191.json b/cusa/l/liblouis/liblouis-3.7.0-5_openEuler-SA-2023-1191.json
index b957f35..9e71807 100644
--- a/cusa/l/liblouis/liblouis-3.7.0-5_openEuler-SA-2023-1191.json
+++ b/cusa/l/liblouis/liblouis-3.7.0-5_openEuler-SA-2023-1191.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1191",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1191",
"title": "An update for liblouis is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Liblouis software suite provides an open-source braille translator, back-translator and formatter for a large number of languages and braille codes. It is a set of libraries designed for use in any of a number of applications, both free and commercial. It is written in C so that it does not require a runtime environment and hence can be used in applications written in high-level languages such as Java and Python.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.(CVE-2023-26769)",
"cves": [
{
"id": "CVE-2023-26769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26769",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/liblouis/liblouis-3.7.0-6_openEuler-SA-2023-1920.json b/cusa/l/liblouis/liblouis-3.7.0-6_openEuler-SA-2023-1920.json
index b2a0a9a..bd6a141 100644
--- a/cusa/l/liblouis/liblouis-3.7.0-6_openEuler-SA-2023-1920.json
+++ b/cusa/l/liblouis/liblouis-3.7.0-6_openEuler-SA-2023-1920.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1920",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1920",
"title": "An update for liblouis is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The Liblouis software suite provides an open-source braille translator, back-translator and formatter for a large number of languages and braille codes. It is a set of libraries designed for use in any of a number of applications, both free and commercial. It is written in C so that it does not require a runtime environment and hence can be used in applications written in high-level languages such as Java and Python.\r\n\r\nSecurity Fix(es):\r\n\r\nLiblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).(CVE-2022-26981)",
"cves": [
{
"id": "CVE-2022-26981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26981",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libmicrohttpd/libmicrohttpd-0.9.75-2_openEuler-SA-2023-1171.json b/cusa/l/libmicrohttpd/libmicrohttpd-0.9.75-2_openEuler-SA-2023-1171.json
index 8352311..999a86f 100644
--- a/cusa/l/libmicrohttpd/libmicrohttpd-0.9.75-2_openEuler-SA-2023-1171.json
+++ b/cusa/l/libmicrohttpd/libmicrohttpd-0.9.75-2_openEuler-SA-2023-1171.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1171",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1171",
"title": "An update for libmicrohttpd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Development files for libmicrohttpd\r\n\r\nSecurity Fix(es):\r\n\r\nGNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.(CVE-2023-27371)",
"cves": [
{
"id": "CVE-2023-27371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27371",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libpq/libpq-11.16-1_openEuler-SA-2022-1706.json b/cusa/l/libpq/libpq-11.16-1_openEuler-SA-2022-1706.json
index 0b4009c..b9f776f 100644
--- a/cusa/l/libpq/libpq-11.16-1_openEuler-SA-2022-1706.json
+++ b/cusa/l/libpq/libpq-11.16-1_openEuler-SA-2022-1706.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1706",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1706",
"title": "An update for libpq is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or interface.\r\n\r\nSecurity Fix(es):\r\n\nA flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.(CVE-2021-3677)\n\r\nA man-in-the-middle attacker can inject false responses to the client s first few queries, despite the use of SSL certificate verification and encryption.(CVE-2021-23222)\r\n\r\nA flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-32028)",
"cves": [
{
"id": "CVE-2021-3677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3677",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libpq/libpq-13.12-1_openEuler-SA-2023-1569.json b/cusa/l/libpq/libpq-13.12-1_openEuler-SA-2023-1569.json
index 6af0de7..7deace0 100644
--- a/cusa/l/libpq/libpq-13.12-1_openEuler-SA-2023-1569.json
+++ b/cusa/l/libpq/libpq-13.12-1_openEuler-SA-2023-1569.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1569",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1569",
"title": "An update for libpq is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or interface.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\n** DISPUTED ** An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).(CVE-2020-21469)\r\n\r\nschema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.(CVE-2023-2454)\r\n\r\nRow security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.(CVE-2023-2455)\r\n\r\nA vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.(CVE-2023-39418)",
"cves": [
{
"id": "CVE-2023-39418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libpq/libpq-13.7-1_openEuler-SA-2022-2104.json b/cusa/l/libpq/libpq-13.7-1_openEuler-SA-2022-2104.json
index 3f28861..0a53ee1 100644
--- a/cusa/l/libpq/libpq-13.7-1_openEuler-SA-2022-2104.json
+++ b/cusa/l/libpq/libpq-13.7-1_openEuler-SA-2022-2104.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2104",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2104",
"title": "An update for libpq is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or interface.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.(CVE-2022-1552)",
"cves": [
{
"id": "CVE-2022-1552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1552",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/librabbitmq/librabbitmq-0.9.0-9_openEuler-SA-2023-1399.json b/cusa/l/librabbitmq/librabbitmq-0.9.0-9_openEuler-SA-2023-1399.json
index 07f2b75..6a7dbc9 100644
--- a/cusa/l/librabbitmq/librabbitmq-0.9.0-9_openEuler-SA-2023-1399.json
+++ b/cusa/l/librabbitmq/librabbitmq-0.9.0-9_openEuler-SA-2023-1399.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1399",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1399",
"title": "An update for librabbitmq is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1.\n\nSecurity Fix(es):\n\nAn issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.(CVE-2023-35789)",
"cves": [
{
"id": "CVE-2023-35789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35789",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libreswan/libreswan-4.11-1_openEuler-SA-2023-1318.json b/cusa/l/libreswan/libreswan-4.11-1_openEuler-SA-2023-1318.json
index e645abf..3f4fcd8 100644
--- a/cusa/l/libreswan/libreswan-4.11-1_openEuler-SA-2023-1318.json
+++ b/cusa/l/libreswan/libreswan-4.11-1_openEuler-SA-2023-1318.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1318",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1318",
"title": "An update for libreswan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Libreswan. Libreswan also supports IKEv2 (RFC7296) and Secure Labeling Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04\n\r\n\r\nSecurity Fix(es):\r\n\r\npluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.(CVE-2023-30570)",
"cves": [
{
"id": "CVE-2023-30570",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30570",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libreswan/libreswan-4.12-1_openEuler-SA-2023-1581.json b/cusa/l/libreswan/libreswan-4.12-1_openEuler-SA-2023-1581.json
index 54d360d..304f166 100644
--- a/cusa/l/libreswan/libreswan-4.12-1_openEuler-SA-2023-1581.json
+++ b/cusa/l/libreswan/libreswan-4.12-1_openEuler-SA-2023-1581.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1581",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1581",
"title": "An update for libreswan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. \r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.(CVE-2023-38710)\r\n\r\nAn issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.(CVE-2023-38711)\r\n\r\nAn issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.(CVE-2023-38712)",
"cves": [
{
"id": "CVE-2023-38712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38712",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libreswan/libreswan-4.5-2_openEuler-SA-2022-1738.json b/cusa/l/libreswan/libreswan-4.5-2_openEuler-SA-2022-1738.json
index c2e2aff..1fc40de 100644
--- a/cusa/l/libreswan/libreswan-4.5-2_openEuler-SA-2022-1738.json
+++ b/cusa/l/libreswan/libreswan-4.5-2_openEuler-SA-2022-1738.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1738",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1738",
"title": "An update for libreswan is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN.\r\n\r\nSecurity Fix(es):\r\n\r\nLibreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.(CVE-2022-23094)",
"cves": [
{
"id": "CVE-2022-23094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23094",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libreswan/libreswan-4.5-3_openEuler-SA-2023-1150.json b/cusa/l/libreswan/libreswan-4.5-3_openEuler-SA-2023-1150.json
index 3b979f2..b2b5097 100644
--- a/cusa/l/libreswan/libreswan-4.5-3_openEuler-SA-2023-1150.json
+++ b/cusa/l/libreswan/libreswan-4.5-3_openEuler-SA-2023-1150.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1150",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1150",
"title": "An update for libreswan is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Libreswan. Libreswan also supports IKEv2 (RFC7296) and Secure Labeling Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04\n\r\nSecurity Fix(es):\r\n\r\nLibreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.(CVE-2023-23009)",
"cves": [
{
"id": "CVE-2023-23009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23009",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/librsvg2/librsvg2-2.50.5-6_openEuler-SA-2023-1582.json b/cusa/l/librsvg2/librsvg2-2.50.5-6_openEuler-SA-2023-1582.json
index 53d4f06..b4b10bd 100644
--- a/cusa/l/librsvg2/librsvg2-2.50.5-6_openEuler-SA-2023-1582.json
+++ b/cusa/l/librsvg2/librsvg2-2.50.5-6_openEuler-SA-2023-1582.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1582",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1582",
"title": "An update for librsvg2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "An SVG library based on cairo.\r\n\r\nSecurity Fix(es):\r\n\r\nA directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element.(CVE-2023-38633)",
"cves": [
{
"id": "CVE-2023-38633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38633",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libsass/libsass-3.6.4-2_openEuler-SA-2024-1018.json b/cusa/l/libsass/libsass-3.6.4-2_openEuler-SA-2024-1018.json
index 2bb236d..9a4bdf1 100644
--- a/cusa/l/libsass/libsass-3.6.4-2_openEuler-SA-2024-1018.json
+++ b/cusa/l/libsass/libsass-3.6.4-2_openEuler-SA-2024-1018.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1018",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1018",
"title": "An update for libsass is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Libsass is a Sass CSS precompiler which is ported for C/C++. This version is more efficient and portable than the original Ruby version. Keeping light and sample is its degisn philosophy which makes it more easier to be built and integrated with a immense amount of platforms and languages. Installation of saccs is needed if you want to run is directly as libsass is just a library.\r\n\r\nSecurity Fix(es):\r\n\r\nStack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.(CVE-2022-26592)\r\n\r\nStack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357)\r\n\r\nStack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358)",
"cves": [
{
"id": "CVE-2022-43358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43358",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libsndfile/libsndfile-1.0.31-2_openEuler-SA-2022-1680.json b/cusa/l/libsndfile/libsndfile-1.0.31-2_openEuler-SA-2022-1680.json
index e2c8463..bdfe8a6 100644
--- a/cusa/l/libsndfile/libsndfile-1.0.31-2_openEuler-SA-2022-1680.json
+++ b/cusa/l/libsndfile/libsndfile-1.0.31-2_openEuler-SA-2022-1680.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1680",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1680",
"title": "An update for libsndfile is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.(CVE-2021-4156)",
"cves": [
{
"id": "CVE-2021-4156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4156",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libssh/libssh-0.9.6-7_openEuler-SA-2023-1291.json b/cusa/l/libssh/libssh-0.9.6-7_openEuler-SA-2023-1291.json
index 8e76636..e4d52dc 100644
--- a/cusa/l/libssh/libssh-0.9.6-7_openEuler-SA-2023-1291.json
+++ b/cusa/l/libssh/libssh-0.9.6-7_openEuler-SA-2023-1291.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1291",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1291",
"title": "An update for libssh is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.(CVE-2023-1667)\r\n\r\nA vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.(CVE-2023-2283)",
"cves": [
{
"id": "CVE-2023-2283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2283",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1040.json b/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1040.json
index bb60e62..3006b64 100644
--- a/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1040.json
+++ b/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1040.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1040",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1040",
"title": "An update for libssh is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.(CVE-2023-6004)\r\n\r\nA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.(CVE-2023-6918)",
"cves": [
{
"id": "CVE-2023-6918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6918",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1061.json b/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1061.json
index 6d77a7e..da52fef 100644
--- a/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1061.json
+++ b/cusa/l/libssh/libssh-0.9.6-8_openEuler-SA-2024-1061.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1061",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1061",
"title": "An update for libssh is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)",
"cves": [
{
"id": "CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libssh2/libssh2-1.10.0-6_openEuler-SA-2024-1461.json b/cusa/l/libssh2/libssh2-1.10.0-6_openEuler-SA-2024-1461.json
index 046f834..a763efd 100644
--- a/cusa/l/libssh2/libssh2-1.10.0-6_openEuler-SA-2024-1461.json
+++ b/cusa/l/libssh2/libssh2-1.10.0-6_openEuler-SA-2024-1461.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1461",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1461",
"title": "An update for libssh2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10).\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)",
"cves": [
{
"id": "CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtar/libtar-1.2.20-21_openEuler-SA-2022-1807.json b/cusa/l/libtar/libtar-1.2.20-21_openEuler-SA-2022-1807.json
index 5c8e4a3..e727288 100644
--- a/cusa/l/libtar/libtar-1.2.20-21_openEuler-SA-2022-1807.json
+++ b/cusa/l/libtar/libtar-1.2.20-21_openEuler-SA-2022-1807.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2022-1807",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1807",
"title": "An update for libtar is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libtar is a C library for manipulating POSIX tar files. It handles adding and extracting files to/from a tar archive. Requires gcc, make, and zlib.\r\n\r\nSecurity Fix(es):\r\n\r\nAn attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.(CVE-2021-33643)\r\n\r\nAn attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.(CVE-2021-33644)\r\n\r\nThe th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.(CVE-2021-33645)\r\n\r\nThe th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.(CVE-2021-33646)",
"cves": [
{
diff --git a/cusa/l/libtar/libtar-1.2.20-22_openEuler-SA-2022-2129.json b/cusa/l/libtar/libtar-1.2.20-22_openEuler-SA-2022-2129.json
index d1b2056..e2ce62c 100644
--- a/cusa/l/libtar/libtar-1.2.20-22_openEuler-SA-2022-2129.json
+++ b/cusa/l/libtar/libtar-1.2.20-22_openEuler-SA-2022-2129.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2129",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2129",
"title": "An update for libtar is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libtar is a C library for manipulating POSIX tar files. It handles adding and extracting files to/from a tar archive. Requires gcc, make, and zlib.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2021-33640)",
"cves": [
{
"id": "CVE-2021-33640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33640",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-12_openEuler-SA-2022-1607.json b/cusa/l/libtiff/libtiff-4.3.0-12_openEuler-SA-2022-1607.json
index 31437fa..ff6a43e 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-12_openEuler-SA-2022-1607.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-12_openEuler-SA-2022-1607.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1607",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1607",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.(CVE-2022-0908)\r\n\r\nUnchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.(CVE-2022-0907)\r\n\r\nReachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.(CVE-2022-0865)\r\n\r\nDivide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.(CVE-2022-0909)\r\n\r\nOut-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.(CVE-2022-0924)",
"cves": [
{
"id": "CVE-2022-0924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-13_openEuler-SA-2022-1669.json b/cusa/l/libtiff/libtiff-4.3.0-13_openEuler-SA-2022-1669.json
index 2628080..6d8291d 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-13_openEuler-SA-2022-1669.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-13_openEuler-SA-2022-1669.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1669",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1669",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\n\nSecurity Fix(es):\n\nA stack buffer overflow flaw was found in Libtiffs tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.(CVE-2022-1355)",
"cves": [
{
"id": "CVE-2022-1355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1355",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-15_openEuler-SA-2022-1728.json b/cusa/l/libtiff/libtiff-4.3.0-15_openEuler-SA-2022-1728.json
index f4d0cb8..7e531b0 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-15_openEuler-SA-2022-1728.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-15_openEuler-SA-2022-1728.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1728",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1728",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.(CVE-2022-1623)\r\n\r\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.(CVE-2022-1622)",
"cves": [
{
"id": "CVE-2022-1622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1622",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-16_openEuler-SA-2022-1747.json b/cusa/l/libtiff/libtiff-4.3.0-16_openEuler-SA-2022-1747.json
index 04fab5d..565abd0 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-16_openEuler-SA-2022-1747.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-16_openEuler-SA-2022-1747.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1747",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1747",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2022-1354)",
"cves": [
{
"id": "CVE-2022-1354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1354",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-17_openEuler-SA-2022-1869.json b/cusa/l/libtiff/libtiff-4.3.0-17_openEuler-SA-2022-1869.json
index 82e0490..8d1b177 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-17_openEuler-SA-2022-1869.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-17_openEuler-SA-2022-1869.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1869",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1869",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nlibtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.(CVE-2022-2867)\r\n\r\nlibtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.(CVE-2022-2868)\r\n\r\nlibtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.(CVE-2022-2869)",
"cves": [
{
"id": "CVE-2022-2869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2869",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1917.json b/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1917.json
index 75f448f..e2060a3 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1917.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1917.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1917",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1917",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.(CVE-2022-2953)\r\n\r\nThere is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1(CVE-2022-2519)\r\n\r\nIt was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.(CVE-2022-2521)",
"cves": [
{
"id": "CVE-2022-2521",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2521",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1935.json b/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1935.json
index fde1988..d3ad65c 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1935.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-18_openEuler-SA-2022-1935.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1935",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1935",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.(CVE-2022-2520)",
"cves": [
{
"id": "CVE-2022-2520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2520",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-19_openEuler-SA-2022-2007.json b/cusa/l/libtiff/libtiff-4.3.0-19_openEuler-SA-2022-2007.json
index 2590c94..dc03d0c 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-19_openEuler-SA-2022-2007.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-19_openEuler-SA-2022-2007.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2007",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2007",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.(CVE-2022-2056)\r\n\r\nDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.(CVE-2022-2058)",
"cves": [
{
"id": "CVE-2022-2058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2058",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-20_openEuler-SA-2022-2067.json b/cusa/l/libtiff/libtiff-4.3.0-20_openEuler-SA-2022-2067.json
index ff6ef71..5925da1 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-20_openEuler-SA-2022-2067.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-20_openEuler-SA-2022-2067.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2067",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2067",
"title": "An update for libtiff is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nNull source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.(CVE-2022-0562)\r\n\r\nNull source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.(CVE-2022-0561)\r\n\r\nLibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.(CVE-2022-22844)\r\n\r\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-0891)",
"cves": [
{
"id": "CVE-2022-0891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-22_openEuler-SA-2023-1047.json b/cusa/l/libtiff/libtiff-4.3.0-22_openEuler-SA-2023-1047.json
index 6ddc72b..0b8aaf1 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-22_openEuler-SA-2023-1047.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-22_openEuler-SA-2023-1047.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1047",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1047",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nprocessCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.(CVE-2022-48281)",
"cves": [
{
"id": "CVE-2022-48281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48281",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-24_openEuler-SA-2023-1128.json b/cusa/l/libtiff/libtiff-4.3.0-24_openEuler-SA-2023-1128.json
index bfd0a12..44e5103 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-24_openEuler-SA-2023-1128.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-24_openEuler-SA-2023-1128.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1128",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1128",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0801)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0797)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0796)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0799)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0804)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0802)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0795)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0803)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0800)\r\n\r\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0798)",
"cves": [
{
"id": "CVE-2023-0798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-25_openEuler-SA-2023-1316.json b/cusa/l/libtiff/libtiff-4.3.0-25_openEuler-SA-2023-1316.json
index e264b12..2484baf 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-25_openEuler-SA-2023-1316.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-25_openEuler-SA-2023-1316.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1316",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1316",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.(CVE-2023-2731)",
"cves": [
{
"id": "CVE-2023-2731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2731",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-27_openEuler-SA-2023-1385.json b/cusa/l/libtiff/libtiff-4.3.0-27_openEuler-SA-2023-1385.json
index f3dab5f..8d2dac1 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-27_openEuler-SA-2023-1385.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-27_openEuler-SA-2023-1385.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1385",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1385",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. \r\n\r\nSecurity Fix(es):\r\n\r\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.(CVE-2023-26965)\r\n\r\nA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.\r\n\r\n(CVE-2023-3316)",
"cves": [
{
"id": "CVE-2023-3316",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3316",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-28_openEuler-SA-2023-1402.json b/cusa/l/libtiff/libtiff-4.3.0-28_openEuler-SA-2023-1402.json
index 884ca0c..3fcc41a 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-28_openEuler-SA-2023-1402.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-28_openEuler-SA-2023-1402.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1402",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1402",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\n\nSecurity Fix(es):\n\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.(CVE-2023-25433)\n\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.(CVE-2023-26966)\n\nA null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.(CVE-2023-2908)",
"cves": [
{
"id": "CVE-2023-2908",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2908",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-29_openEuler-SA-2023-1434.json b/cusa/l/libtiff/libtiff-4.3.0-29_openEuler-SA-2023-1434.json
index ccff722..4c730c5 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-29_openEuler-SA-2023-1434.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-29_openEuler-SA-2023-1434.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1434",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1434",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\n\nSecurity Fix(es):\n\nA vulnerability was found in libtiff where a memory leak exists in tools/tiffcrop.c.\n\nReferences:\nhttps://gitlab.com/libtiff/libtiff/-/merge_requests/475(CVE-2023-3576)",
"cves": [
{
"id": "CVE-2023-3576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3576",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-31_openEuler-SA-2023-1534.json b/cusa/l/libtiff/libtiff-4.3.0-31_openEuler-SA-2023-1534.json
index 68d917f..906526d 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-31_openEuler-SA-2023-1534.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-31_openEuler-SA-2023-1534.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1534",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1534",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "his libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\n\nSecurity Fix(es):\n\nA flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.(CVE-2023-3618)",
"cves": [
{
"id": "CVE-2023-3618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3618",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-32_openEuler-SA-2023-1599.json b/cusa/l/libtiff/libtiff-4.3.0-32_openEuler-SA-2023-1599.json
index 52ecf8a..4b3e1b6 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-32_openEuler-SA-2023-1599.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-32_openEuler-SA-2023-1599.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1599",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1599",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.(CVE-2022-40090)",
"cves": [
{
"id": "CVE-2022-40090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40090",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-36_openEuler-SA-2023-1893.json b/cusa/l/libtiff/libtiff-4.3.0-36_openEuler-SA-2023-1893.json
index c1a43e4..1eed193 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-36_openEuler-SA-2023-1893.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-36_openEuler-SA-2023-1893.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1893",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1893",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.(CVE-2023-6277)",
"cves": [
{
"id": "CVE-2023-6277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6277",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtiff/libtiff-4.3.0-37_openEuler-SA-2024-1663.json b/cusa/l/libtiff/libtiff-4.3.0-37_openEuler-SA-2024-1663.json
index 5f8c91f..0fb0f49 100644
--- a/cusa/l/libtiff/libtiff-4.3.0-37_openEuler-SA-2024-1663.json
+++ b/cusa/l/libtiff/libtiff-4.3.0-37_openEuler-SA-2024-1663.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1663",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1663",
"title": "An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.(CVE-2023-1916)\r\n\r\nA heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.(CVE-2023-3164)",
"cves": [
{
"id": "CVE-2023-3164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3164",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtirpc/libtirpc-1.3.2-2_openEuler-SA-2022-1795.json b/cusa/l/libtirpc/libtirpc-1.3.2-2_openEuler-SA-2022-1795.json
index 2908a8f..058e068 100644
--- a/cusa/l/libtirpc/libtirpc-1.3.2-2_openEuler-SA-2022-1795.json
+++ b/cusa/l/libtirpc/libtirpc-1.3.2-2_openEuler-SA-2022-1795.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1795",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1795",
"title": "An update for libtirpc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Libtirpc is a Transport-Independent RPC library for Linux\r\n\r\nSecurity Fix(es):\r\n\r\nIn libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.(CVE-2021-46828)",
"cves": [
{
"id": "CVE-2021-46828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46828",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtpms/libtpms-0.7.3-7_openEuler-SA-2022-1695.json b/cusa/l/libtpms/libtpms-0.7.3-7_openEuler-SA-2022-1695.json
index d3bcdfe..e909d54 100644
--- a/cusa/l/libtpms/libtpms-0.7.3-7_openEuler-SA-2022-1695.json
+++ b/cusa/l/libtpms/libtpms-0.7.3-7_openEuler-SA-2022-1695.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1695",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1695",
"title": "An update for libtpms is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "A library providing TPM functionality for VMs. Targeted for integration into Qemu.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.(CVE-2021-3746)\r\n\r\nA flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.(CVE-2021-3623)",
"cves": [
{
"id": "CVE-2021-3623",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3623",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libtpms/libtpms-0.7.3-8_openEuler-SA-2023-1299.json b/cusa/l/libtpms/libtpms-0.7.3-8_openEuler-SA-2023-1299.json
index eeee3cf..fd3dc43 100644
--- a/cusa/l/libtpms/libtpms-0.7.3-8_openEuler-SA-2023-1299.json
+++ b/cusa/l/libtpms/libtpms-0.7.3-8_openEuler-SA-2023-1299.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1299",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1299",
"title": "An update for libtpms is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "A library providing TPM functionality for VMs. Targeted for integration into Qemu.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.(CVE-2023-1018)\r\n\r\nAn out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.(CVE-2023-1017)",
"cves": [
{
"id": "CVE-2023-1017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1017",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libvirt/libvirt-6.2.0-40_openEuler-SA-2022-1722.json b/cusa/l/libvirt/libvirt-6.2.0-40_openEuler-SA-2022-1722.json
index 1d3883c..2b71cda 100644
--- a/cusa/l/libvirt/libvirt-6.2.0-40_openEuler-SA-2022-1722.json
+++ b/cusa/l/libvirt/libvirt-6.2.0-40_openEuler-SA-2022-1722.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1722",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1722",
"title": "An update for libvirt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).(CVE-2022-0897)",
"cves": [
{
"id": "CVE-2022-0897",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0897",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libvirt/libvirt-6.2.0-42_openEuler-SA-2022-1891.json b/cusa/l/libvirt/libvirt-6.2.0-42_openEuler-SA-2022-1891.json
index 5a50a12..a450a5c 100644
--- a/cusa/l/libvirt/libvirt-6.2.0-42_openEuler-SA-2022-1891.json
+++ b/cusa/l/libvirt/libvirt-6.2.0-42_openEuler-SA-2022-1891.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1891",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1891",
"title": "An update for libvirt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2021-3975)",
"cves": [
{
"id": "CVE-2021-3975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3975",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libvirt/libvirt-6.2.0-63_openEuler-SA-2024-1391.json b/cusa/l/libvirt/libvirt-6.2.0-63_openEuler-SA-2024-1391.json
index 3330cc5..ce7fd1f 100644
--- a/cusa/l/libvirt/libvirt-6.2.0-63_openEuler-SA-2024-1391.json
+++ b/cusa/l/libvirt/libvirt-6.2.0-63_openEuler-SA-2024-1391.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1391",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1391",
"title": "An update for libvirt is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.\r\n\r\nSecurity Fix(es):\r\n\r\nAn off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)\r\n\r\nA flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)",
"cves": [
{
"id": "CVE-2024-2494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2494",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libvirt/libvirt-6.2.0-64_openEuler-SA-2024-1683.json b/cusa/l/libvirt/libvirt-6.2.0-64_openEuler-SA-2024-1683.json
index fe95575..9149f70 100644
--- a/cusa/l/libvirt/libvirt-6.2.0-64_openEuler-SA-2024-1683.json
+++ b/cusa/l/libvirt/libvirt-6.2.0-64_openEuler-SA-2024-1683.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1683",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1683",
"title": "An update for libvirt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.\r\n\r\nSecurity Fix(es):\r\n\r\nA race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being \"freed\" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.(CVE-2024-4418)",
"cves": [
{
"id": "CVE-2024-4418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4418",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libvncserver/libvncserver-0.9.13-3_openEuler-SA-2022-2090.json b/cusa/l/libvncserver/libvncserver-0.9.13-3_openEuler-SA-2022-2090.json
index 203c791..7b1c041 100644
--- a/cusa/l/libvncserver/libvncserver-0.9.13-3_openEuler-SA-2022-2090.json
+++ b/cusa/l/libvncserver/libvncserver-0.9.13-3_openEuler-SA-2022-2090.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2090",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2090",
"title": "An update for libvncserver is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "libvncserver is a set of programs using the RFB (Remote Frame Buffer) protocol. They are designed to \"export\" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets (which LibVNCServer does), you can also connect using an in-browser VNC viewer like noVNC. It is already in wide use for administration, but it is not that easy to program a server yourself.\r\n\r\nSecurity Fix(es):\r\n\r\nlibvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().(CVE-2020-29260)",
"cves": [
{
"id": "CVE-2020-29260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29260",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libvpx/libvpx-1.7.0-10_openEuler-SA-2023-1740.json b/cusa/l/libvpx/libvpx-1.7.0-10_openEuler-SA-2023-1740.json
index 6be042e..f7b99f1 100644
--- a/cusa/l/libvpx/libvpx-1.7.0-10_openEuler-SA-2023-1740.json
+++ b/cusa/l/libvpx/libvpx-1.7.0-10_openEuler-SA-2023-1740.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1740",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1740",
"title": "An update for libvpx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide.\r\n\r\nSecurity Fix(es):\r\n\r\nVP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488)\r\n\r\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217)",
"cves": [
{
"id": "CVE-2023-5217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libwebp/libwebp-1.2.1-3_openEuler-SA-2023-1317.json b/cusa/l/libwebp/libwebp-1.2.1-3_openEuler-SA-2023-1317.json
index bc97ea0..759405d 100644
--- a/cusa/l/libwebp/libwebp-1.2.1-3_openEuler-SA-2023-1317.json
+++ b/cusa/l/libwebp/libwebp-1.2.1-3_openEuler-SA-2023-1317.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1317",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1317",
"title": "An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in libwebp (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Image File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-1999)",
"cves": [
{
"id": "CVE-2023-1999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1999",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libxml2/libxml2-2.9.12-13_openEuler-SA-2022-2082.json b/cusa/l/libxml2/libxml2-2.9.12-13_openEuler-SA-2022-2082.json
index 79a1640..a1184d1 100644
--- a/cusa/l/libxml2/libxml2-2.9.12-13_openEuler-SA-2022-2082.json
+++ b/cusa/l/libxml2/libxml2-2.9.12-13_openEuler-SA-2022-2082.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2082",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2082",
"title": "An update for libxml2 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.\r\n\r\nSecurity Fix(es):\r\n\r\nvalid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.(CVE-2022-23308)\r\n\r\nA flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation.(CVE-2022-40303)\r\n\r\nA flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free.(CVE-2022-40304)",
"cves": [
{
"id": "CVE-2022-40304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libxml2/libxml2-2.9.12-16_openEuler-SA-2023-1262.json b/cusa/l/libxml2/libxml2-2.9.12-16_openEuler-SA-2023-1262.json
index 819a6b8..05411b6 100644
--- a/cusa/l/libxml2/libxml2-2.9.12-16_openEuler-SA-2023-1262.json
+++ b/cusa/l/libxml2/libxml2-2.9.12-16_openEuler-SA-2023-1262.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1262",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1262",
"title": "An update for libxml2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.\r\n\r\nSecurity Fix(es):\r\n\r\nIn libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.(CVE-2023-28484)\r\n\r\nAn issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).(CVE-2023-29469)",
"cves": [
{
"id": "CVE-2023-29469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libxml2/libxml2-2.9.12-18_openEuler-SA-2023-1742.json b/cusa/l/libxml2/libxml2-2.9.12-18_openEuler-SA-2023-1742.json
index 7a57ae5..5b2b0ee 100644
--- a/cusa/l/libxml2/libxml2-2.9.12-18_openEuler-SA-2023-1742.json
+++ b/cusa/l/libxml2/libxml2-2.9.12-18_openEuler-SA-2023-1742.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1742",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1742",
"title": "An update for libxml2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.\r\n\r\nSecurity Fix(es):\r\n\r\n** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"(CVE-2023-45322)",
"cves": [
{
"id": "CVE-2023-45322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libxml2/libxml2-2.9.12-19_openEuler-SA-2024-1183.json b/cusa/l/libxml2/libxml2-2.9.12-19_openEuler-SA-2024-1183.json
index eeef6be..c319546 100644
--- a/cusa/l/libxml2/libxml2-2.9.12-19_openEuler-SA-2024-1183.json
+++ b/cusa/l/libxml2/libxml2-2.9.12-19_openEuler-SA-2024-1183.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1183",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1183",
"title": "An update for libxml2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Library providing XML and HTML support.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.(CVE-2024-25062)",
"cves": [
{
"id": "CVE-2024-25062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libxml2/libxml2-2.9.12-6_openEuler-SA-2022-1658.json b/cusa/l/libxml2/libxml2-2.9.12-6_openEuler-SA-2022-1658.json
index effa832..8cc331c 100644
--- a/cusa/l/libxml2/libxml2-2.9.12-6_openEuler-SA-2022-1658.json
+++ b/cusa/l/libxml2/libxml2-2.9.12-6_openEuler-SA-2022-1658.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1658",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1658",
"title": "An update for libxml2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations.In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.\n\nSecurity Fix(es):\n\nIn libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.(CVE-2022-29824)",
"cves": [
{
"id": "CVE-2022-29824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libxslt/libxslt-1.1.34-8_openEuler-SA-2022-2098.json b/cusa/l/libxslt/libxslt-1.1.34-8_openEuler-SA-2022-2098.json
index a987a96..8a82006 100644
--- a/cusa/l/libxslt/libxslt-1.1.34-8_openEuler-SA-2022-2098.json
+++ b/cusa/l/libxslt/libxslt-1.1.34-8_openEuler-SA-2022-2098.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2098",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2098",
"title": "An update for libxslt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "libxslt allows you to transform XML files into other XML files (or HTML, text, and more) using the standard XSLT stylesheet transformation mechanism.\r\n\r\nSecurity Fix(es):\r\n\r\nUse after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2021-30560)",
"cves": [
{
"id": "CVE-2021-30560",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/libyaml/libyaml-0.2.5-6_openEuler-SA-2024-1551.json b/cusa/l/libyaml/libyaml-0.2.5-6_openEuler-SA-2024-1551.json
index 6bbfba3..f325c4e 100644
--- a/cusa/l/libyaml/libyaml-0.2.5-6_openEuler-SA-2024-1551.json
+++ b/cusa/l/libyaml/libyaml-0.2.5-6_openEuler-SA-2024-1551.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1551",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1551",
"title": "An update for libyaml is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "A C library for parsing and emitting YAML.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.(CVE-2024-3205)",
"cves": [
{
"id": "CVE-2024-3205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3205",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/lighttpd/lighttpd-1.4.67-1_openEuler-SA-2022-1989.json b/cusa/l/lighttpd/lighttpd-1.4.67-1_openEuler-SA-2022-1989.json
index 7da6719..63c01c3 100644
--- a/cusa/l/lighttpd/lighttpd-1.4.67-1_openEuler-SA-2022-1989.json
+++ b/cusa/l/lighttpd/lighttpd-1.4.67-1_openEuler-SA-2022-1989.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1989",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1989",
"title": "An update for lighttpd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems.\r\n\r\nSecurity Fix(es):\r\n\r\nIn lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.(CVE-2022-37797)\n\nA resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.(CVE-2022-41556)",
"cves": [
{
"id": "CVE-2022-41556",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41556",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/linux-firmware/linux-firmware-20211027-2_openEuler-SA-2022-1779.json b/cusa/l/linux-firmware/linux-firmware-20211027-2_openEuler-SA-2022-1779.json
index 2c938fc..febf62c 100644
--- a/cusa/l/linux-firmware/linux-firmware-20211027-2_openEuler-SA-2022-1779.json
+++ b/cusa/l/linux-firmware/linux-firmware-20211027-2_openEuler-SA-2022-1779.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1779",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1779",
"title": "An update for linux-firmware is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This package contains firmware images required by some devices.\r\n\r\nSecurity Fix(es):\r\n\r\nImproper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12321)",
"cves": [
{
"id": "CVE-2020-12321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12321",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1899.json b/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1899.json
index 5da83f5..457550c 100644
--- a/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1899.json
+++ b/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1899.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1899",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1899",
"title": "An update for linux-sgx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.\r\n\r\nSecurity Fix(es):\r\n\r\nIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)\r\n\r\nAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)",
"cves": [
{
"id": "CVE-2022-2097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1924.json b/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1924.json
index d1ede23..fb441bd 100644
--- a/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1924.json
+++ b/cusa/l/linux-sgx/linux-sgx-2.15.1-5_openEuler-SA-2022-1924.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1924",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1924",
"title": "An update for linux-sgx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.\r\n\r\nSecurity Fix(es):\r\n\r\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)",
"cves": [
{
"id": "CVE-2022-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/linux-sgx/linux-sgx-2.15.1-6_openEuler-SA-2022-1951.json b/cusa/l/linux-sgx/linux-sgx-2.15.1-6_openEuler-SA-2022-1951.json
index 429463e..de94f46 100644
--- a/cusa/l/linux-sgx/linux-sgx-2.15.1-6_openEuler-SA-2022-1951.json
+++ b/cusa/l/linux-sgx/linux-sgx-2.15.1-6_openEuler-SA-2022-1951.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1951",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1951",
"title": "An update for linux-sgx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.\r\n\r\nSecurity Fix(es):\r\n\r\nThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)",
"cves": [
{
"id": "CVE-2022-1292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/log4j12/log4j12-1.2.17-25_openEuler-SA-2022-2065.json b/cusa/l/log4j12/log4j12-1.2.17-25_openEuler-SA-2022-2065.json
index 5c4e696..7a07f5d 100644
--- a/cusa/l/log4j12/log4j12-1.2.17-25_openEuler-SA-2022-2065.json
+++ b/cusa/l/log4j12/log4j12-1.2.17-25_openEuler-SA-2022-2065.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-23302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/logback/logback-1.2.8-3_openEuler-SA-2023-1946.json b/cusa/l/logback/logback-1.2.8-3_openEuler-SA-2023-1946.json
index 5a71b7f..b5eb1a6 100644
--- a/cusa/l/logback/logback-1.2.8-3_openEuler-SA-2023-1946.json
+++ b/cusa/l/logback/logback-1.2.8-3_openEuler-SA-2023-1946.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1946",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1946",
"title": "An update for logback is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Logback is intended as a successor to the popular log4j project.\r\n\r\nSecurity Fix(es):\r\n\r\nA serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\r\n\r\n(CVE-2023-6378)\r\n\r\nA serialization vulnerability in logback receiver component part of \nlogback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\r\n\r\n(CVE-2023-6481)",
"cves": [
{
"id": "CVE-2023-6481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/logrotate/logrotate-3.20.1-1_openEuler-SA-2022-1724.json b/cusa/l/logrotate/logrotate-3.20.1-1_openEuler-SA-2022-1724.json
index 12f6e92..9bb7944 100644
--- a/cusa/l/logrotate/logrotate-3.20.1-1_openEuler-SA-2022-1724.json
+++ b/cusa/l/logrotate/logrotate-3.20.1-1_openEuler-SA-2022-1724.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1724",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1724",
"title": "An update for logrotate is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files.logrotate Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.(CVE-2022-1348)",
"cves": [
{
"id": "CVE-2022-1348",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1348",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/lua/lua-5.4.3-11_openEuler-SA-2023-1241.json b/cusa/l/lua/lua-5.4.3-11_openEuler-SA-2023-1241.json
index b52aad2..82698b8 100644
--- a/cusa/l/lua/lua-5.4.3-11_openEuler-SA-2023-1241.json
+++ b/cusa/l/lua/lua-5.4.3-11_openEuler-SA-2023-1241.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1241",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1241",
"title": "An update for lua is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.(CVE-2021-45985)",
"cves": [
{
"id": "CVE-2021-45985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45985",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/lua/lua-5.4.3-7_openEuler-SA-2022-1764.json b/cusa/l/lua/lua-5.4.3-7_openEuler-SA-2022-1764.json
index 892dbc6..602f8ae 100644
--- a/cusa/l/lua/lua-5.4.3-7_openEuler-SA-2022-1764.json
+++ b/cusa/l/lua/lua-5.4.3-7_openEuler-SA-2022-1764.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1764",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1764",
"title": "An update for lua is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.(CVE-2022-33099)",
"cves": [
{
"id": "CVE-2022-33099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33099",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/l/lua/lua-5.4.3-8_openEuler-SA-2022-1860.json b/cusa/l/lua/lua-5.4.3-8_openEuler-SA-2022-1860.json
index c662f2e..63e48f3 100644
--- a/cusa/l/lua/lua-5.4.3-8_openEuler-SA-2022-1860.json
+++ b/cusa/l/lua/lua-5.4.3-8_openEuler-SA-2022-1860.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1860",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1860",
"title": "An update for lua is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.\r\n\r\nSecurity Fix(es):\r\n\r\nUse after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.(CVE-2021-44964)",
"cves": [
{
"id": "CVE-2021-44964",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44964",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/m2crypto/m2crypto-0.38.0-2_openEuler-SA-2022-1852.json b/cusa/m/m2crypto/m2crypto-0.38.0-2_openEuler-SA-2022-1852.json
index f8f41e9..7d3b560 100644
--- a/cusa/m/m2crypto/m2crypto-0.38.0-2_openEuler-SA-2022-1852.json
+++ b/cusa/m/m2crypto/m2crypto-0.38.0-2_openEuler-SA-2022-1852.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1852",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1852",
"title": "An update for m2crypto is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "M2Crypto is a crypto and SSL toolkit for Python. It allows you to call OpenSSL functions from Python2 scripts.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.(CVE-2020-25657)",
"cves": [
{
"id": "CVE-2020-25657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25657",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mailman/mailman-3.3.2-5_openEuler-SA-2022-2005.json b/cusa/m/mailman/mailman-3.3.2-5_openEuler-SA-2022-2005.json
index dbca354..81580de 100644
--- a/cusa/m/mailman/mailman-3.3.2-5_openEuler-SA-2022-2005.json
+++ b/cusa/m/mailman/mailman-3.3.2-5_openEuler-SA-2022-2005.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2005",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2005",
"title": "An update for mailman is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is GNU Mailman, a mailing list management system distributed under the terms of the GNU General Public License (GPL) version 3 or later. The name of this software is spelled 'Mailman' with a leading capital 'M' but with a lower case second `m'. Any other spelling is incorrect. Security Fix(es):\r\n\r\nCheck the REST API password in a way that is resistant to timing attacks. Using basic string equality is vulnerable to timing attacks as it will short circuit at the first wrong character. Using hmac.compare_digest avoids that issue and will take the same time, regardless of whether the value is correct or not. This is only exploitable if an attacker can talk directly to the REST API, which by default is bound to localhost.\r\n\r\nReference:\r\n\r\nhttps://bugs.gentoo.org/828115(CVE-2021-34337)",
"cves": [
{
"id": "CVE-2021-34337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34337",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1587.json b/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1587.json
index 4e1a76a..a82b178 100644
--- a/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1587.json
+++ b/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1587.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1587",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1587",
"title": "An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.\r\n\r\nMariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.\r\n\r\nSecurity Fix(es):\r\n\r\nMariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.(CVE-2021-46669)\r\n\r\nMariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).(CVE-2021-46661)\r\n\r\nMariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.(CVE-2021-46667)\r\n\r\nMariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.(CVE-2021-46666)\r\n\r\nMariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.(CVE-2021-46662)\r\n\r\nMariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.(CVE-2021-46663)\r\n\r\nMariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.(CVE-2021-46665)\r\n\r\nMariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.(CVE-2021-46664)\r\n\r\nMariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.(CVE-2021-46659)\r\n\r\nget_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.(CVE-2021-46657)",
"cves": [
{
"id": "CVE-2021-46657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46657",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1616.json b/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1616.json
index 855f309..64f3e6d 100644
--- a/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1616.json
+++ b/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1616.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1616",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1616",
"title": "An update for mariadb is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.\r\n\r\nMariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.\r\n\r\nSecurity Fix(es):\r\n\r\nsave_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=True for a subquery.(CVE-2021-46658)\n\nMariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.(CVE-2021-46668)\n\nMariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.(CVE-2022-24051)\r\n\nMariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.(CVE-2022-24050)\n\r\nMariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.(CVE-2022-24048)",
"cves": [
{
"id": "CVE-2022-24048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24048",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1619.json b/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1619.json
index 78c111e..ddde8f2 100644
--- a/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1619.json
+++ b/cusa/m/mariadb/mariadb-10.5.15-2_openEuler-SA-2022-1619.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1619",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1619",
"title": "An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.\r\n\r\nSecurity Fix(es):\r\n\r\nMariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.(CVE-2022-24052)",
"cves": [
{
"id": "CVE-2022-24052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24052",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mariadb/mariadb-10.5.16-1_openEuler-SA-2022-1681.json b/cusa/m/mariadb/mariadb-10.5.16-1_openEuler-SA-2022-1681.json
index 8b0ecfd..36e3296 100644
--- a/cusa/m/mariadb/mariadb-10.5.16-1_openEuler-SA-2022-1681.json
+++ b/cusa/m/mariadb/mariadb-10.5.16-1_openEuler-SA-2022-1681.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1681",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1681",
"title": "An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.\n\nSecurity Fix(es):\n\nAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27379)\n\nMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.(CVE-2022-27386)\n\nMariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.(CVE-2022-27387)\n\nAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27384)\n\nAn issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27380)\n\nMariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.(CVE-2022-27383)\n\nAn issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27381)\n\nMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.(CVE-2022-27377)\n\nAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27378)\n\nMariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.(CVE-2022-27376)\n\nMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.(CVE-2022-27452)\n\nMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.(CVE-2022-27458)\n\nMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.(CVE-2022-27456)\n\nMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.(CVE-2022-27445)\n\nMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.(CVE-2022-27449)\n\nThere is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.(CVE-2022-27448)\n\nMariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.(CVE-2022-27447)\n\nAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.(CVE-2022-27385)\n\nMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.(CVE-2022-27382)\n\nMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.(CVE-2022-27451)\n\nMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.(CVE-2022-27457)\n\nMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.(CVE-2022-27446)\n\nMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.(CVE-2022-27444)\n\nMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.(CVE-2022-27455)",
"cves": [
{
"id": "CVE-2022-27455",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27455",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1750.json b/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1750.json
index f15400b..06b7db2 100644
--- a/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1750.json
+++ b/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1750.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1750",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1750",
"title": "An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.(CVE-2023-5157)",
"cves": [
{
"id": "CVE-2023-5157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5157",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1830.json b/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1830.json
index d336260..99f3306 100644
--- a/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1830.json
+++ b/cusa/m/mariadb/mariadb-10.5.22-1_openEuler-SA-2023-1830.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1830",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1830",
"title": "An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.\r\n\r\nSecurity Fix(es):\r\n\r\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)\r\n\r\nMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.(CVE-2022-32085)\r\n\r\nMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.(CVE-2022-32087)\r\n\r\nMariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.(CVE-2022-32091)\r\n\r\nMariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.(CVE-2022-47015)",
"cves": [
{
"id": "CVE-2022-47015",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47015",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mc/mc-4.8.28-1_openEuler-SA-2022-1771.json b/cusa/m/mc/mc-4.8.28-1_openEuler-SA-2022-1771.json
index fdf57b2..70fb2b3 100644
--- a/cusa/m/mc/mc-4.8.28-1_openEuler-SA-2022-1771.json
+++ b/cusa/m/mc/mc-4.8.28-1_openEuler-SA-2022-1771.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1771",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1771",
"title": "An update for mc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GNU Midnight Commander is a visual file manager, licensed under GNU General Public License and therefore qualifies as Free Software. It's a feature rich full-screen text mode application that allows you to copy, move and delete files and whole directory trees, search for files and run commands in the subshell. Internal viewer and editor are included.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.(CVE-2021-36370)",
"cves": [
{
"id": "CVE-2021-36370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36370",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mdadm/mdadm-4.1-11_openEuler-SA-2023-1649.json b/cusa/m/mdadm/mdadm-4.1-11_openEuler-SA-2023-1649.json
index ac45981..31f0d27 100644
--- a/cusa/m/mdadm/mdadm-4.1-11_openEuler-SA-2023-1649.json
+++ b/cusa/m/mdadm/mdadm-4.1-11_openEuler-SA-2023-1649.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1649",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1649",
"title": "An update for mdadm is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "mdadm is a tool for managing Linux Software RAID arrays. It can create, assemble, report on, and monitor arrays. It can also move spares between raid arrays when needed.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-28736)\r\n\r\nUncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.(CVE-2023-28938)",
"cves": [
{
"id": "CVE-2023-28938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28938",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/metadata-extractor2/metadata-extractor2-2.18.0-1_openEuler-SA-2024-1023.json b/cusa/m/metadata-extractor2/metadata-extractor2-2.18.0-1_openEuler-SA-2024-1023.json
index c740d62..e87b8b7 100644
--- a/cusa/m/metadata-extractor2/metadata-extractor2-2.18.0-1_openEuler-SA-2024-1023.json
+++ b/cusa/m/metadata-extractor2/metadata-extractor2-2.18.0-1_openEuler-SA-2024-1023.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1023",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1023",
"title": "An update for metadata-extractor2 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Metadata Extractor is a straightforward Java library for reading metadata from image files.\r\n\r\nSecurity Fix(es):\r\n\r\nmetadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.(CVE-2022-24613)\r\n\r\nWhen reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.(CVE-2022-24614)",
"cves": [
{
"id": "CVE-2022-24614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24614",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/microcode_ctl/microcode_ctl-2.1-36_openEuler-SA-2022-1773.json b/cusa/m/microcode_ctl/microcode_ctl-2.1-36_openEuler-SA-2022-1773.json
index 9ccdd1a..ffa9593 100644
--- a/cusa/m/microcode_ctl/microcode_ctl-2.1-36_openEuler-SA-2022-1773.json
+++ b/cusa/m/microcode_ctl/microcode_ctl-2.1-36_openEuler-SA-2022-1773.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1773",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1773",
"title": "An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is a tool to transform and deploy microcode update for x86 CPUs.\r\n\r\nSecurity Fix(es):\r\n\r\nIncomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2020-24489)\n\nDomain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24513)\n\nHardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.(CVE-2021-0146)",
"cves": [
{
"id": "CVE-2021-0146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0146",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/microcode_ctl/microcode_ctl-2.1-37_openEuler-SA-2022-1969.json b/cusa/m/microcode_ctl/microcode_ctl-2.1-37_openEuler-SA-2022-1969.json
index 91e51f8..22a82af 100644
--- a/cusa/m/microcode_ctl/microcode_ctl-2.1-37_openEuler-SA-2022-1969.json
+++ b/cusa/m/microcode_ctl/microcode_ctl-2.1-37_openEuler-SA-2022-1969.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1969",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1969",
"title": "An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is a tool to transform and deploy microcode update for x86 CPUs.\r\n\r\nSecurity Fix(es):\r\n\r\nImproper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.(CVE-2022-21233)",
"cves": [
{
"id": "CVE-2022-21233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21233",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/microcode_ctl/microcode_ctl-2.1-41_openEuler-SA-2023-1550.json b/cusa/m/microcode_ctl/microcode_ctl-2.1-41_openEuler-SA-2023-1550.json
index 3e91010..c765955 100644
--- a/cusa/m/microcode_ctl/microcode_ctl-2.1-41_openEuler-SA-2023-1550.json
+++ b/cusa/m/microcode_ctl/microcode_ctl-2.1-41_openEuler-SA-2023-1550.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1550",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1550",
"title": "An update for microcode_ctl is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is a tool to transform and deploy microcode update for x86 CPUs.\n\nSecurity Fix(es):\n\nIncorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2022-33196)\n\nImproper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.(CVE-2022-38090)\n\nInformation exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2022-40982)",
"cves": [
{
"id": "CVE-2022-40982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40982",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/microcode_ctl/microcode_ctl-2.1-42_openEuler-SA-2023-1855.json b/cusa/m/microcode_ctl/microcode_ctl-2.1-42_openEuler-SA-2023-1855.json
index 2a6a9fe..bd00d50 100644
--- a/cusa/m/microcode_ctl/microcode_ctl-2.1-42_openEuler-SA-2023-1855.json
+++ b/cusa/m/microcode_ctl/microcode_ctl-2.1-42_openEuler-SA-2023-1855.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1855",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1855",
"title": "An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "This is a tool to transform and deploy microcode update for x86 CPUs.\r\n\r\nSecurity Fix(es):\r\n\r\nSequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.(CVE-2023-23583)",
"cves": [
{
"id": "CVE-2023-23583",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23583",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/microcode_ctl/microcode_ctl-20240312-1_openEuler-SA-2024-1295.json b/cusa/m/microcode_ctl/microcode_ctl-20240312-1_openEuler-SA-2024-1295.json
index 8e3e0df..75faeeb 100644
--- a/cusa/m/microcode_ctl/microcode_ctl-20240312-1_openEuler-SA-2024-1295.json
+++ b/cusa/m/microcode_ctl/microcode_ctl-20240312-1_openEuler-SA-2024-1295.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1295",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1295",
"title": "An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is a tool to transform and deploy microcode update for x86 CPUs.\r\n\r\nSecurity Fix(es):\r\n\r\nNon-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2023-38575)\r\n\r\nProtection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.(CVE-2023-39368)",
"cves": [
{
"id": "CVE-2023-39368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39368",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.13.2-1_openEuler-SA-2023-1235.json b/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.13.2-1_openEuler-SA-2023-1235.json
index 7a2737d..89fd71f 100644
--- a/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.13.2-1_openEuler-SA-2023-1235.json
+++ b/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.13.2-1_openEuler-SA-2023-1235.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1235",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1235",
"title": "An update for mod_auth_openidc is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party(RP) to an OpenID Connect Provider(OP).\r\n\r\nSecurity Fix(es):\r\n\r\nmod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.(CVE-2022-23527)\r\n\r\nmod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.(CVE-2023-28625)",
"cves": [
{
"id": "CVE-2023-28625",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28625",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.15.3-1_openEuler-SA-2024-1191.json b/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.15.3-1_openEuler-SA-2024-1191.json
index b8daa9f..37ec2e5 100644
--- a/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.15.3-1_openEuler-SA-2024-1191.json
+++ b/cusa/m/mod_auth_openidc/mod_auth_openidc-2.4.15.3-1_openEuler-SA-2024-1191.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1191",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1191",
"title": "An update for mod_auth_openidc is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party(RP) to an OpenID Connect Provider(OP).\r\n\r\nSecurity Fix(es):\r\n\r\nmod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-24814)",
"cves": [
{
"id": "CVE-2024-24814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24814",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_fcgid/mod_fcgid-2.3.9-21_openEuler-SA-2022-1758.json b/cusa/m/mod_fcgid/mod_fcgid-2.3.9-21_openEuler-SA-2022-1758.json
index 81a38e3..91047f6 100644
--- a/cusa/m/mod_fcgid/mod_fcgid-2.3.9-21_openEuler-SA-2022-1758.json
+++ b/cusa/m/mod_fcgid/mod_fcgid-2.3.9-21_openEuler-SA-2022-1758.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1758",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1758",
"title": "An update for mod_fcgid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mod_fcgid is an Apache module providing a FastCGI interface. It's an alternative to mod_fastcgi that is specifically tuned for the dynamic FastCGI configuration used on DreamHost servers.\r\n\r\nSecurity Fix(es):\r\n\r\nA security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.(CVE-2016-1000104)",
"cves": [
{
"id": "CVE-2016-1000104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000104",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_http2/mod_http2-1.15.25-3_openEuler-SA-2024-1452.json b/cusa/m/mod_http2/mod_http2-1.15.25-3_openEuler-SA-2024-1452.json
index 840c542..9858e7c 100644
--- a/cusa/m/mod_http2/mod_http2-1.15.25-3_openEuler-SA-2024-1452.json
+++ b/cusa/m/mod_http2/mod_http2-1.15.25-3_openEuler-SA-2024-1452.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1452",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1452",
"title": "An update for mod_http2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Mod_h[ttp]2 is an official Apache httpd module, first released in 2.4.17. See Apache downloads to get a released version. mod_proxy_h[ttp]2 has been released in 2.4.23.\r\n\r\nSecurity Fix(es):\r\n\r\nHTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.(CVE-2024-27316)",
"cves": [
{
"id": "CVE-2024-27316",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_security/mod_security-2.9.5-3_openEuler-SA-2024-1377.json b/cusa/m/mod_security/mod_security-2.9.5-3_openEuler-SA-2024-1377.json
index 2ceaf9b..fbd3202 100644
--- a/cusa/m/mod_security/mod_security-2.9.5-3_openEuler-SA-2024-1377.json
+++ b/cusa/m/mod_security/mod_security-2.9.5-3_openEuler-SA-2024-1377.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1377",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1377",
"title": "An update for mod_security is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more information.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.(CVE-2022-48279)",
"cves": [
{
"id": "CVE-2022-48279",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_security_crs/mod_security_crs-3.2.2-1_openEuler-SA-2022-1970.json b/cusa/m/mod_security_crs/mod_security_crs-3.2.2-1_openEuler-SA-2022-1970.json
index f8409a3..ba9d68e 100644
--- a/cusa/m/mod_security_crs/mod_security_crs-3.2.2-1_openEuler-SA-2022-1970.json
+++ b/cusa/m/mod_security_crs/mod_security_crs-3.2.2-1_openEuler-SA-2022-1970.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1970",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1970",
"title": "An update for mod_security_crs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The base rules are provided for mod_security by this package.\r\n\r\nSecurity Fix(es):\r\n\r\nThe OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.(CVE-2022-39958)\r\n\r\nThe OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional \"charset\" parameter in order to receive the response in an encoded form. Depending on the \"charset\", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.(CVE-2022-39957)",
"cves": [
{
"id": "CVE-2022-39957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39957",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mod_wsgi/mod_wsgi-4.6.4-3_openEuler-SA-2022-1827.json b/cusa/m/mod_wsgi/mod_wsgi-4.6.4-3_openEuler-SA-2022-1827.json
index 1d11618..0003fa5 100644
--- a/cusa/m/mod_wsgi/mod_wsgi-4.6.4-3_openEuler-SA-2022-1827.json
+++ b/cusa/m/mod_wsgi/mod_wsgi-4.6.4-3_openEuler-SA-2022-1827.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1827",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1827",
"title": "An update for mod_wsgi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The mod_wsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime andfor hosting WSGI applications within Apache has a lower overhead than using existing WSGI adapters for mod_python or CGI.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy (trusted proxies are configured via the WSGITrustedProxies directive) allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.\r\n\r\nReferences:\nhttps://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941\nhttps://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082(CVE-2022-2255)",
"cves": [
{
"id": "CVE-2022-2255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2255",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mongo-c-driver/mongo-c-driver-1.13.1-7_openEuler-SA-2024-1076.json b/cusa/m/mongo-c-driver/mongo-c-driver-1.13.1-7_openEuler-SA-2024-1076.json
index 1677225..7a8f90a 100644
--- a/cusa/m/mongo-c-driver/mongo-c-driver-1.13.1-7_openEuler-SA-2024-1076.json
+++ b/cusa/m/mongo-c-driver/mongo-c-driver-1.13.1-7_openEuler-SA-2024-1076.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1076",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1076",
"title": "An update for mongo-c-driver is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\r\n\r\n(CVE-2023-0437)",
"cves": [
{
"id": "CVE-2023-0437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0437",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mosquitto/mosquitto-1.6.15-6_openEuler-SA-2022-2053.json b/cusa/m/mosquitto/mosquitto-1.6.15-6_openEuler-SA-2022-2053.json
index 716b322..2353c87 100644
--- a/cusa/m/mosquitto/mosquitto-1.6.15-6_openEuler-SA-2022-2053.json
+++ b/cusa/m/mosquitto/mosquitto-1.6.15-6_openEuler-SA-2022-2053.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2053",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2053",
"title": "An update for mosquitto is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.(CVE-2021-34432)",
"cves": [
{
"id": "CVE-2021-34432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34432",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1680.json b/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1680.json
index 9765dcf..b1cfa83 100644
--- a/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1680.json
+++ b/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1680.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1680",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1680",
"title": "An update for mosquitto is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino.\r\n\r\nSecurity Fix(es):\r\n\r\nThe broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.(CVE-2023-28366)",
"cves": [
{
"id": "CVE-2023-28366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1718.json b/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1718.json
index 198e70e..82b0bce 100644
--- a/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1718.json
+++ b/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1718.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1718",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1718",
"title": "An update for mosquitto is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.(CVE-2023-0809)",
"cves": [
{
"id": "CVE-2023-0809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1772.json b/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1772.json
index db686af..34e8b26 100644
--- a/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1772.json
+++ b/cusa/m/mosquitto/mosquitto-2.0.16-1_openEuler-SA-2023-1772.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1772",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1772",
"title": "An update for mosquitto is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\n(CVE-2023-3592)\r\n\r\nIn Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6\r\n\r\n\n(CVE-2023-5632)",
"cves": [
{
"id": "CVE-2023-5632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5632",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mozjs78/mozjs91-91.6.0-4_openEuler-SA-2024-1405.json b/cusa/m/mozjs78/mozjs91-91.6.0-4_openEuler-SA-2024-1405.json
index 7f8ba41..3c8cde1 100644
--- a/cusa/m/mozjs78/mozjs91-91.6.0-4_openEuler-SA-2024-1405.json
+++ b/cusa/m/mozjs78/mozjs91-91.6.0-4_openEuler-SA-2024-1405.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1405",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1405",
"title": "An update for mozjs78 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23599)\r\n\r\nNavigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23601)",
"cves": [
{
"id": "CVE-2023-23601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23601",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mujs/mujs-1.2.0-2_openEuler-SA-2022-1976.json b/cusa/m/mujs/mujs-1.2.0-2_openEuler-SA-2022-1976.json
index 5686101..2f3c333 100644
--- a/cusa/m/mujs/mujs-1.2.0-2_openEuler-SA-2022-1976.json
+++ b/cusa/m/mujs/mujs-1.2.0-2_openEuler-SA-2022-1976.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2016-9136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9136",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mujs/mujs-1.2.0-3_openEuler-SA-2023-1137.json b/cusa/m/mujs/mujs-1.2.0-3_openEuler-SA-2023-1137.json
index efd086d..45c1f0b 100644
--- a/cusa/m/mujs/mujs-1.2.0-3_openEuler-SA-2023-1137.json
+++ b/cusa/m/mujs/mujs-1.2.0-3_openEuler-SA-2023-1137.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1137",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1137",
"title": "An update for mujs is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities.\r\n\r\nSecurity Fix(es):\r\n\r\nA logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.(CVE-2022-44789)",
"cves": [
{
"id": "CVE-2022-44789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44789",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/multipath-tools/multipath-tools-0.8.7-5_openEuler-SA-2022-2042.json b/cusa/m/multipath-tools/multipath-tools-0.8.7-5_openEuler-SA-2022-2042.json
index de559dc..8d68995 100644
--- a/cusa/m/multipath-tools/multipath-tools-0.8.7-5_openEuler-SA-2022-2042.json
+++ b/cusa/m/multipath-tools/multipath-tools-0.8.7-5_openEuler-SA-2022-2042.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2042",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2042",
"title": "An update for multipath-tools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides the multipath tool and the multipathd daemon to manage dm-multipath devices. multipath can detect and set up multipath maps. multipathd sets up multipath maps automatically,monitors path devices for failure, removal, or addition, and applies the necessary changes to the multipath maps to ensure continuous availability of the map devices.\r\n\r\nSecurity Fix(es):\r\n\r\nmultipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.(CVE-2022-41973)",
"cves": [
{
"id": "CVE-2022-41973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41973",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/multipath-tools/multipath-tools-0.8.7-6_openEuler-SA-2022-2050.json b/cusa/m/multipath-tools/multipath-tools-0.8.7-6_openEuler-SA-2022-2050.json
index 3b6b55b..b3222bc 100644
--- a/cusa/m/multipath-tools/multipath-tools-0.8.7-6_openEuler-SA-2022-2050.json
+++ b/cusa/m/multipath-tools/multipath-tools-0.8.7-6_openEuler-SA-2022-2050.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2050",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2050",
"title": "An update for multipath-tools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides the multipath tool and the multipathd daemon to manage dm-multipath devices. multipath can detect and set up multipath maps. multipathd sets up multipath maps automatically, monitors path devices for failure, removal, or addition, and applies the necessary changes to the multipath maps to ensure continuous availability of the map devices.\r\n\r\nSecurity Fix(es):\r\n\r\nmultipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.(CVE-2022-41974)",
"cves": [
{
"id": "CVE-2022-41974",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41974",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mutt/mutt-2.1.3-2_openEuler-SA-2022-1633.json b/cusa/m/mutt/mutt-2.1.3-2_openEuler-SA-2022-1633.json
index a729b6f..9fc42a9 100644
--- a/cusa/m/mutt/mutt-2.1.3-2_openEuler-SA-2022-1633.json
+++ b/cusa/m/mutt/mutt-2.1.3-2_openEuler-SA-2022-1633.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1633",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1633",
"title": "An update for mutt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Mutt is a small but very powerful text-based mail client for Unix operating systems.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line.(CVE-2022-1328)",
"cves": [
{
"id": "CVE-2022-1328",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1328",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mutt/mutt-2.2.12-1_openEuler-SA-2023-1660.json b/cusa/m/mutt/mutt-2.2.12-1_openEuler-SA-2023-1660.json
index af01f93..644efea 100644
--- a/cusa/m/mutt/mutt-2.2.12-1_openEuler-SA-2023-1660.json
+++ b/cusa/m/mutt/mutt-2.2.12-1_openEuler-SA-2023-1660.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1660",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1660",
"title": "An update for mutt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Mutt is a small but very powerful text-based mail client for Unix operating systems.\r\n\r\nSecurity Fix(es):\r\n\r\nNull pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12(CVE-2023-4874)\r\n\r\nNull pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12(CVE-2023-4875)",
"cves": [
{
"id": "CVE-2023-4875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4875",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql-connector-java/mysql-connector-java-8.0.16-1_openEuler-SA-2022-2076.json b/cusa/m/mysql-connector-java/mysql-connector-java-8.0.16-1_openEuler-SA-2022-2076.json
index e4484e4..096f1ed 100644
--- a/cusa/m/mysql-connector-java/mysql-connector-java-8.0.16-1_openEuler-SA-2022-2076.json
+++ b/cusa/m/mysql-connector-java/mysql-connector-java-8.0.16-1_openEuler-SA-2022-2076.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2076",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2076",
"title": "An update for mysql-connector-java is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "MySQL Connector/J is a native Java driver that converts JDBC (Java Database Connectivity) calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate data, even in a heterogeneous environment. MySQL Connector/J is a Type IV JDBC driver and has a complete JDBC feature set that supports the capabilities of MySQL.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2019-2692)",
"cves": [
{
"id": "CVE-2019-2692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2692",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql-connector-java/mysql-connector-java-8.0.30-1_openEuler-SA-2024-1103.json b/cusa/m/mysql-connector-java/mysql-connector-java-8.0.30-1_openEuler-SA-2024-1103.json
index 4aa7f65..1403cb5 100644
--- a/cusa/m/mysql-connector-java/mysql-connector-java-8.0.30-1_openEuler-SA-2024-1103.json
+++ b/cusa/m/mysql-connector-java/mysql-connector-java-8.0.30-1_openEuler-SA-2024-1103.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1103",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1103",
"title": "An update for mysql-connector-java is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Official JDBC driver for MySQL.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).(CVE-2021-2471)\r\n\r\nVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).(CVE-2022-21363)",
"cves": [
{
"id": "CVE-2022-21363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql/mysql-8.0.35-1_openEuler-SA-2023-1836.json b/cusa/m/mysql/mysql-8.0.35-1_openEuler-SA-2023-1836.json
index 02a5bb2..5d73be9 100644
--- a/cusa/m/mysql/mysql-8.0.35-1_openEuler-SA-2023-1836.json
+++ b/cusa/m/mysql/mysql-8.0.35-1_openEuler-SA-2023-1836.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-22115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22115",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1560.json b/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1560.json
index 33e9ff8..769a860 100644
--- a/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1560.json
+++ b/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1560.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1560",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1560",
"title": "An update for mysql is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\r\n\r\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\r\n\r\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\r\n\r\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\r\n\r\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.(CVE-2023-6129)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20960)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20961)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20962)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20963)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20964)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20965)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20966)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-20967)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-20969)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20970)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20971)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20972)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20973)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20974)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20976)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20977)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20978)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20981)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20982)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20984)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20985)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20993)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20994)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20998)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21000)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21008)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21009)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21013)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21047)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21054)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21055)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21057)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21060)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21061)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21062)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21069)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).(CVE-2024-21096)\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21102)",
"cves": [
{
"id": "CVE-2024-21102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21102",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1633.json b/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1633.json
index 7e33b97..c48c929 100644
--- a/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1633.json
+++ b/cusa/m/mysql/mysql-8.0.37-1_openEuler-SA-2024-1633.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1633",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1633",
"title": "An update for mysql is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21087)",
"cves": [
{
"id": "CVE-2024-21087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21087",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql5/mysql5-5.7.37-1_openEuler-SA-2022-1634.json b/cusa/m/mysql5/mysql5-5.7.37-1_openEuler-SA-2022-1634.json
index 5cc28e4..d07a0d1 100644
--- a/cusa/m/mysql5/mysql5-5.7.37-1_openEuler-SA-2022-1634.json
+++ b/cusa/m/mysql5/mysql5-5.7.37-1_openEuler-SA-2022-1634.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1634",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1634",
"title": "An update for mysql5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21270)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21303)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21304)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21344)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21367)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-35624)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-2356)\n\nVulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2011)\n\nVulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).(CVE-2021-2010)\n\nVulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-2007)",
"cves": [
{
"id": "CVE-2021-2007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2007",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/m/mysql5/mysql5-5.7.38-1_openEuler-SA-2022-1682.json b/cusa/m/mysql5/mysql5-5.7.38-1_openEuler-SA-2022-1682.json
index 1349af5..4b9386d 100644
--- a/cusa/m/mysql5/mysql5-5.7.38-1_openEuler-SA-2022-1682.json
+++ b/cusa/m/mysql5/mysql5-5.7.38-1_openEuler-SA-2022-1682.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1682",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1682",
"title": "An update for mysql5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.\n\nSecurity Fix(es):\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21451)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21417)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-2226)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21444)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21460)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21427)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21454)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21245)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2202)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2171)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2022)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2179)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2174)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2194)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-2032)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2160)",
"cves": [
{
"id": "CVE-2021-2160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2160",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nasm/nasm-2.15.05-5_openEuler-SA-2023-1245.json b/cusa/n/nasm/nasm-2.15.05-5_openEuler-SA-2023-1245.json
index ce68f65..76e3e43 100644
--- a/cusa/n/nasm/nasm-2.15.05-5_openEuler-SA-2023-1245.json
+++ b/cusa/n/nasm/nasm-2.15.05-5_openEuler-SA-2023-1245.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1245",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1245",
"title": "An update for nasm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\r\n\r\nSecurity Fix(es):\r\n\r\nNASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856(CVE-2022-44370)",
"cves": [
{
"id": "CVE-2022-44370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44370",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nasm/nasm-2.15.05-6_openEuler-SA-2023-1626.json b/cusa/n/nasm/nasm-2.15.05-6_openEuler-SA-2023-1626.json
index f8d834e..ba13372 100644
--- a/cusa/n/nasm/nasm-2.15.05-6_openEuler-SA-2023-1626.json
+++ b/cusa/n/nasm/nasm-2.15.05-6_openEuler-SA-2023-1626.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1626",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1626",
"title": "An update for nasm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\r\n\r\nSecurity Fix(es):\r\n\r\nA Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.(CVE-2020-21528)",
"cves": [
{
"id": "CVE-2020-21528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21528",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nautilus/nautilus-3.38.2-2_openEuler-SA-2024-1628.json b/cusa/n/nautilus/nautilus-3.38.2-2_openEuler-SA-2024-1628.json
index b884cf4..79d3503 100644
--- a/cusa/n/nautilus/nautilus-3.38.2-2_openEuler-SA-2024-1628.json
+++ b/cusa/n/nautilus/nautilus-3.38.2-2_openEuler-SA-2024-1628.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1628",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1628",
"title": "An update for nautilus is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems. preview folders and launch related programs. It is also handle icons on the GNOME desktop.\r\n\r\nSecurity Fix(es):\r\n\r\nGNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.(CVE-2022-37290)",
"cves": [
{
"id": "CVE-2022-37290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37290",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/ncurses/ncurses-6.3-3_openEuler-SA-2022-1635.json b/cusa/n/ncurses/ncurses-6.3-3_openEuler-SA-2022-1635.json
index 66e98d4..920b597 100644
--- a/cusa/n/ncurses/ncurses-6.3-3_openEuler-SA-2022-1635.json
+++ b/cusa/n/ncurses/ncurses-6.3-3_openEuler-SA-2022-1635.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1635",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1635",
"title": "An update for ncurses is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0 (SVr4), and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr4 curses became the basis of X/Open Curses.\r\n\r\nSecurity Fix(es):\r\n\nncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.(CVE-2022-29458)",
"cves": [
{
"id": "CVE-2022-29458",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/ncurses/ncurses-6.3-6_openEuler-SA-2023-1426.json b/cusa/n/ncurses/ncurses-6.3-6_openEuler-SA-2023-1426.json
index 3376398..03be3d1 100644
--- a/cusa/n/ncurses/ncurses-6.3-6_openEuler-SA-2023-1426.json
+++ b/cusa/n/ncurses/ncurses-6.3-6_openEuler-SA-2023-1426.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1426",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1426",
"title": "An update for ncurses is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0 (SVr4), and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr4 curses became the basis of X/Open Curses.\n\nSecurity Fix(es):\n\nncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.(CVE-2023-29491)",
"cves": [
{
"id": "CVE-2023-29491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29491",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/ncurses/ncurses-6.3-7_openEuler-SA-2023-1969.json b/cusa/n/ncurses/ncurses-6.3-7_openEuler-SA-2023-1969.json
index cb31d93..e12f924 100644
--- a/cusa/n/ncurses/ncurses-6.3-7_openEuler-SA-2023-1969.json
+++ b/cusa/n/ncurses/ncurses-6.3-7_openEuler-SA-2023-1969.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1969",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1969",
"title": "An update for ncurses is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0 (SVr4), and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr4 curses became the basis of X/Open Curses.\r\n\r\nSecurity Fix(es):\r\n\r\nNCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().(CVE-2023-50495)",
"cves": [
{
"id": "CVE-2023-50495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nekohtml/nekohtml-1.9.22-9_openEuler-SA-2022-1636.json b/cusa/n/nekohtml/nekohtml-1.9.22-9_openEuler-SA-2022-1636.json
index 41a63be..c5f180e 100644
--- a/cusa/n/nekohtml/nekohtml-1.9.22-9_openEuler-SA-2022-1636.json
+++ b/cusa/n/nekohtml/nekohtml-1.9.22-9_openEuler-SA-2022-1636.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1636",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1636",
"title": "An update for nekohtml is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces.\n\r\nSecurity Fix(es):\norg.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.(CVE-2022-24839)",
"cves": [
{
"id": "CVE-2022-24839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24839",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/net-snmp/net-snmp-5.9.1-3_openEuler-SA-2022-1888.json b/cusa/n/net-snmp/net-snmp-5.9.1-3_openEuler-SA-2022-1888.json
index 68e8a10..32fbf80 100644
--- a/cusa/n/net-snmp/net-snmp-5.9.1-3_openEuler-SA-2022-1888.json
+++ b/cusa/n/net-snmp/net-snmp-5.9.1-3_openEuler-SA-2022-1888.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1888",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1888",
"title": "An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:\n\n+\t\t- An extensible agent for responding to SNMP queries including built-in\n+\t\tsupport for a wide range of MIB information modules\n+\t\t- Command-line applications to retrieve and manipulate information from\n+\t\tSNMP-capable devices\n+\t\t- A daemon application for receiving SNMP notifications\n+\t\t- A library for developing new SNMP applications, with C and Perl APIs\n+\t\t- A graphical MIB browser.\r\n\r\nSecurity Fix(es):\r\n\r\nhttps://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES\nCVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24809)\r\n\r\nCVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.\nhttps://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES(CVE-2022-24807)\r\n\r\nhttps://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES\r\n\r\nCVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference(CVE-2022-24808)\r\n\r\n+*5.9.2*:\n+ security:\n+ - These two CVEs can be exploited by a user with read-only credentials:\n+ - CVE-2022-24805 A buffer overflow in the handling of the INDEX of\n+ NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.\n+ - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable\n+ can cause a NULL pointer dereference.\n+ - These CVEs can be exploited by a user with read-write credentials:\n+ - CVE-2022-24806 Improper Input Validation when SETing malformed\n+ OIDs in master agent and subagent simultaneously\n+ - CVE-2022-24807 A malformed OID in a SET request to\n+ SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an\n+ out-of-bounds memory access.\n+ - CVE-2022-24808 A malformed OID in a SET request to\n+ NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference\n+ - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable\n+ can cause a NULL pointer dereference.\n+ - To avoid these flaws, use strong SNMPv3 credentials and do not share them.\n+ If you must use SNMPv1 or SNMPv2c, use a complex community string\n+ and enhance the protection by restricting access to a given IP address range.\n+ - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for\n+ reporting the following CVEs that have been fixed in this release, and\n+ to Arista Networks for providing fixes.(CVE-2022-24805)\r\n\r\nhttps://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES\n CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24810)\r\n\r\nFrom https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES\nCVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously(CVE-2022-24806)",
"cves": [
{
"id": "CVE-2022-24806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24806",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/net-snmp/net-snmp-5.9.1-5_openEuler-SA-2023-1010.json b/cusa/n/net-snmp/net-snmp-5.9.1-5_openEuler-SA-2023-1010.json
index e0bd6f0..ac8abea 100644
--- a/cusa/n/net-snmp/net-snmp-5.9.1-5_openEuler-SA-2023-1010.json
+++ b/cusa/n/net-snmp/net-snmp-5.9.1-5_openEuler-SA-2023-1010.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1010",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1010",
"title": "An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:\n\n\t\t- An extensible agent for responding to SNMP queries including built-in support for a wide range of MIB information modules\n\t\t- Command-line applications to retrieve and manipulate information from SNMP-capable devices\n\t\t- A daemon application for receiving SNMP notifications\n\t\t- A library for developing new SNMP applications, with C and Perl APIs\n\t\t- A graphical MIB browser.\r\n\r\nSecurity Fix(es):\r\n\r\nhandle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44793)\r\n\r\nhandle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44792)",
"cves": [
{
"id": "CVE-2022-44792",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44792",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/netty/netty-4.1.13-20_openEuler-SA-2023-1906.json b/cusa/n/netty/netty-4.1.13-20_openEuler-SA-2023-1906.json
index 3c8757c..75e3faf 100644
--- a/cusa/n/netty/netty-4.1.13-20_openEuler-SA-2023-1906.json
+++ b/cusa/n/netty/netty-4.1.13-20_openEuler-SA-2023-1906.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1906",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1906",
"title": "An update for netty is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Asynchronous event-driven network application Java framework.\r\n\r\nSecurity Fix(es):\r\n\r\nNetty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.(CVE-2022-41881)",
"cves": [
{
"id": "CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nghttp2/nghttp2-1.46.0-3_openEuler-SA-2023-1506.json b/cusa/n/nghttp2/nghttp2-1.46.0-3_openEuler-SA-2023-1506.json
index eb7e368..4d8ea05 100644
--- a/cusa/n/nghttp2/nghttp2-1.46.0-3_openEuler-SA-2023-1506.json
+++ b/cusa/n/nghttp2/nghttp2-1.46.0-3_openEuler-SA-2023-1506.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1506",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1506",
"title": "An update for nghttp2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2.\r\n\r\nSecurity Fix(es):\r\n\r\nEnvoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.(CVE-2023-35945)",
"cves": [
{
"id": "CVE-2023-35945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nghttp2/nghttp2-1.46.0-4_openEuler-SA-2023-1771.json b/cusa/n/nghttp2/nghttp2-1.46.0-4_openEuler-SA-2023-1771.json
index d14d564..1970ac6 100644
--- a/cusa/n/nghttp2/nghttp2-1.46.0-4_openEuler-SA-2023-1771.json
+++ b/cusa/n/nghttp2/nghttp2-1.46.0-4_openEuler-SA-2023-1771.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1771",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1771",
"title": "An update for nghttp2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2.\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)",
"cves": [
{
"id": "CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nghttp2/nghttp2-1.46.0-5_openEuler-SA-2024-1389.json b/cusa/n/nghttp2/nghttp2-1.46.0-5_openEuler-SA-2024-1389.json
index 7813404..c32269a 100644
--- a/cusa/n/nghttp2/nghttp2-1.46.0-5_openEuler-SA-2024-1389.json
+++ b/cusa/n/nghttp2/nghttp2-1.46.0-5_openEuler-SA-2024-1389.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1389",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1389",
"title": "An update for nghttp2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2.\r\n\r\nSecurity Fix(es):\r\n\r\nnghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.(CVE-2024-28182)",
"cves": [
{
"id": "CVE-2024-28182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nginx/nginx-1.21.5-1_openEuler-SA-2022-1637.json b/cusa/n/nginx/nginx-1.21.5-1_openEuler-SA-2022-1637.json
index 84ee3d6..d750611 100644
--- a/cusa/n/nginx/nginx-1.21.5-1_openEuler-SA-2022-1637.json
+++ b/cusa/n/nginx/nginx-1.21.5-1_openEuler-SA-2022-1637.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1637",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1637",
"title": "An update for nginx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.\r\n\r\nSecurity Fix(es):\nALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.(CVE-2021-3618)",
"cves": [
{
"id": "CVE-2021-3618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3618",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nginx/nginx-1.21.5-2_openEuler-SA-2022-2023.json b/cusa/n/nginx/nginx-1.21.5-2_openEuler-SA-2022-2023.json
index 4f2b051..c768aac 100644
--- a/cusa/n/nginx/nginx-1.21.5-2_openEuler-SA-2022-2023.json
+++ b/cusa/n/nginx/nginx-1.21.5-2_openEuler-SA-2022-2023.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2023",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2023",
"title": "An update for nginx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "NGINX is a free, open-source, high-performance HTTP server and reverse proxy,as well as an IMAP/POP3 proxy server.\r\n\r\nSecurity Fix(es):\r\n\r\nNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41742)\r\n\r\nNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41741)",
"cves": [
{
"id": "CVE-2022-41741",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nginx/nginx-1.21.5-5_openEuler-SA-2023-1777.json b/cusa/n/nginx/nginx-1.21.5-5_openEuler-SA-2023-1777.json
index 0a2caae..118e86d 100644
--- a/cusa/n/nginx/nginx-1.21.5-5_openEuler-SA-2023-1777.json
+++ b/cusa/n/nginx/nginx-1.21.5-5_openEuler-SA-2023-1777.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1777",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1777",
"title": "An update for nginx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)",
"cves": [
{
"id": "CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-fstream/nodejs-fstream-1.0.12-1_openEuler-SA-2022-2084.json b/cusa/n/nodejs-fstream/nodejs-fstream-1.0.12-1_openEuler-SA-2022-2084.json
index 3b16728..a981167 100644
--- a/cusa/n/nodejs-fstream/nodejs-fstream-1.0.12-1_openEuler-SA-2022-2084.json
+++ b/cusa/n/nodejs-fstream/nodejs-fstream-1.0.12-1_openEuler-SA-2022-2084.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2084",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2084",
"title": "An update for nodejs-fstream is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink, etc.\r\n\r\nSecurity Fix(es):\r\n\r\nfstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173)",
"cves": [
{
"id": "CVE-2019-13173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13173",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-4_openEuler-SA-2022-1638.json b/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-4_openEuler-SA-2022-1638.json
index f848506..c0561c1 100644
--- a/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-4_openEuler-SA-2022-1638.json
+++ b/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-4_openEuler-SA-2022-1638.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1638",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1638",
"title": "An update for nodejs-grunt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that mundane work for you with basically zero effort.\r\n\r\nSecurity Fix(es):\nPath Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.(CVE-2022-0436)",
"cves": [
{
"id": "CVE-2022-0436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0436",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-5_openEuler-SA-2022-2048.json b/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-5_openEuler-SA-2022-2048.json
index 180f413..0de5cff 100644
--- a/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-5_openEuler-SA-2022-2048.json
+++ b/cusa/n/nodejs-grunt/nodejs-grunt-1.0.1-5_openEuler-SA-2022-2048.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2048",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2048",
"title": "An update for nodejs-grunt is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that mundane work for you with basically zero effort.\r\n\r\nSecurity Fix(es):\r\n\r\nThe package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.(CVE-2020-7729)",
"cves": [
{
"id": "CVE-2020-7729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7729",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-hawk/nodejs-hawk-4.1.2-2_openEuler-SA-2022-1667.json b/cusa/n/nodejs-hawk/nodejs-hawk-4.1.2-2_openEuler-SA-2022-1667.json
index f6dc7f3..a6adbbd 100644
--- a/cusa/n/nodejs-hawk/nodejs-hawk-4.1.2-2_openEuler-SA-2022-1667.json
+++ b/cusa/n/nodejs-hawk/nodejs-hawk-4.1.2-2_openEuler-SA-2022-1667.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1667",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1667",
"title": "An update for nodejs-hawk is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification.\n\nSecurity Fix(es):\n\nHawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP header (Hawk.utils.parseHost()), which was subject to regular expression DoS attack - meaning each added character in the attacker s input increases the computation time exponentially. parseHost() was patched in 9.0.1 to use built-in URL class to parse hostname instead. Hawk.authenticate() accepts options argument. If that contains host and port, those would be used instead of a call to utils.parseHost().(CVE-2022-29167)",
"cves": [
{
"id": "CVE-2022-29167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29167",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-minimatch/nodejs-minimatch-3.0.4-1_openEuler-SA-2022-2028.json b/cusa/n/nodejs-minimatch/nodejs-minimatch-3.0.4-1_openEuler-SA-2022-2028.json
index 611d666..0c2bd2a 100644
--- a/cusa/n/nodejs-minimatch/nodejs-minimatch-3.0.4-1_openEuler-SA-2022-2028.json
+++ b/cusa/n/nodejs-minimatch/nodejs-minimatch-3.0.4-1_openEuler-SA-2022-2028.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2028",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2028",
"title": "An update for nodejs-minimatch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Converts glob expressions to JavaScript \"RegExp\" objects.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.(CVE-2022-3517)",
"cves": [
{
"id": "CVE-2022-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-minimist/nodejs-minimist-1.2.6-1_openEuler-SA-2022-1665.json b/cusa/n/nodejs-minimist/nodejs-minimist-1.2.6-1_openEuler-SA-2022-1665.json
index 13869bc..c6119ee 100644
--- a/cusa/n/nodejs-minimist/nodejs-minimist-1.2.6-1_openEuler-SA-2022-1665.json
+++ b/cusa/n/nodejs-minimist/nodejs-minimist-1.2.6-1_openEuler-SA-2022-1665.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1665",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1665",
"title": "An update for nodejs-minimist is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This module is the guts of optimist's argument parser without all the fanciful decoration.\n\nSecurity Fix(es):\n\nMinimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).(CVE-2021-44906)",
"cves": [
{
"id": "CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs-qs/nodejs-qs-6.5.1-2_openEuler-SA-2024-1402.json b/cusa/n/nodejs-qs/nodejs-qs-6.5.1-2_openEuler-SA-2024-1402.json
index bc778ff..977b37b 100644
--- a/cusa/n/nodejs-qs/nodejs-qs-6.5.1-2_openEuler-SA-2024-1402.json
+++ b/cusa/n/nodejs-qs/nodejs-qs-6.5.1-2_openEuler-SA-2024-1402.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1402",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1402",
"title": "An update for nodejs-qs is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior (and twice as fast). Used by express, connect and others.\r\n\r\nSecurity Fix(es):\r\n\r\nqs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable).(CVE-2022-24999)",
"cves": [
{
"id": "CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs/nodejs-12.22.11-3_openEuler-SA-2022-2114.json b/cusa/n/nodejs/nodejs-12.22.11-3_openEuler-SA-2022-2114.json
index 35b8fa9..9fdede2 100644
--- a/cusa/n/nodejs/nodejs-12.22.11-3_openEuler-SA-2022-2114.json
+++ b/cusa/n/nodejs/nodejs-12.22.11-3_openEuler-SA-2022-2114.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2114",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2114",
"title": "An update for nodejs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.(CVE-2022-43548)",
"cves": [
{
"id": "CVE-2022-43548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs/nodejs-12.22.11-4_openEuler-SA-2023-1142.json b/cusa/n/nodejs/nodejs-12.22.11-4_openEuler-SA-2023-1142.json
index faddb82..c6b583b 100644
--- a/cusa/n/nodejs/nodejs-12.22.11-4_openEuler-SA-2023-1142.json
+++ b/cusa/n/nodejs/nodejs-12.22.11-4_openEuler-SA-2023-1142.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1142",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1142",
"title": "An update for nodejs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.\r\n\r\nSecurity Fix(es):\r\n\r\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)\r\n\r\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)\r\n\r\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)\r\n\r\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)",
"cves": [
{
"id": "CVE-2022-4450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs/nodejs-12.22.11-6_openEuler-SA-2023-1551.json b/cusa/n/nodejs/nodejs-12.22.11-6_openEuler-SA-2023-1551.json
index 303a880..f08a77f 100644
--- a/cusa/n/nodejs/nodejs-12.22.11-6_openEuler-SA-2023-1551.json
+++ b/cusa/n/nodejs/nodejs-12.22.11-6_openEuler-SA-2023-1551.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-32559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32559",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1136.json b/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1136.json
index 86abdb0..6474e28 100644
--- a/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1136.json
+++ b/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1136.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1136",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1136",
"title": "An update for nodejs is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser.\r\n\r\nSecurity Fix(es):\r\n\r\nA security vulnerability has been identified in all supported versions\r\n\r\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)\r\n\r\nApplications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465)",
"cves": [
{
"id": "CVE-2023-0465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0465",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1171.json b/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1171.json
index 20476ec..7dc00e9 100644
--- a/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1171.json
+++ b/cusa/n/nodejs/nodejs-12.22.11-9_openEuler-SA-2024-1171.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1171",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1171",
"title": "An update for nodejs is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser.\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)",
"cves": [
{
"id": "CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/ntfs-3g/ntfs-3g-2022.5.17-2_openEuler-SA-2022-2095.json b/cusa/n/ntfs-3g/ntfs-3g-2022.5.17-2_openEuler-SA-2022-2095.json
index 833328f..a643a9d 100644
--- a/cusa/n/ntfs-3g/ntfs-3g-2022.5.17-2_openEuler-SA-2022-2095.json
+++ b/cusa/n/ntfs-3g/ntfs-3g-2022.5.17-2_openEuler-SA-2022-2095.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2095",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2095",
"title": "An update for ntfs-3g is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems.It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems.\r\n\r\nSecurity Fix(es):\r\n\r\nA buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.(CVE-2022-40284)",
"cves": [
{
"id": "CVE-2022-40284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40284",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/n/ntp/ntp-4.2.8p15-7_openEuler-SA-2023-1282.json b/cusa/n/ntp/ntp-4.2.8p15-7_openEuler-SA-2023-1282.json
index 6cd6999..56201c3 100644
--- a/cusa/n/ntp/ntp-4.2.8p15-7_openEuler-SA-2023-1282.json
+++ b/cusa/n/ntp/ntp-4.2.8p15-7_openEuler-SA-2023-1282.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1282",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1282",
"title": "An update for ntp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "NTP is a protocol designed to synchronize the clocks of computers over a network, NTP version 4, a significant revision of the previous NTP standard, is the current development version. It is formalized by RFCs released by the IETF.\r\n\r\nSecurity Fix(es):\r\n\r\nmstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.(CVE-2024-34064)",
"cves": [
{
"id": "CVE-2024-34064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-joblib/python-joblib-1.0.0-2_openEuler-SA-2022-1990.json b/cusa/p/python-joblib/python-joblib-1.0.0-2_openEuler-SA-2022-1990.json
index fecff8f..7cfb2a0 100644
--- a/cusa/p/python-joblib/python-joblib-1.0.0-2_openEuler-SA-2022-1990.json
+++ b/cusa/p/python-joblib/python-joblib-1.0.0-2_openEuler-SA-2022-1990.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1990",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1990",
"title": "An update for python-joblib is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Joblib is a set of tools to provide lightweight pipelining in Python.\r\n\r\nSecurity Fix(es):\r\n\r\nThe package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.(CVE-2022-21797)",
"cves": [
{
"id": "CVE-2022-21797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21797",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-jwt/python-jwt-2.3.0-3_openEuler-SA-2022-1710.json b/cusa/p/python-jwt/python-jwt-2.3.0-3_openEuler-SA-2022-1710.json
index b20abdc..b6b7fd5 100644
--- a/cusa/p/python-jwt/python-jwt-2.3.0-3_openEuler-SA-2022-1710.json
+++ b/cusa/p/python-jwt/python-jwt-2.3.0-3_openEuler-SA-2022-1710.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1710",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1710",
"title": "An update for python-jwt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "PyJWT is a Python library which allows you to encode and decode JSON Web Tokens (JWT). \\ JWT is an open, industry-standard (RFC 7519) for representing claims securely between two parties.\r\n\r\nSecurity Fix(es):\r\n\r\nPyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.(CVE-2022-29217)",
"cves": [
{
"id": "CVE-2022-29217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29217",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-ldap/python-ldap-3.3.1-4_openEuler-SA-2022-1792.json b/cusa/p/python-ldap/python-ldap-3.3.1-4_openEuler-SA-2022-1792.json
index eecd11f..6e47ceb 100644
--- a/cusa/p/python-ldap/python-ldap-3.3.1-4_openEuler-SA-2022-1792.json
+++ b/cusa/p/python-ldap/python-ldap-3.3.1-4_openEuler-SA-2022-1792.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1792",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1792",
"title": "An update for python-ldap is now available for openEuler-20.03-LTS-SP1 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "python-ldap provides an object-oriented API for working with LDAP within Python programs. It allows access to LDAP directory servers by wrapping the OpenLDAP 2.x libraries, and contains modules for other LDAP-related tasks (including processing LDIF, LDAPURLs, LDAPv3 schema, etc.).\r\n\r\nSecurity Fix(es):\r\n\r\npython-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.(CVE-2021-46823)",
"cves": [
{
"id": "CVE-2021-46823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46823",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-lxml/python-lxml-4.7.1-4_openEuler-SA-2022-1790.json b/cusa/p/python-lxml/python-lxml-4.7.1-4_openEuler-SA-2022-1790.json
index 0114712..cbd94ae 100644
--- a/cusa/p/python-lxml/python-lxml-4.7.1-4_openEuler-SA-2022-1790.json
+++ b/cusa/p/python-lxml/python-lxml-4.7.1-4_openEuler-SA-2022-1790.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1790",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1790",
"title": "An update for python-lxml is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. \\ It is unique in that it combines the speed and XML feature completeness of these libraries with \\ the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. \\ The latest release works with all CPython versions from 2.7 to 3.7.\r\n\r\nSecurity Fix(es):\r\n\r\nNULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.(CVE-2022-2309)",
"cves": [
{
"id": "CVE-2022-2309",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2309",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-oauthlib/python-oauthlib-3.1.1-3_openEuler-SA-2022-1971.json b/cusa/p/python-oauthlib/python-oauthlib-3.1.1-3_openEuler-SA-2022-1971.json
index a55d9e8..0e0fc49 100644
--- a/cusa/p/python-oauthlib/python-oauthlib-3.1.1-3_openEuler-SA-2022-1971.json
+++ b/cusa/p/python-oauthlib/python-oauthlib-3.1.1-3_openEuler-SA-2022-1971.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1971",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1971",
"title": "An update for python-oauthlib is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nOAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.(CVE-2022-36087)",
"cves": [
{
"id": "CVE-2022-36087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36087",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-paramiko/python-paramiko-2.11.0-3_openEuler-SA-2024-1082.json b/cusa/p/python-paramiko/python-paramiko-2.11.0-3_openEuler-SA-2024-1082.json
index 100d13a..7c6703c 100644
--- a/cusa/p/python-paramiko/python-paramiko-2.11.0-3_openEuler-SA-2024-1082.json
+++ b/cusa/p/python-paramiko/python-paramiko-2.11.0-3_openEuler-SA-2024-1082.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1082",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1082",
"title": "An update for python-paramiko is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This is a library for making SSH2 connections (client or server). Emphasis is on using SSH2 as an alternative to SSL for making secure connections between python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too.\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)",
"cves": [
{
"id": "CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-paramiko/python-paramiko-2.8.1-3_openEuler-SA-2022-1609.json b/cusa/p/python-paramiko/python-paramiko-2.8.1-3_openEuler-SA-2022-1609.json
index 2b6e4eb..c306774 100644
--- a/cusa/p/python-paramiko/python-paramiko-2.8.1-3_openEuler-SA-2022-1609.json
+++ b/cusa/p/python-paramiko/python-paramiko-2.8.1-3_openEuler-SA-2022-1609.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1609",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1609",
"title": "An update for python-paramiko is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Paramiko is a combination of the Esperanto words for \"paranoid\" and \"friend\". It is a module for Python 2.7/3.4+ that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.(CVE-2022-24302)",
"cves": [
{
"id": "CVE-2022-24302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24302",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pillow/python-pillow-9.0.1-2_openEuler-SA-2022-2086.json b/cusa/p/python-pillow/python-pillow-9.0.1-2_openEuler-SA-2022-2086.json
index 413beb8..9dc0448 100644
--- a/cusa/p/python-pillow/python-pillow-9.0.1-2_openEuler-SA-2022-2086.json
+++ b/cusa/p/python-pillow/python-pillow-9.0.1-2_openEuler-SA-2022-2086.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2086",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2086",
"title": "An update for python-pillow is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nPillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.(CVE-2022-24303)",
"cves": [
{
"id": "CVE-2022-24303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24303",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pillow/python-pillow-9.0.1-3_openEuler-SA-2022-2113.json b/cusa/p/python-pillow/python-pillow-9.0.1-3_openEuler-SA-2022-2113.json
index a8286b2..883424d 100644
--- a/cusa/p/python-pillow/python-pillow-9.0.1-3_openEuler-SA-2022-2113.json
+++ b/cusa/p/python-pillow/python-pillow-9.0.1-3_openEuler-SA-2022-2113.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2113",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2113",
"title": "An update for python-pillow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift.\r\n\r\nSecurity Fix(es):\r\n\r\nPillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.(CVE-2022-45199)",
"cves": [
{
"id": "CVE-2022-45199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45199",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pillow/python-pillow-9.0.1-4_openEuler-SA-2023-1856.json b/cusa/p/python-pillow/python-pillow-9.0.1-4_openEuler-SA-2023-1856.json
index 5624cc7..2d46b1c 100644
--- a/cusa/p/python-pillow/python-pillow-9.0.1-4_openEuler-SA-2023-1856.json
+++ b/cusa/p/python-pillow/python-pillow-9.0.1-4_openEuler-SA-2023-1856.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1856",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1856",
"title": "An update for python-pillow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \\ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.(CVE-2023-44271)",
"cves": [
{
"id": "CVE-2023-44271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44271",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pillow/python-pillow-9.0.1-5_openEuler-SA-2023-1923.json b/cusa/p/python-pillow/python-pillow-9.0.1-5_openEuler-SA-2023-1923.json
index 5d645b0..b49f88e 100644
--- a/cusa/p/python-pillow/python-pillow-9.0.1-5_openEuler-SA-2023-1923.json
+++ b/cusa/p/python-pillow/python-pillow-9.0.1-5_openEuler-SA-2023-1923.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1923",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1923",
"title": "An update for python-pillow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \\ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift.\r\n\r\nSecurity Fix(es):\r\n\r\nPillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).(CVE-2022-45198)",
"cves": [
{
"id": "CVE-2022-45198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45198",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pillow/python-pillow-9.0.1-6_openEuler-SA-2024-1098.json b/cusa/p/python-pillow/python-pillow-9.0.1-6_openEuler-SA-2024-1098.json
index 13e7dac..a73ed86 100644
--- a/cusa/p/python-pillow/python-pillow-9.0.1-6_openEuler-SA-2024-1098.json
+++ b/cusa/p/python-pillow/python-pillow-9.0.1-6_openEuler-SA-2024-1098.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1098",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1098",
"title": "An update for python-pillow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \\ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -\r\n\r\nSecurity Fix(es):\r\n\r\nPillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).(CVE-2023-50447)",
"cves": [
{
"id": "CVE-2023-50447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50447",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pillow/python-pillow-9.0.1-7_openEuler-SA-2024-1451.json b/cusa/p/python-pillow/python-pillow-9.0.1-7_openEuler-SA-2024-1451.json
index c7e7d2f..e646deb 100644
--- a/cusa/p/python-pillow/python-pillow-9.0.1-7_openEuler-SA-2024-1451.json
+++ b/cusa/p/python-pillow/python-pillow-9.0.1-7_openEuler-SA-2024-1451.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1451",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1451",
"title": "An update for python-pillow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \\ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -\r\n\r\nSecurity Fix(es):\r\n\r\nIn _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219)",
"cves": [
{
"id": "CVE-2024-28219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28219",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pycryptodome/python-pycryptodome-3.19.1-1_openEuler-SA-2024-1046.json b/cusa/p/python-pycryptodome/python-pycryptodome-3.19.1-1_openEuler-SA-2024-1046.json
index 2baacc5..ebb6006 100644
--- a/cusa/p/python-pycryptodome/python-pycryptodome-3.19.1-1_openEuler-SA-2024-1046.json
+++ b/cusa/p/python-pycryptodome/python-pycryptodome-3.19.1-1_openEuler-SA-2024-1046.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1046",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1046",
"title": "An update for python-pycryptodome is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It supports Python 2.6 and 2.7, Python 3.4 and newer, and PyPy. You can install it with:: pip install pycryptodome All modules are installed under the ``Crypto`` package. Check the pycryptodomex_ project for the equivalent library that works under the ``Cryptodome`` package. PyCryptodome is a fork of PyCrypto. It brings several enhancements with respect to the last official version of PyCrypto (2.6.1), for instance: * Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB) * Accelerated AES on Intel platforms via AES-NI * First class support for PyPy * Elliptic curves cryptography (NIST P-256, P-384 and P-521 curves only) * Better and more compact API (`nonce` and `iv` attributes for ciphers, automatic generation of random nonces and IVs, simplified CTR cipher mode, and more) * SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms * Salsa20 and ChaCha20 stream ciphers * scrypt and HKDF * Deterministic (EC)DSA * Password-protected PKCS#8 key containers * Shamir's Secret Sharing scheme * Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace) * Simplified install process, including better support for Windows * Cleaner RSA and DSA key generation (largely based on FIPS 186-4) * Major clean ups and simplification of the code base PyCryptodome is not a wrapper to a separate C library like *OpenSSL*. To the largest possible extent, algorithms are implemented in pure Python. Only the pieces that are extremely critical to performance (e.g. block ciphers) are implemented as C extensions. For more information, see the `homepage`_. All the code can be downloaded from `GitHub`_.\r\n\r\nSecurity Fix(es):\r\n\r\nPyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323)",
"cves": [
{
"id": "CVE-2023-52323",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52323",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pycryptodomex/python-pycryptodomex-3.19.1-1_openEuler-SA-2024-1053.json b/cusa/p/python-pycryptodomex/python-pycryptodomex-3.19.1-1_openEuler-SA-2024-1053.json
index d7ec5ef..808644a 100644
--- a/cusa/p/python-pycryptodomex/python-pycryptodomex-3.19.1-1_openEuler-SA-2024-1053.json
+++ b/cusa/p/python-pycryptodomex/python-pycryptodomex-3.19.1-1_openEuler-SA-2024-1053.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1053",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1053",
"title": "An update for python-pycryptodomex is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "PyCryptodome is a self-contained Python package of low-level cryptographic primitives.\r\n\r\nSecurity Fix(es):\r\n\r\nPyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323)",
"cves": [
{
"id": "CVE-2023-52323",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52323",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pygments/python-pygments-2.10.0-4_openEuler-SA-2023-1477.json b/cusa/p/python-pygments/python-pygments-2.10.0-4_openEuler-SA-2023-1477.json
index 02f319b..749362d 100644
--- a/cusa/p/python-pygments/python-pygments-2.10.0-4_openEuler-SA-2023-1477.json
+++ b/cusa/p/python-pygments/python-pygments-2.10.0-4_openEuler-SA-2023-1477.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1477",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1477",
"title": "An update for python-pygments is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code.\r\n\r\nSecurity Fix(es):\r\n\r\nA ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.(CVE-2022-40896)",
"cves": [
{
"id": "CVE-2022-40896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40896",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-pymongo/python-pymongo-3.11.3-3_openEuler-SA-2024-1388.json b/cusa/p/python-pymongo/python-pymongo-3.11.3-3_openEuler-SA-2024-1388.json
index dc398ae..4d90fb8 100644
--- a/cusa/p/python-pymongo/python-pymongo-3.11.3-3_openEuler-SA-2024-1388.json
+++ b/cusa/p/python-pymongo/python-pymongo-3.11.3-3_openEuler-SA-2024-1388.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1388",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1388",
"title": "An update for python-pymongo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The PyMongo distribution contains tools for interacting with \\ MongoDB database from Python.\\ PyMongo supports MongoDB 2.6, 3.0, 3.2, 3.4, 3.6, 4.0 and 4.2.\r\n\r\nSecurity Fix(es):\r\n\r\nVersions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.(CVE-2024-21506)",
"cves": [
{
"id": "CVE-2024-21506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21506",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-reportlab/python-reportlab-3.6.10-1_openEuler-SA-2022-1887.json b/cusa/p/python-reportlab/python-reportlab-3.6.10-1_openEuler-SA-2022-1887.json
index a9bf0fc..ce87939 100644
--- a/cusa/p/python-reportlab/python-reportlab-3.6.10-1_openEuler-SA-2022-1887.json
+++ b/cusa/p/python-reportlab/python-reportlab-3.6.10-1_openEuler-SA-2022-1887.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1887",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1887",
"title": "An update for python-reportlab is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The ReportLab Toolkit. An Open Source Python library for generating PDFs and graphics.\r\n\r\nSecurity Fix(es):\r\n\r\nAll versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF(CVE-2020-28463)",
"cves": [
{
"id": "CVE-2020-28463",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28463",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-reportlab/python-reportlab-3.6.10-2_openEuler-SA-2023-1456.json b/cusa/p/python-reportlab/python-reportlab-3.6.10-2_openEuler-SA-2023-1456.json
index 63bff1f..a09b878 100644
--- a/cusa/p/python-reportlab/python-reportlab-3.6.10-2_openEuler-SA-2023-1456.json
+++ b/cusa/p/python-reportlab/python-reportlab-3.6.10-2_openEuler-SA-2023-1456.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1456",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1456",
"title": "An update for python-reportlab is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The ReportLab Toolkit. An Open Source Python library for generating PDFs and graphics.\n\nSecurity Fix(es):\n\nReportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.(CVE-2023-33733)",
"cves": [
{
"id": "CVE-2023-33733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33733",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-requests/python-requests-2.26.0-7_openEuler-SA-2023-1341.json b/cusa/p/python-requests/python-requests-2.26.0-7_openEuler-SA-2023-1341.json
index 0f853e2..f893d8b 100644
--- a/cusa/p/python-requests/python-requests-2.26.0-7_openEuler-SA-2023-1341.json
+++ b/cusa/p/python-requests/python-requests-2.26.0-7_openEuler-SA-2023-1341.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1341",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1341",
"title": "An update for python-requests is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work (even method overrides) to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. + Multipart File Uploads. + CookieJar Support. + Redirection History. + Redirection Recursion Urllib Fix. + Automatic Decompression of GZipped Content. + Unicode URL Support.- Authentication: + URL + HTTP Auth Registry.\r\n\r\nSecurity Fix(es):\r\n\r\nRequests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\r\n\r\n(CVE-2023-32681)",
"cves": [
{
"id": "CVE-2023-32681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-setuptools/python-setuptools-59.4.0-5_openEuler-SA-2023-1004.json b/cusa/p/python-setuptools/python-setuptools-59.4.0-5_openEuler-SA-2023-1004.json
index 8745cc3..1840774 100644
--- a/cusa/p/python-setuptools/python-setuptools-59.4.0-5_openEuler-SA-2023-1004.json
+++ b/cusa/p/python-setuptools/python-setuptools-59.4.0-5_openEuler-SA-2023-1004.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1004",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1004",
"title": "An update for setuptools is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages.This package contains a python wheel of setuptools to use with venv.\r\n\r\nSecurity Fix(es):\r\n\r\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.(CVE-2022-40897)",
"cves": [
{
"id": "CVE-2022-40897",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-sqlparse/python-sqlparse-0.4.1-3_openEuler-SA-2023-1279.json b/cusa/p/python-sqlparse/python-sqlparse-0.4.1-3_openEuler-SA-2023-1279.json
index 2e01ab8..3272588 100644
--- a/cusa/p/python-sqlparse/python-sqlparse-0.4.1-3_openEuler-SA-2023-1279.json
+++ b/cusa/p/python-sqlparse/python-sqlparse-0.4.1-3_openEuler-SA-2023-1279.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1279",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1279",
"title": "An update for python-sqlparse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": " sqlparse is a non-validating SQL parser module. It provides support for parsing, splitting and formatting SQL statements.\r\n\r\nSecurity Fix(es):\r\n\r\nsqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.\n(CVE-2023-30608)",
"cves": [
{
"id": "CVE-2023-30608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30608",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-sqlparse/python-sqlparse-0.4.1-4_openEuler-SA-2024-1533.json b/cusa/p/python-sqlparse/python-sqlparse-0.4.1-4_openEuler-SA-2024-1533.json
index 59c38a0..1287e32 100644
--- a/cusa/p/python-sqlparse/python-sqlparse-0.4.1-4_openEuler-SA-2024-1533.json
+++ b/cusa/p/python-sqlparse/python-sqlparse-0.4.1-4_openEuler-SA-2024-1533.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1533",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1533",
"title": "An update for python-sqlparse is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "``sqlparse`` is a non-validating SQL parser module. It provides support for parsing, splitting and formatting SQL statements.\r\n\r\nSecurity Fix(es):\r\n\r\nPassing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.\r\n\r\n(CVE-2024-4340)",
"cves": [
{
"id": "CVE-2024-4340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4340",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-tornado/python-tornado-6.1-2_openEuler-SA-2023-1370.json b/cusa/p/python-tornado/python-tornado-6.1-2_openEuler-SA-2023-1370.json
index d3803d2..043f608 100644
--- a/cusa/p/python-tornado/python-tornado-6.1-2_openEuler-SA-2023-1370.json
+++ b/cusa/p/python-tornado/python-tornado-6.1-2_openEuler-SA-2023-1370.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1370",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1370",
"title": "An update for python-tornado is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Tornado is an open source version of the scalable, non-blocking web server and tools.\n\nSecurity Fix(es):\n\nOpen redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.(CVE-2023-28370)",
"cves": [
{
"id": "CVE-2023-28370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28370",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-tqdm/python-tqdm-4.56.0-4_openEuler-SA-2024-1554.json b/cusa/p/python-tqdm/python-tqdm-4.56.0-4_openEuler-SA-2024-1554.json
index 61c9013..c56ddfa 100644
--- a/cusa/p/python-tqdm/python-tqdm-4.56.0-4_openEuler-SA-2024-1554.json
+++ b/cusa/p/python-tqdm/python-tqdm-4.56.0-4_openEuler-SA-2024-1554.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1554",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1554",
"title": "An update for python-tqdm is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "tqdm derives from the Arabic word taqaddum which can mean \"progress\". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdm(interable), and you are done!\r\n\r\nSecurity Fix(es):\r\n\r\ntqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-34062)",
"cves": [
{
"id": "CVE-2024-34062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34062",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-twisted/python-twisted-22.4.0-1_openEuler-SA-2023-1909.json b/cusa/p/python-twisted/python-twisted-22.4.0-1_openEuler-SA-2023-1909.json
index 6182a08..94f5a0c 100644
--- a/cusa/p/python-twisted/python-twisted-22.4.0-1_openEuler-SA-2023-1909.json
+++ b/cusa/p/python-twisted/python-twisted-22.4.0-1_openEuler-SA-2023-1909.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1909",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1909",
"title": "An update for python-twisted is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following:\r\n\r\nSecurity Fix(es):\r\n\r\ntwisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.(CVE-2022-21712)\r\n\r\nTwisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.(CVE-2022-21716)\r\n\r\nTwisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.(CVE-2022-24801)\r\n\r\nTwisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.(CVE-2022-39348)",
"cves": [
{
"id": "CVE-2022-39348",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39348",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-twisted/python-twisted-22.4.0-2_openEuler-SA-2024-1013.json b/cusa/p/python-twisted/python-twisted-22.4.0-2_openEuler-SA-2024-1013.json
index b79b627..06ea806 100644
--- a/cusa/p/python-twisted/python-twisted-22.4.0-2_openEuler-SA-2024-1013.json
+++ b/cusa/p/python-twisted/python-twisted-22.4.0-2_openEuler-SA-2024-1013.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1013",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1013",
"title": "An update for python-twisted is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following:\r\n\r\nSecurity Fix(es):\r\n\r\nTwisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.(CVE-2023-46137)",
"cves": [
{
"id": "CVE-2023-46137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46137",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-urllib3/python-urllib3-1.26.7-7_openEuler-SA-2023-1707.json b/cusa/p/python-urllib3/python-urllib3-1.26.7-7_openEuler-SA-2023-1707.json
index a87c75e..0220ad1 100644
--- a/cusa/p/python-urllib3/python-urllib3-1.26.7-7_openEuler-SA-2023-1707.json
+++ b/cusa/p/python-urllib3/python-urllib3-1.26.7-7_openEuler-SA-2023-1707.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1707",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1707",
"title": "An update for python-urllib3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Sanity-friendly HTTP client for Python\r\n\r\nSecurity Fix(es):\r\n\r\nurllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804)",
"cves": [
{
"id": "CVE-2023-43804",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-urllib3/python-urllib3-1.26.7-8_openEuler-SA-2023-1840.json b/cusa/p/python-urllib3/python-urllib3-1.26.7-8_openEuler-SA-2023-1840.json
index 5c6928a..e28e31e 100644
--- a/cusa/p/python-urllib3/python-urllib3-1.26.7-8_openEuler-SA-2023-1840.json
+++ b/cusa/p/python-urllib3/python-urllib3-1.26.7-8_openEuler-SA-2023-1840.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1840",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1840",
"title": "An update for python-urllib3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Sanity-friendly HTTP client for Python\r\n\r\nSecurity Fix(es):\r\n\r\nurllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n(CVE-2023-45803)",
"cves": [
{
"id": "CVE-2023-45803",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-waitress/python-waitress-2.0.0-3_openEuler-SA-2022-1643.json b/cusa/p/python-waitress/python-waitress-2.0.0-3_openEuler-SA-2022-1643.json
index 4f98c92..4a9f02e 100644
--- a/cusa/p/python-waitress/python-waitress-2.0.0-3_openEuler-SA-2022-1643.json
+++ b/cusa/p/python-waitress/python-waitress-2.0.0-3_openEuler-SA-2022-1643.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1643",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1643",
"title": "An update for python-waitress is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on UNIX. It supports HTTP/1.0 and HTTP/1.1.\n\r\nSecurity Fix(es):\r\n\r\nWaitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.(CVE-2022-24761)",
"cves": [
{
"id": "CVE-2022-24761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24761",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-werkzeug/python-werkzeug-1.0.1-3_openEuler-SA-2023-1515.json b/cusa/p/python-werkzeug/python-werkzeug-1.0.1-3_openEuler-SA-2023-1515.json
index 0ad82d8..4d4fe7c 100644
--- a/cusa/p/python-werkzeug/python-werkzeug-1.0.1-3_openEuler-SA-2023-1515.json
+++ b/cusa/p/python-werkzeug/python-werkzeug-1.0.1-3_openEuler-SA-2023-1515.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2023-1515",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1515",
"title": "An update for python-werkzeug is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\") Werkzeug is a comprehensive `WSGI`_ web application library. It began as a simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility libraries. It includes:\n- An interactive debugger that allows inspecting stack traces and source code in the browser with an interactive interpreter for any frame in the stack. - A full-featured request object with objects to interact with headers, query args, form data, files, and cookies. - A response object that can wrap other WSGI applications and handle streaming data. - A routing system for matching URLs to endpoints and generating URLs for endpoints, with an extensible system for capturing variables from URLs. - HTTP utilities to handle entity tags, cache control, dates, user agents, cookies, files, and more. - A threaded WSGI server for use while developing applications locally. - A test client for simulating HTTP requests during testing without requiring running a server. Werkzeug doesn't enforce any dependencies. It is up to the developer to choose a template engine, database adapter, and even how to handle requests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards. `Flask`_ wraps Werkzeug, using it to handle the details of WSGI while providing more structure and patterns for defining powerful applications.\n\nSecurity Fix(es):\n\nWerkzeug is a comprehensive WSGI web application library. Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.(CVE-2023-23934)\n\nWerkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.(CVE-2023-25577)",
"cves": [
{
diff --git a/cusa/p/python-wheel/python-wheel-0.37.0-6_openEuler-SA-2023-1904.json b/cusa/p/python-wheel/python-wheel-0.37.0-6_openEuler-SA-2023-1904.json
index 9cc2f31..f6370ec 100644
--- a/cusa/p/python-wheel/python-wheel-0.37.0-6_openEuler-SA-2023-1904.json
+++ b/cusa/p/python-wheel/python-wheel-0.37.0-6_openEuler-SA-2023-1904.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1904",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1904",
"title": "An update for python-wheel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.(CVE-2022-40898)",
"cves": [
{
"id": "CVE-2022-40898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40898",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-yaql/python-yaql-1.1.3-2_openEuler-SA-2024-1328.json b/cusa/p/python-yaql/python-yaql-1.1.3-2_openEuler-SA-2024-1328.json
index bab128a..9a03f46 100644
--- a/cusa/p/python-yaql/python-yaql-1.1.3-2_openEuler-SA-2024-1328.json
+++ b/cusa/p/python-yaql/python-yaql-1.1.3-2_openEuler-SA-2024-1328.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1328",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1328",
"title": "An update for python-yaql is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "YAQL (Yet Another Query Language) is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YAQL is written in python and is distributed via PyPI.\r\n\r\nSecurity Fix(es):\r\n\r\nIn OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.(CVE-2024-29156)",
"cves": [
{
"id": "CVE-2024-29156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29156",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python-zipp/config.json b/cusa/p/python-zipp/config.json
new file mode 100644
index 0000000..f9a5d9b
--- /dev/null
+++ b/cusa/p/python-zipp/config.json
@@ -0,0 +1,5 @@
+{
+ "upstream": "22.03-LTS",
+ "autobuild": true,
+ "fixed_version": ""
+}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-13_openEuler-SA-2022-1879.json b/cusa/p/python3/python3-3.9.9-13_openEuler-SA-2022-1879.json
index f667fd9..880a515 100644
--- a/cusa/p/python3/python3-3.9.9-13_openEuler-SA-2022-1879.json
+++ b/cusa/p/python3/python3-3.9.9-13_openEuler-SA-2022-1879.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1879",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1879",
"title": "An update for python3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Python combines remarkable power with very clear syntax. It has modules,classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation).Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.This package Provides python version 3.\r\n\r\nSecurity Fix(es):\r\n\r\n** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"(CVE-2021-28861)",
"cves": [
{
"id": "CVE-2021-28861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28861",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-14_openEuler-SA-2022-1921.json b/cusa/p/python3/python3-3.9.9-14_openEuler-SA-2022-1921.json
index d9c131b..88fad75 100644
--- a/cusa/p/python3/python3-3.9.9-14_openEuler-SA-2022-1921.json
+++ b/cusa/p/python3/python3-3.9.9-14_openEuler-SA-2022-1921.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1921",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1921",
"title": "An update for python3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Python combines remarkable power with very clear syntax. It has modules,classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.This package Provides python version 3.\n\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.(CVE-2020-10735)",
"cves": [
{
"id": "CVE-2020-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10735",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-16_openEuler-SA-2022-2097.json b/cusa/p/python3/python3-3.9.9-16_openEuler-SA-2022-2097.json
index dc8178e..34be672 100644
--- a/cusa/p/python3/python3-3.9.9-16_openEuler-SA-2022-2097.json
+++ b/cusa/p/python3/python3-3.9.9-16_openEuler-SA-2022-2097.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2097",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2097",
"title": "An update for python3 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces. This package Provides python version 3.\r\n\r\nSecurity Fix(es):\r\n\r\nPython 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.(CVE-2022-42919)",
"cves": [
{
"id": "CVE-2022-42919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42919",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-17_openEuler-SA-2022-2102.json b/cusa/p/python3/python3-3.9.9-17_openEuler-SA-2022-2102.json
index 22120f5..27890b4 100644
--- a/cusa/p/python3/python3-3.9.9-17_openEuler-SA-2022-2102.json
+++ b/cusa/p/python3/python3-3.9.9-17_openEuler-SA-2022-2102.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2102",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2102",
"title": "An update for python3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces. This package Provides python version 3.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.(CVE-2022-45061)",
"cves": [
{
"id": "CVE-2022-45061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-24_openEuler-SA-2023-1227.json b/cusa/p/python3/python3-3.9.9-24_openEuler-SA-2023-1227.json
index dc88975..9362860 100644
--- a/cusa/p/python3/python3-3.9.9-24_openEuler-SA-2023-1227.json
+++ b/cusa/p/python3/python3-3.9.9-24_openEuler-SA-2023-1227.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1227",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1227",
"title": "An update for python3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.This package Provides python version 3.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.(CVE-2023-24329)",
"cves": [
{
"id": "CVE-2023-24329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-25_openEuler-SA-2023-1518.json b/cusa/p/python3/python3-3.9.9-25_openEuler-SA-2023-1518.json
index 4b706f0..e87d99d 100644
--- a/cusa/p/python3/python3-3.9.9-25_openEuler-SA-2023-1518.json
+++ b/cusa/p/python3/python3-3.9.9-25_openEuler-SA-2023-1518.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1518",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1518",
"title": "An update for python3 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces. This package Provides python version 3.\n\nSecurity Fix(es):\n\nDirectory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.(CVE-2007-4559)",
"cves": [
{
"id": "CVE-2007-4559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/p/python3/python3-3.9.9-26_openEuler-SA-2023-1677.json b/cusa/p/python3/python3-3.9.9-26_openEuler-SA-2023-1677.json
index ac94201..266d3d6 100644
--- a/cusa/p/python3/python3-3.9.9-26_openEuler-SA-2023-1677.json
+++ b/cusa/p/python3/python3-3.9.9-26_openEuler-SA-2023-1677.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1677",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1677",
"title": "An update for python3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)(CVE-2023-40217)",
"cves": [
{
"id": "CVE-2023-40217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40217",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-34_openEuler-SA-2022-1662.json b/cusa/q/qemu/qemu-6.2.0-34_openEuler-SA-2022-1662.json
index 501404f..c783bc5 100644
--- a/cusa/q/qemu/qemu-6.2.0-34_openEuler-SA-2022-1662.json
+++ b/cusa/q/qemu/qemu-6.2.0-34_openEuler-SA-2022-1662.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1662",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1662",
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\nSecurity Fix(es):\n\nA flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4206)\n\nA flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor->header.width and cursor->header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4207)\n\nA NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-20196)\n\nA flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.(CVE-2022-26353)\n\nA flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.(CVE-2022-26354)",
"cves": [
{
"id": "CVE-2022-26354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26354",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-35_openEuler-SA-2022-1679.json b/cusa/q/qemu/qemu-6.2.0-35_openEuler-SA-2022-1679.json
index 94ddf8c..1733a9b 100644
--- a/cusa/q/qemu/qemu-6.2.0-35_openEuler-SA-2022-1679.json
+++ b/cusa/q/qemu/qemu-6.2.0-35_openEuler-SA-2022-1679.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1679",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1679",
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\nSecurity Fix(es):\n\nA DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.(CVE-2021-3750)",
"cves": [
{
"id": "CVE-2021-3750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3750",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-39_openEuler-SA-2022-1716.json b/cusa/q/qemu/qemu-6.2.0-39_openEuler-SA-2022-1716.json
index ee0e07d..e1070cd 100644
--- a/cusa/q/qemu/qemu-6.2.0-39_openEuler-SA-2022-1716.json
+++ b/cusa/q/qemu/qemu-6.2.0-39_openEuler-SA-2022-1716.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1716",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1716",
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.(CVE-2021-3507)\r\n\r\nA stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.(CVE-2021-3611)",
"cves": [
{
"id": "CVE-2021-3611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3611",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-41_openEuler-SA-2022-1733.json b/cusa/q/qemu/qemu-6.2.0-41_openEuler-SA-2022-1733.json
index e4932eb..6fd0867 100644
--- a/cusa/q/qemu/qemu-6.2.0-41_openEuler-SA-2022-1733.json
+++ b/cusa/q/qemu/qemu-6.2.0-41_openEuler-SA-2022-1733.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1733",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1733",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.(CVE-2021-3929)",
"cves": [
{
"id": "CVE-2021-3929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3929",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-43_openEuler-SA-2022-1772.json b/cusa/q/qemu/qemu-6.2.0-43_openEuler-SA-2022-1772.json
index 63154ca..2332701 100644
--- a/cusa/q/qemu/qemu-6.2.0-43_openEuler-SA-2022-1772.json
+++ b/cusa/q/qemu/qemu-6.2.0-43_openEuler-SA-2022-1772.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1772",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1772",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2021-4158)\n\nA flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This issue allows a malicious user to trigger CVE-2018-13405 to obtain sensitive information or potentially escalate their privileges on the system.(CVE-2022-0358)",
"cves": [
{
"id": "CVE-2022-0358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0358",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-44_openEuler-SA-2022-1791.json b/cusa/q/qemu/qemu-6.2.0-44_openEuler-SA-2022-1791.json
index 476d8d1..70ffd9a 100644
--- a/cusa/q/qemu/qemu-6.2.0-44_openEuler-SA-2022-1791.json
+++ b/cusa/q/qemu/qemu-6.2.0-44_openEuler-SA-2022-1791.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1791",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1791",
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nsoftmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.(CVE-2022-35414)",
"cves": [
{
"id": "CVE-2022-35414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35414",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-48_openEuler-SA-2022-1907.json b/cusa/q/qemu/qemu-6.2.0-48_openEuler-SA-2022-1907.json
index e05f166..fab576b 100644
--- a/cusa/q/qemu/qemu-6.2.0-48_openEuler-SA-2022-1907.json
+++ b/cusa/q/qemu/qemu-6.2.0-48_openEuler-SA-2022-1907.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1907",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1907",
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\n\t\tQEMU has two operating modes:\n\n\t\tFull system emulation. In this mode, QEMU emulates a full system (for example a PC),\n\t\tincluding one or several processors and various peripherals. It can be used to launch\n\t\tdifferent Operating Systems without rebooting the PC or to debug system code.\n\n\t\tUser mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU.\n\t\tIt can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease\n\t\tcross-compilation and cross-debugging.\n\t\tYou can refer to https://www.qemu.org for more infortmation.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.(CVE-2022-0216)",
"cves": [
{
"id": "CVE-2022-0216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0216",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-52_openEuler-SA-2022-1997.json b/cusa/q/qemu/qemu-6.2.0-52_openEuler-SA-2022-1997.json
index 8547b12..c2545dd 100644
--- a/cusa/q/qemu/qemu-6.2.0-52_openEuler-SA-2022-1997.json
+++ b/cusa/q/qemu/qemu-6.2.0-52_openEuler-SA-2022-1997.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1997",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1997",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\n\t\tQEMU has two operating modes:\n\n\t\tFull system emulation. In this mode, QEMU emulates a full system (for example a PC),\n\t\tincluding one or several processors and various peripherals. It can be used to launch\n\t\tdifferent Operating Systems without rebooting the PC or to debug system code.\n\n\t\tUser mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU.\n\t\tIt can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease\n\t\tcross-compilation and cross-debugging.\n\t\tYou can refer to https://www.qemu.org for more infortmation.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.(CVE-2021-3638)\r\n\r\nA DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2022-2962)",
"cves": [
{
"id": "CVE-2022-2962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2962",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-53_openEuler-SA-2022-2024.json b/cusa/q/qemu/qemu-6.2.0-53_openEuler-SA-2022-2024.json
index c4a1b77..e85de50 100644
--- a/cusa/q/qemu/qemu-6.2.0-53_openEuler-SA-2022-2024.json
+++ b/cusa/q/qemu/qemu-6.2.0-53_openEuler-SA-2022-2024.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2024",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2024",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\n\tQEMU has two operating modes:\n\n\t\tFull system emulation. In this mode, QEMU emulates a full system (for example a PC),\n\t\tincluding one or several processors and various peripherals. It can be used to launch\n\t\tdifferent Operating Systems without rebooting the PC or to debug system code.\n\n\t\tUser mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU.\n\t\tIt can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease\n\t\tcross-compilation and cross-debugging.\n\t\tYou can refer to https://www.qemu.org for more infortmation.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.(CVE-2022-3165)",
"cves": [
{
"id": "CVE-2022-3165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3165",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-57_openEuler-SA-2022-2136.json b/cusa/q/qemu/qemu-6.2.0-57_openEuler-SA-2022-2136.json
index 62f765c..fb052ea 100644
--- a/cusa/q/qemu/qemu-6.2.0-57_openEuler-SA-2022-2136.json
+++ b/cusa/q/qemu/qemu-6.2.0-57_openEuler-SA-2022-2136.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2136",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2136",
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\n\t\tQEMU has two operating modes:\n\n\t\tFull system emulation. In this mode, QEMU emulates a full system (for example a PC),\n\t\tincluding one or several processors and various peripherals. It can be used to launch\n\t\tdifferent Operating Systems without rebooting the PC or to debug system code.\n\n\t\tUser mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU.\n\t\tIt can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease\n\t\tcross-compilation and cross-debugging.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.(CVE-2022-4144)",
"cves": [
{
"id": "CVE-2022-4144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4144",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-72_openEuler-SA-2023-1474.json b/cusa/q/qemu/qemu-6.2.0-72_openEuler-SA-2023-1474.json
index b0dbc04..e333ed2 100644
--- a/cusa/q/qemu/qemu-6.2.0-72_openEuler-SA-2023-1474.json
+++ b/cusa/q/qemu/qemu-6.2.0-72_openEuler-SA-2023-1474.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1474",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1474",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.(CVE-2022-1050)\r\n\r\nA flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.(CVE-2023-0664)\r\n\r\nA flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.(CVE-2023-2861)",
"cves": [
{
"id": "CVE-2023-2861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2861",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-74_openEuler-SA-2023-1523.json b/cusa/q/qemu/qemu-6.2.0-74_openEuler-SA-2023-1523.json
index e902c2c..bab0487 100644
--- a/cusa/q/qemu/qemu-6.2.0-74_openEuler-SA-2023-1523.json
+++ b/cusa/q/qemu/qemu-6.2.0-74_openEuler-SA-2023-1523.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1523",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1523",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including one or several processors and various peripherals. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. User mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU. It can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease cross-compilation and cross-debugging. You can refer to https://www.qemu.org for more infortmation.\n\nSecurity Fix(es):\n\nA flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.(CVE-2023-3180)\n\nThe async nature of the hot-unplug enables an easy to reproduce race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged (or the ACPI unplug has been acked by the guest?). The guest can use this time window to, at least, trigger an assertion.(CVE-2023-3301)",
"cves": [
{
"id": "CVE-2023-3301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3301",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-77_openEuler-SA-2023-1736.json b/cusa/q/qemu/qemu-6.2.0-77_openEuler-SA-2023-1736.json
index e67410e..9e084a4 100644
--- a/cusa/q/qemu/qemu-6.2.0-77_openEuler-SA-2023-1736.json
+++ b/cusa/q/qemu/qemu-6.2.0-77_openEuler-SA-2023-1736.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1736",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1736",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.(CVE-2023-3354)",
"cves": [
{
"id": "CVE-2023-3354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3354",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-80_openEuler-SA-2023-1785.json b/cusa/q/qemu/qemu-6.2.0-80_openEuler-SA-2023-1785.json
index e5c0b1f..72c782c 100644
--- a/cusa/q/qemu/qemu-6.2.0-80_openEuler-SA-2023-1785.json
+++ b/cusa/q/qemu/qemu-6.2.0-80_openEuler-SA-2023-1785.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1785",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1785",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.(CVE-2023-3255)",
"cves": [
{
"id": "CVE-2023-3255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3255",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-83_openEuler-SA-2023-1895.json b/cusa/q/qemu/qemu-6.2.0-83_openEuler-SA-2023-1895.json
index 9f4bd6e..da85fa3 100644
--- a/cusa/q/qemu/qemu-6.2.0-83_openEuler-SA-2023-1895.json
+++ b/cusa/q/qemu/qemu-6.2.0-83_openEuler-SA-2023-1895.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1895",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1895",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.(CVE-2023-1544)",
"cves": [
{
"id": "CVE-2023-1544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1544",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-86_openEuler-SA-2024-1311.json b/cusa/q/qemu/qemu-6.2.0-86_openEuler-SA-2024-1311.json
index f582a85..7570ed3 100644
--- a/cusa/q/qemu/qemu-6.2.0-86_openEuler-SA-2024-1311.json
+++ b/cusa/q/qemu/qemu-6.2.0-86_openEuler-SA-2024-1311.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1311",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1311",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.(CVE-2023-3019)\r\n\r\nA flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.(CVE-2023-6683)\r\n\r\nA stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.(CVE-2023-6693)",
"cves": [
{
"id": "CVE-2023-6693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6693",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qemu/qemu-6.2.0-88_openEuler-SA-2024-1491.json b/cusa/q/qemu/qemu-6.2.0-88_openEuler-SA-2024-1491.json
index 0a99954..6ac4339 100644
--- a/cusa/q/qemu/qemu-6.2.0-88_openEuler-SA-2024-1491.json
+++ b/cusa/q/qemu/qemu-6.2.0-88_openEuler-SA-2024-1491.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1491",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1491",
"title": "An update for qemu is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.(CVE-2023-0330)\r\n\r\nQEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.(CVE-2024-24474)\r\n\r\nA double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.(CVE-2024-3446)\r\n\r\nA heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2024-3447)",
"cves": [
{
"id": "CVE-2024-3447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3447",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qpdf/qpdf-8.4.2-4_openEuler-SA-2023-1542.json b/cusa/q/qpdf/qpdf-8.4.2-4_openEuler-SA-2023-1542.json
index fffbfde..cad23d9 100644
--- a/cusa/q/qpdf/qpdf-8.4.2-4_openEuler-SA-2023-1542.json
+++ b/cusa/q/qpdf/qpdf-8.4.2-4_openEuler-SA-2023-1542.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1542",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1542",
"title": "An update for qpdf is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It also provides many useful capabilities to developers of PDF-producing software or for people who just want to look at the innards of a PDF file to learn more about how they work.\n\nSecurity Fix(es):\n\nAn issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.(CVE-2021-25786)",
"cves": [
{
"id": "CVE-2021-25786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25786",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt/qt-4.8.7-53_openEuler-SA-2023-1547.json b/cusa/q/qt/qt-4.8.7-53_openEuler-SA-2023-1547.json
index 3c6a2e9..4c08712 100644
--- a/cusa/q/qt/qt-4.8.7-53_openEuler-SA-2023-1547.json
+++ b/cusa/q/qt/qt-4.8.7-53_openEuler-SA-2023-1547.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1547",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1547",
"title": "An update for qt is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Qt (pronounced as \"cute\", not \"cu-tee\") is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo or BB10, and on embedded devices. Ports for Android (Necessitas) and iOS are also in development\n\nSecurity Fix(es):\n\nIn Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.(CVE-2023-32573)",
"cves": [
{
"id": "CVE-2023-32573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt/qt-4.8.7-58_openEuler-SA-2023-1881.json b/cusa/q/qt/qt-4.8.7-58_openEuler-SA-2023-1881.json
index d7751d9..73c1188 100644
--- a/cusa/q/qt/qt-4.8.7-58_openEuler-SA-2023-1881.json
+++ b/cusa/q/qt/qt-4.8.7-58_openEuler-SA-2023-1881.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1881",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1881",
"title": "An update for qt is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Qt (pronounced as \"cute\", not \"cu-tee\") is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo or BB10, and on embedded devices. Ports for Android (Necessitas) and iOS are also in development\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.(CVE-2023-34410)\r\n\r\nIn Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369)\r\n\r\nAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.(CVE-2023-38197)\r\n\r\nAn issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.(CVE-2023-43114)",
"cves": [
{
"id": "CVE-2023-43114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43114",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-11_openEuler-SA-2023-1791.json b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-11_openEuler-SA-2023-1791.json
index dc74d68..20dbe82 100644
--- a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-11_openEuler-SA-2023-1791.json
+++ b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-11_openEuler-SA-2023-1791.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1791",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1791",
"title": "An update for qt5-qtbase is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Qt is a software toolkit for developing applications.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.(CVE-2023-33285)",
"cves": [
{
"id": "CVE-2023-33285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33285",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-1803.json b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-1803.json
index 1fa4cc8..d9d9aef 100644
--- a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-1803.json
+++ b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-1803.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1803",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1803",
"title": "An update for qt5-qtbase is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Qt is a software toolkit for developing applications.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.(CVE-2022-25255)",
"cves": [
{
"id": "CVE-2022-25255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25255",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-2060.json b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-2060.json
index 3cd039b..4e765be 100644
--- a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-2060.json
+++ b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-3_openEuler-SA-2022-2060.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2060",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2060",
"title": "An update for qt5-qtbase is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling.\r\n\r\nSecurity Fix(es):\r\n\r\nQt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).(CVE-2021-38593)",
"cves": [
{
"id": "CVE-2021-38593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38593",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-6_openEuler-SA-2023-1270.json b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-6_openEuler-SA-2023-1270.json
index 69f05de..217ac37 100644
--- a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-6_openEuler-SA-2023-1270.json
+++ b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-6_openEuler-SA-2023-1270.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1270",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1270",
"title": "An update for qt5-qtbase is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides base tools, such as string, xml, and network handling.\r\n\r\nSecurity Fix(es):\r\n\r\nQt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607)",
"cves": [
{
"id": "CVE-2023-24607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-8_openEuler-SA-2023-1387.json b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-8_openEuler-SA-2023-1387.json
index 931bef9..02ffddf 100644
--- a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-8_openEuler-SA-2023-1387.json
+++ b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-8_openEuler-SA-2023-1387.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1387",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1387",
"title": "An update for qt5-qtbase is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Qt is a software toolkit for developing applications.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.(CVE-2023-32762)\r\n\r\nAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.(CVE-2023-32763)",
"cves": [
{
"id": "CVE-2023-32763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-9_openEuler-SA-2023-1610.json b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-9_openEuler-SA-2023-1610.json
index a6b28aa..782bf91 100644
--- a/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-9_openEuler-SA-2023-1610.json
+++ b/cusa/q/qt5-qtbase/qt5-qtbase-5.15.2-9_openEuler-SA-2023-1610.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1610",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1610",
"title": "An update for qt5-qtbase is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "This package provides base tools, such as string, xml, and network handling.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369)",
"cves": [
{
"id": "CVE-2023-37369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/raptor2/raptor2-2.0.15-18_openEuler-SA-2022-1796.json b/cusa/r/raptor2/raptor2-2.0.15-18_openEuler-SA-2022-1796.json
index a013972..9a8d624 100644
--- a/cusa/r/raptor2/raptor2-2.0.15-18_openEuler-SA-2022-1796.json
+++ b/cusa/r/raptor2/raptor2-2.0.15-18_openEuler-SA-2022-1796.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1796",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1796",
"title": "An update for raptor2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Raptor is Redland's RDF parser toolkit, which provides a set of independent RDF parsers to generate triples from RDF / XML or N-Triples.\r\n\r\nSecurity Fix(es):\r\n\r\nA malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.(CVE-2020-25713)",
"cves": [
{
"id": "CVE-2020-25713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25713",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rear/rear-2.4-5_openEuler-SA-2024-1077.json b/cusa/r/rear/rear-2.4-5_openEuler-SA-2024-1077.json
index 622d822..0f8f9e5 100644
--- a/cusa/r/rear/rear-2.4-5_openEuler-SA-2024-1077.json
+++ b/cusa/r/rear/rear-2.4-5_openEuler-SA-2024-1077.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1077",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1077",
"title": "An update for rear is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Relax-and-Recover is a setup-and-forget Linux bare metal disaster recovery solution. It is easy to set up and requires no maintenance so there is no excuse for not using it.\r\n\r\nSecurity Fix(es):\r\n\r\nRelax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.(CVE-2024-23301)",
"cves": [
{
"id": "CVE-2024-23301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23301",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/redis/redis-4.0.14-4_openEuler-SA-2023-1184.json b/cusa/r/redis/redis-4.0.14-4_openEuler-SA-2023-1184.json
index 496ede7..48dbde7 100644
--- a/cusa/r/redis/redis-4.0.14-4_openEuler-SA-2023-1184.json
+++ b/cusa/r/redis/redis-4.0.14-4_openEuler-SA-2023-1184.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1184",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1184",
"title": "An update for redis is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.\r\n\r\nSecurity Fix(es):\r\n\r\nRedis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.(CVE-2022-36021)",
"cves": [
{
"id": "CVE-2022-36021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36021",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/redis/redis-4.0.14-5_openEuler-SA-2023-1289.json b/cusa/r/redis/redis-4.0.14-5_openEuler-SA-2023-1289.json
index edd98dd..16d64c3 100644
--- a/cusa/r/redis/redis-4.0.14-5_openEuler-SA-2023-1289.json
+++ b/cusa/r/redis/redis-4.0.14-5_openEuler-SA-2023-1289.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1289",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1289",
"title": "An update for redis is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.\r\n\r\nSecurity Fix(es):\r\n\r\nRedis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-28856)",
"cves": [
{
"id": "CVE-2023-28856",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28856",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/redis/redis-4.0.14-6_openEuler-SA-2023-1458.json b/cusa/r/redis/redis-4.0.14-6_openEuler-SA-2023-1458.json
index e21ef0d..c356161 100644
--- a/cusa/r/redis/redis-4.0.14-6_openEuler-SA-2023-1458.json
+++ b/cusa/r/redis/redis-4.0.14-6_openEuler-SA-2023-1458.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1458",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1458",
"title": "An update for redis is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes,lists, sets anorted sets.\r\n\r\nSecurity Fix(es):\r\n\r\nRedis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.(CVE-2022-24834)",
"cves": [
{
"id": "CVE-2022-24834",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1823.json b/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1823.json
index 0a2ad52..538a55f 100644
--- a/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1823.json
+++ b/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1823.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1823",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1823",
"title": "An update for redis6 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.\r\n\r\nSecurity Fix(es):\r\n\r\nRedis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.(CVE-2022-24735)\r\n\r\nRedis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.(CVE-2022-24736)",
"cves": [
{
"id": "CVE-2022-24736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1866.json b/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1866.json
index f260640..3294e5c 100644
--- a/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1866.json
+++ b/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1866.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1866",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1866",
"title": "An update for redis6 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.\r\n\r\nSecurity Fix(es):\r\n\r\nRedis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.(CVE-2021-32672)",
"cves": [
{
"id": "CVE-2021-32672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1883.json b/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1883.json
index 8629d13..7a9e83d 100644
--- a/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1883.json
+++ b/cusa/r/redis6/redis6-6.2.7-1_openEuler-SA-2022-1883.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1883",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1883",
"title": "An update for redis6 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.\r\n\r\nSecurity Fix(es):\r\n\r\nRedis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.(CVE-2021-29477)",
"cves": [
{
"id": "CVE-2021-29477",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29477",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rpm/rpm-4.17.0-14_openEuler-SA-2022-1897.json b/cusa/r/rpm/rpm-4.17.0-14_openEuler-SA-2022-1897.json
index 316b44d..4f0cb69 100644
--- a/cusa/r/rpm/rpm-4.17.0-14_openEuler-SA-2022-1897.json
+++ b/cusa/r/rpm/rpm-4.17.0-14_openEuler-SA-2022-1897.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1897",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1897",
"title": "An update for rpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The RPM Package Manager (RPM) is a powerful package management system capability as below\r\n\r\nSecurity Fix(es):\r\n\r\nA race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35937)\r\n\r\nIt was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35939)\r\n\r\nA symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35938)",
"cves": [
{
"id": "CVE-2021-35938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35938",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rsync/rsync-3.2.3-4_openEuler-SA-2022-1875.json b/cusa/r/rsync/rsync-3.2.3-4_openEuler-SA-2022-1875.json
index a627c45..adeac2b 100644
--- a/cusa/r/rsync/rsync-3.2.3-4_openEuler-SA-2022-1875.json
+++ b/cusa/r/rsync/rsync-3.2.3-4_openEuler-SA-2022-1875.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1875",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1875",
"title": "An update for rsync is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Rsync is an open source utility that provides fast incremental file transfer.It uses the \"rsync algorithm\" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).(CVE-2022-29154)",
"cves": [
{
"id": "CVE-2022-29154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29154",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rsyslog/rsyslog-8.2110.0-9_openEuler-SA-2022-1672.json b/cusa/r/rsyslog/rsyslog-8.2110.0-9_openEuler-SA-2022-1672.json
index 643b5d2..c4d193c 100644
--- a/cusa/r/rsyslog/rsyslog-8.2110.0-9_openEuler-SA-2022-1672.json
+++ b/cusa/r/rsyslog/rsyslog-8.2110.0-9_openEuler-SA-2022-1672.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1672",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1672",
"title": "An update for rsyslog is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "RSYSLOG is the rocket-fast system for log processing.It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.\r\n\r\nSecurity Fix(es):\r\n\r\nRsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules imtcp, imptcp, imgssapi, and imhttp are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module imdiag is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.(CVE-2022-24903)",
"cves": [
{
"id": "CVE-2022-24903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24903",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/ruby/ruby-3.0.3-124_openEuler-SA-2022-1700.json b/cusa/r/ruby/ruby-3.0.3-124_openEuler-SA-2022-1700.json
index 19dbc66..1306342 100644
--- a/cusa/r/ruby/ruby-3.0.3-124_openEuler-SA-2022-1700.json
+++ b/cusa/r/ruby/ruby-3.0.3-124_openEuler-SA-2022-1700.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1700",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1700",
"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.(CVE-2022-28739)\r\n\r\nA double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.(CVE-2022-28738)",
"cves": [
{
"id": "CVE-2022-28738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28738",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/ruby/ruby-3.0.3-128_openEuler-SA-2023-1003.json b/cusa/r/ruby/ruby-3.0.3-128_openEuler-SA-2023-1003.json
index b4046b1..77ce756 100644
--- a/cusa/r/ruby/ruby-3.0.3-128_openEuler-SA-2023-1003.json
+++ b/cusa/r/ruby/ruby-3.0.3-128_openEuler-SA-2023-1003.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1003",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1003",
"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\n\r\n\r\nSecurity Fix(es):\r\n\r\nThe cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.(CVE-2021-33621)",
"cves": [
{
"id": "CVE-2021-33621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33621",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/ruby/ruby-3.0.3-129_openEuler-SA-2023-1226.json b/cusa/r/ruby/ruby-3.0.3-129_openEuler-SA-2023-1226.json
index 3059d62..74e915f 100644
--- a/cusa/r/ruby/ruby-3.0.3-129_openEuler-SA-2023-1226.json
+++ b/cusa/r/ruby/ruby-3.0.3-129_openEuler-SA-2023-1226.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1226",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1226",
"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\r\n\r\nSecurity Fix(es):\r\n\r\nA ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756)\r\n\r\nA ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.(CVE-2023-28755)",
"cves": [
{
"id": "CVE-2023-28755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28755",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/ruby/ruby-3.0.3-131_openEuler-SA-2023-1427.json b/cusa/r/ruby/ruby-3.0.3-131_openEuler-SA-2023-1427.json
index 527a4d2..d10270d 100644
--- a/cusa/r/ruby/ruby-3.0.3-131_openEuler-SA-2023-1427.json
+++ b/cusa/r/ruby/ruby-3.0.3-131_openEuler-SA-2023-1427.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1427",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1427",
"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\n\nSecurity Fix(es):\n\nA ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.(CVE-2023-36617)",
"cves": [
{
"id": "CVE-2023-36617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36617",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/ruby/ruby-3.0.3-132_openEuler-SA-2024-1433.json b/cusa/r/ruby/ruby-3.0.3-132_openEuler-SA-2024-1433.json
index c4084be..90dc4b0 100644
--- a/cusa/r/ruby/ruby-3.0.3-132_openEuler-SA-2024-1433.json
+++ b/cusa/r/ruby/ruby-3.0.3-132_openEuler-SA-2024-1433.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2024-1433",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1433",
"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\r\n\r\nSecurity Fix(es):\r\n\r\nA buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.(CVE-2024-27280)\r\n\r\nA flaw was found in Rubygem RDoc. When parsing .rdoc_options used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution.(CVE-2024-27281)",
"cves": [
{
diff --git a/cusa/r/rubygem-actionpack/rubygem-actionpack-6.1.4.1-3_openEuler-SA-2024-1146.json b/cusa/r/rubygem-actionpack/rubygem-actionpack-6.1.4.1-3_openEuler-SA-2024-1146.json
index 8dc899a..19fde93 100644
--- a/cusa/r/rubygem-actionpack/rubygem-actionpack-6.1.4.1-3_openEuler-SA-2024-1146.json
+++ b/cusa/r/rubygem-actionpack/rubygem-actionpack-6.1.4.1-3_openEuler-SA-2024-1146.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1146",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1146",
"title": "An update for rubygem-actionpack is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.\r\n\r\nSecurity Fix(es):\r\n\r\nA regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22792)\r\n\r\nA regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22795)",
"cves": [
{
"id": "CVE-2023-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-activerecord/rubygem-activerecord-6.1.4.1-2_openEuler-SA-2023-1132.json b/cusa/r/rubygem-activerecord/rubygem-activerecord-6.1.4.1-2_openEuler-SA-2023-1132.json
index 32efd3a..fdb88a3 100644
--- a/cusa/r/rubygem-activerecord/rubygem-activerecord-6.1.4.1-2_openEuler-SA-2023-1132.json
+++ b/cusa/r/rubygem-activerecord/rubygem-activerecord-6.1.4.1-2_openEuler-SA-2023-1132.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1132",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1132",
"title": "An update for rubygem-activerecord is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL.\r\n\r\nSecurity Fix(es):\r\n\r\nA denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.(CVE-2022-44566)\r\n\r\nA vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.(CVE-2023-22794)",
"cves": [
{
"id": "CVE-2023-22794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-activestorage/rubygem-activestorage-6.1.4.1-2_openEuler-SA-2024-1364.json b/cusa/r/rubygem-activestorage/rubygem-activestorage-6.1.4.1-2_openEuler-SA-2024-1364.json
index d343c22..c335d93 100644
--- a/cusa/r/rubygem-activestorage/rubygem-activestorage-6.1.4.1-2_openEuler-SA-2024-1364.json
+++ b/cusa/r/rubygem-activestorage/rubygem-activestorage-6.1.4.1-2_openEuler-SA-2024-1364.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1364",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1364",
"title": "An update for rubygem-activestorage is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Attach cloud and local files in Rails applications.\r\n\r\nSecurity Fix(es):\r\n\r\nRails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.(CVE-2024-26144)",
"cves": [
{
"id": "CVE-2024-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26144",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-activesupport/rubygem-activesupport-6.1.4.1-2_openEuler-SA-2023-1140.json b/cusa/r/rubygem-activesupport/rubygem-activesupport-6.1.4.1-2_openEuler-SA-2023-1140.json
index 2be3335..2debea2 100644
--- a/cusa/r/rubygem-activesupport/rubygem-activesupport-6.1.4.1-2_openEuler-SA-2023-1140.json
+++ b/cusa/r/rubygem-activesupport/rubygem-activesupport-6.1.4.1-2_openEuler-SA-2023-1140.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1140",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1140",
"title": "An update for rubygem-activesupport is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization,time zones, and testing.\r\n\r\nSecurity Fix(es):\r\n\r\nA regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.(CVE-2023-22796)",
"cves": [
{
"id": "CVE-2023-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-globalid/rubygem-globalid-0.4.2-4_openEuler-SA-2023-1102.json b/cusa/r/rubygem-globalid/rubygem-globalid-0.4.2-4_openEuler-SA-2023-1102.json
index 5abe6bf..32bc727 100644
--- a/cusa/r/rubygem-globalid/rubygem-globalid-0.4.2-4_openEuler-SA-2023-1102.json
+++ b/cusa/r/rubygem-globalid/rubygem-globalid-0.4.2-4_openEuler-SA-2023-1102.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1102",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1102",
"title": "An update for rubygem-globalid is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "URIs for your models makes it easy to pass references around.\r\n\r\nSecurity Fix(es):\r\n\r\nA ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799)",
"cves": [
{
"id": "CVE-2023-22799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22799",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-nokogiri/rubygem-nokogiri-1.13.1-2_openEuler-SA-2022-1644.json b/cusa/r/rubygem-nokogiri/rubygem-nokogiri-1.13.1-2_openEuler-SA-2022-1644.json
index 4c798f8..6bfaba7 100644
--- a/cusa/r/rubygem-nokogiri/rubygem-nokogiri-1.13.1-2_openEuler-SA-2022-1644.json
+++ b/cusa/r/rubygem-nokogiri/rubygem-nokogiri-1.13.1-2_openEuler-SA-2022-1644.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1644",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1644",
"title": "An update for rubygem-nokogiri is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath.\n\r\nSecurity Fix(es):\r\n\r\nNokogiri is an open source XML and HTML library for Ruby. Nokogiri less than v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.(CVE-2022-24836)",
"cves": [
{
"id": "CVE-2022-24836",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24836",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-puma/rubygem-puma-3.12.6-3_openEuler-SA-2024-1006.json b/cusa/r/rubygem-puma/rubygem-puma-3.12.6-3_openEuler-SA-2024-1006.json
index 45bd13c..00d7696 100644
--- a/cusa/r/rubygem-puma/rubygem-puma-3.12.6-3_openEuler-SA-2024-1006.json
+++ b/cusa/r/rubygem-puma/rubygem-puma-3.12.6-3_openEuler-SA-2024-1006.json
@@ -2,7 +2,7 @@
"id": "openEuler-SA-2024-1006",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1006",
"title": "An update for rubygem-puma is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications.\r\n\r\nSecurity Fix(es):\r\n\r\nPuma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.(CVE-2021-41136)\r\n\r\nPuma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.(CVE-2022-23634)",
"cves": [
{
diff --git a/cusa/r/rubygem-rack/rubygem-rack-2.2.3.1-1_openEuler-SA-2022-1729.json b/cusa/r/rubygem-rack/rubygem-rack-2.2.3.1-1_openEuler-SA-2022-1729.json
index f5336a3..dfbd54b 100644
--- a/cusa/r/rubygem-rack/rubygem-rack-2.2.3.1-1_openEuler-SA-2022-1729.json
+++ b/cusa/r/rubygem-rack/rubygem-rack-2.2.3.1-1_openEuler-SA-2022-1729.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1729",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1729",
"title": "An update for rubygem-rack is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.\r\n\r\nSecurity Fix(es):\r\n\r\nDenial of Service Vulnerability in Rack Multipart Parsing(CVE-2022-30122)\r\n\r\nPossible shell escape sequence injection vulnerability in Rack(CVE-2022-30123)\r\n\r\nA reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.(CVE-2020-8184)",
"cves": [
{
"id": "CVE-2020-8184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8184",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-websocket-extensions/rubygem-websocket-extensions-0.1.2-2_openEuler-SA-2022-2093.json b/cusa/r/rubygem-websocket-extensions/rubygem-websocket-extensions-0.1.2-2_openEuler-SA-2022-2093.json
index d733ce1..775ced6 100644
--- a/cusa/r/rubygem-websocket-extensions/rubygem-websocket-extensions-0.1.2-2_openEuler-SA-2022-2093.json
+++ b/cusa/r/rubygem-websocket-extensions/rubygem-websocket-extensions-0.1.2-2_openEuler-SA-2022-2093.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2093",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2093",
"title": "An update for rubygem-websocket-extensions is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Generic extension manager for WebSocket connections.\r\n\r\nSecurity Fix(es):\r\n\r\nwebsocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.(CVE-2020-7663)",
"cves": [
{
"id": "CVE-2020-7663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7663",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-yajl-ruby/rubygem-yajl-ruby-1.4.3-1_openEuler-SA-2022-1752.json b/cusa/r/rubygem-yajl-ruby/rubygem-yajl-ruby-1.4.3-1_openEuler-SA-2022-1752.json
index 0a78e0b..124a990 100644
--- a/cusa/r/rubygem-yajl-ruby/rubygem-yajl-ruby-1.4.3-1_openEuler-SA-2022-1752.json
+++ b/cusa/r/rubygem-yajl-ruby/rubygem-yajl-ruby-1.4.3-1_openEuler-SA-2022-1752.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1752",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1752",
"title": "An update for rubygem-yajl-ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Ruby C bindings to the excellent Yajl JSON stream-based parser library.\r\n\r\nSecurity Fix(es):\r\n\r\nyajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795)",
"cves": [
{
"id": "CVE-2022-24795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24795",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/r/rubygem-yard/rubygem-yard-0.9.26-3_openEuler-SA-2024-1256.json b/cusa/r/rubygem-yard/rubygem-yard-0.9.26-3_openEuler-SA-2024-1256.json
index f134f03..e6a8643 100644
--- a/cusa/r/rubygem-yard/rubygem-yard-0.9.26-3_openEuler-SA-2024-1256.json
+++ b/cusa/r/rubygem-yard/rubygem-yard-0.9.26-3_openEuler-SA-2024-1256.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1256",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1256",
"title": "An update for rubygem-yard is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions.\r\n\r\nSecurity Fix(es):\r\n\r\nYARD is a Ruby Documentation tool. The \"frames.html\" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the \"frames.erb\" template file. This vulnerability is fixed in 0.9.36.(CVE-2024-27285)",
"cves": [
{
"id": "CVE-2024-27285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27285",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/SDL2/SDL2-2.0.12-4_openEuler-SA-2022-1645.json b/cusa/s/SDL2/SDL2-2.0.12-4_openEuler-SA-2022-1645.json
index e33f745..07aa9e6 100644
--- a/cusa/s/SDL2/SDL2-2.0.12-4_openEuler-SA-2022-1645.json
+++ b/cusa/s/SDL2/SDL2-2.0.12-4_openEuler-SA-2022-1645.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1645",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1645",
"title": "An update for SDL2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\r\nSecurity Fix(es):\r\n\r\nSDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.(CVE-2020-14409)\nSDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.(CVE-2020-14410)",
"cves": [
{
"id": "CVE-2020-14410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14410",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/SDL2/SDL2-2.0.12-6_openEuler-SA-2023-1029.json b/cusa/s/SDL2/SDL2-2.0.12-6_openEuler-SA-2023-1029.json
index 1d1795d..63ac425 100644
--- a/cusa/s/SDL2/SDL2-2.0.12-6_openEuler-SA-2023-1029.json
+++ b/cusa/s/SDL2/SDL2-2.0.12-6_openEuler-SA-2023-1029.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1029",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1029",
"title": "An update for SDL2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory leak issue was discovered in SDL2 version >= SDL2-2.0.8\r\n\r\nSee the link below for details:\nhttps://github.com/libsdl-org/SDL/pull/6269\nhttps://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b(CVE-2022-4743)",
"cves": [
{
"id": "CVE-2022-4743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4743",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-10_openEuler-SA-2022-1905.json b/cusa/s/samba/samba-4.15.3-10_openEuler-SA-2022-1905.json
index f780820..d2e0ee9 100644
--- a/cusa/s/samba/samba-4.15.3-10_openEuler-SA-2022-1905.json
+++ b/cusa/s/samba/samba-4.15.3-10_openEuler-SA-2022-1905.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1905",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1905",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.(CVE-2022-1615)",
"cves": [
{
"id": "CVE-2022-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1615",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-12_openEuler-SA-2022-2038.json b/cusa/s/samba/samba-4.15.3-12_openEuler-SA-2022-2038.json
index 029e720..85ae0b9 100644
--- a/cusa/s/samba/samba-4.15.3-12_openEuler-SA-2022-2038.json
+++ b/cusa/s/samba/samba-4.15.3-12_openEuler-SA-2022-2038.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2038",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2038",
"title": "An update for samba is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nThe DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.\r\n\r\nAffects - All versions of Samba since Samba 4.0 compiled with Heimdal Kerberos.\nSamba 4.15.11, 4.16.6 and 4.17.2 have been issued as security releases to correct the defect\r\n\r\nhttps://www.samba.org/samba/security/CVE-2022-3437.html(CVE-2022-3437)",
"cves": [
{
"id": "CVE-2022-3437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3437",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-14_openEuler-SA-2022-2121.json b/cusa/s/samba/samba-4.15.3-14_openEuler-SA-2022-2121.json
index f7d713e..59c3cf4 100644
--- a/cusa/s/samba/samba-4.15.3-14_openEuler-SA-2022-2121.json
+++ b/cusa/s/samba/samba-4.15.3-14_openEuler-SA-2022-2121.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2121",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2121",
"title": "An update for samba is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.(CVE-2022-42898)",
"cves": [
{
"id": "CVE-2022-42898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42898",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-16_openEuler-SA-2022-2153.json b/cusa/s/samba/samba-4.15.3-16_openEuler-SA-2022-2153.json
index 209c9b0..d3ffb53 100644
--- a/cusa/s/samba/samba-4.15.3-16_openEuler-SA-2022-2153.json
+++ b/cusa/s/samba/samba-4.15.3-16_openEuler-SA-2022-2153.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2153",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2153",
"title": "An update for samba is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\n\n[Invalid free in ASN.1 codec](CVE-2022-44640)",
"cves": [
{
"id": "CVE-2022-44640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44640",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1018.json b/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1018.json
index a1d88e6..d6279fb 100644
--- a/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1018.json
+++ b/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1018.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1018",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1018",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nSince the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).(CVE-2022-45141)\r\n\r\nWindows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.(CVE-2022-37966)",
"cves": [
{
"id": "CVE-2022-37966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37966",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1048.json b/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1048.json
index b72ca96..7e49243 100644
--- a/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1048.json
+++ b/cusa/s/samba/samba-4.15.3-18_openEuler-SA-2023-1048.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1048",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1048",
"title": "An update for samba is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nNetlogon RPC Elevation of Privilege Vulnerability.(CVE-2022-38023)",
"cves": [
{
"id": "CVE-2022-38023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38023",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-20_openEuler-SA-2023-1232.json b/cusa/s/samba/samba-4.15.3-20_openEuler-SA-2023-1232.json
index a75da65..12b05c8 100644
--- a/cusa/s/samba/samba-4.15.3-20_openEuler-SA-2023-1232.json
+++ b/cusa/s/samba/samba-4.15.3-20_openEuler-SA-2023-1232.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1232",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1232",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nThe Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.(CVE-2023-0922)",
"cves": [
{
"id": "CVE-2023-0922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0922",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-22_openEuler-SA-2023-1451.json b/cusa/s/samba/samba-4.15.3-22_openEuler-SA-2023-1451.json
index cb7afec..44278ae 100644
--- a/cusa/s/samba/samba-4.15.3-22_openEuler-SA-2023-1451.json
+++ b/cusa/s/samba/samba-4.15.3-22_openEuler-SA-2023-1451.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1451",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1451",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\n\nSecurity Fix(es):\n\nAn out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.(CVE-2022-2127)\n\nAn infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.(CVE-2023-34966)\n\nA Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.(CVE-2023-34967)",
"cves": [
{
"id": "CVE-2023-34967",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34967",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-23_openEuler-SA-2023-1755.json b/cusa/s/samba/samba-4.15.3-23_openEuler-SA-2023-1755.json
index 73c8528..1924a54 100644
--- a/cusa/s/samba/samba-4.15.3-23_openEuler-SA-2023-1755.json
+++ b/cusa/s/samba/samba-4.15.3-23_openEuler-SA-2023-1755.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1755",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1755",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \"acl_xattr\" is configured with \"acl_xattr:ignore system acls = yes\". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.(CVE-2023-4091)\r\n\r\nA vulnerability was found in Samba's \"rpcecho\" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task.(CVE-2023-42669)",
"cves": [
{
"id": "CVE-2023-42669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42669",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-6_openEuler-SA-2022-1770.json b/cusa/s/samba/samba-4.15.3-6_openEuler-SA-2022-1770.json
index f48adc2..6e64532 100644
--- a/cusa/s/samba/samba-4.15.3-6_openEuler-SA-2022-1770.json
+++ b/cusa/s/samba/samba-4.15.3-6_openEuler-SA-2022-1770.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1770",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1770",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nAll versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.(CVE-2021-44141)",
"cves": [
{
"id": "CVE-2021-44141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44141",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-7_openEuler-SA-2022-1798.json b/cusa/s/samba/samba-4.15.3-7_openEuler-SA-2022-1798.json
index 5c32ed1..f04a60c 100644
--- a/cusa/s/samba/samba-4.15.3-7_openEuler-SA-2022-1798.json
+++ b/cusa/s/samba/samba-4.15.3-7_openEuler-SA-2022-1798.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1798",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1798",
"title": "An update for samba is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es): \r\n\r\nA flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.(CVE-2022-32745)\n\nA flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746)\n\nA flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).(CVE-2022-32742)\n\nA flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users passwords, enabling full domain takeover.(CVE-2022-32744)\n\nAs per samba upstream advisory:All versions of Samba prior to 4.16.x built with Heimdal Kerberos are vulnerable to an Elevation of Privilege attack. If the password of a user expires and need to be changed, a user could get a krbtgt using kpasswd with canonicalization turned on. The KDC should only provide a ticket for kadmin/changepw but returns a krbtgt. So a user could skip the password change and just use the krbtgt to get service tickets and use services in the forest.(CVE-2022-2031)",
"cves": [
{
"id": "CVE-2022-2031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2031",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/samba/samba-4.15.3-9_openEuler-SA-2022-1878.json b/cusa/s/samba/samba-4.15.3-9_openEuler-SA-2022-1878.json
index 62cb1ae..4f98db1 100644
--- a/cusa/s/samba/samba-4.15.3-9_openEuler-SA-2022-1878.json
+++ b/cusa/s/samba/samba-4.15.3-9_openEuler-SA-2022-1878.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1878",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1878",
"title": "An update for samba is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nCVE-2022-32743 samba: Validated dnsHostname write right needs to be implemented\nhttps://bugzilla.samba.org/show_bug.cgi?id=14833(CVE-2022-32743)",
"cves": [
{
"id": "CVE-2022-32743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32743",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/scipy/scipy-1.6.2-2_openEuler-SA-2023-1491.json b/cusa/s/scipy/scipy-1.6.2-2_openEuler-SA-2023-1491.json
index 21baaeb..b7f4450 100644
--- a/cusa/s/scipy/scipy-1.6.2-2_openEuler-SA-2023-1491.json
+++ b/cusa/s/scipy/scipy-1.6.2-2_openEuler-SA-2023-1491.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1491",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1491",
"title": "An update for scipy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "SciPy (pronounced \"Sigh Pie\") is open-source software for mathematics, science, and engineering. It includes modules for statistics, optimization, integration, linear algebra, Fourier transforms, signal and image processing, ODE solvers, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nA refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.(CVE-2023-25399)",
"cves": [
{
"id": "CVE-2023-25399",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25399",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/screen/screen-4.8.0-12_openEuler-SA-2023-1263.json b/cusa/s/screen/screen-4.8.0-12_openEuler-SA-2023-1263.json
index 9b7ea97..9bf6c92 100644
--- a/cusa/s/screen/screen-4.8.0-12_openEuler-SA-2023-1263.json
+++ b/cusa/s/screen/screen-4.8.0-12_openEuler-SA-2023-1263.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1263",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1263",
"title": "An update for screen is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Screen is a full-screen window manager that multiplexes a physical terminal between several processes,typically interactive shells.\r\n\r\nSecurity Fix(es):\r\n\r\nsocket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.(CVE-2023-24626)",
"cves": [
{
"id": "CVE-2023-24626",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24626",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shadow/shadow-4.9-12_openEuler-SA-2023-1850.json b/cusa/s/shadow/shadow-4.9-12_openEuler-SA-2023-1850.json
index 9611f2d..d33c2db 100644
--- a/cusa/s/shadow/shadow-4.9-12_openEuler-SA-2023-1850.json
+++ b/cusa/s/shadow/shadow-4.9-12_openEuler-SA-2023-1850.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1850",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1850",
"title": "An update for shadow is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Tools for managing accounts and shadow password files.\r\n\r\nSecurity Fix(es):\r\n\r\nshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees(CVE-2013-4235)",
"cves": [
{
"id": "CVE-2013-4235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4235",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shapelib/shapelib-1.5.0-2_openEuler-SA-2022-1858.json b/cusa/s/shapelib/shapelib-1.5.0-2_openEuler-SA-2022-1858.json
index a789631..92b78b3 100644
--- a/cusa/s/shapelib/shapelib-1.5.0-2_openEuler-SA-2022-1858.json
+++ b/cusa/s/shapelib/shapelib-1.5.0-2_openEuler-SA-2022-1858.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1858",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1858",
"title": "An update for shapelib is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Shapefile C Library provides the ability to write simple C programs for reading, writing and updating (to a limited extent) ESRI Shapefiles, and the associated attribute file (.dbf). This package also contains various utility programs for using shapelib.\r\n\r\nSecurity Fix(es):\r\n\r\n** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-0699)",
"cves": [
{
"id": "CVE-2022-0699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0699",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-10_openEuler-SA-2023-1800.json b/cusa/s/shim/shim-15.4-10_openEuler-SA-2023-1800.json
index e60bf1a..d7a040c 100644
--- a/cusa/s/shim/shim-15.4-10_openEuler-SA-2023-1800.json
+++ b/cusa/s/shim/shim-15.4-10_openEuler-SA-2023-1800.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1800",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1800",
"title": "An update for shim is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Initial UEFI bootloader that handles chaining to a trusted full \\ bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirror_one_esl of the file mok.c of the component mok. Applying the patch 66e6579dbf921152f647a0c16da1d3b2f40861ca is able to eliminate this problem. The bugfix is ready for download at github.com.(CVE-2023-40546)",
"cves": [
{
"id": "CVE-2023-40546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40546",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1117.json b/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1117.json
index 28cd8c1..bb04ddf 100644
--- a/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1117.json
+++ b/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1117.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1117",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1117",
"title": "An update for shim is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Initial UEFI bootloader that handles chaining to a trusted full \\ bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nA remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.(CVE-2023-40547)\r\n\r\nA buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.(CVE-2023-40548)\r\n\r\nAn out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.(CVE-2023-40549)\r\n\r\nAn out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.(CVE-2023-40550)\r\n\r\nA flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.(CVE-2023-40551)",
"cves": [
{
"id": "CVE-2023-40551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40551",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1186.json b/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1186.json
index d1b281e..6cda29f 100644
--- a/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1186.json
+++ b/cusa/s/shim/shim-15.4-13_openEuler-SA-2024-1186.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1186",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1186",
"title": "An update for shim is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Initial UEFI bootloader that handles chaining to a trusted full \\ bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nA security vulnerability has been identified in all supported versions\r\n\r\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)",
"cves": [
{
"id": "CVE-2023-0464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0464",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-14_openEuler-SA-2024-1223.json b/cusa/s/shim/shim-15.4-14_openEuler-SA-2024-1223.json
index 1f9933b..83107aa 100644
--- a/cusa/s/shim/shim-15.4-14_openEuler-SA-2024-1223.json
+++ b/cusa/s/shim/shim-15.4-14_openEuler-SA-2024-1223.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1223",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1223",
"title": "An update for shim is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Initial UEFI bootloader that handles chaining to a trusted full \\ bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nApplications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465)\r\n\r\nIssue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\r\n\r\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\r\n\r\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\r\n\r\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\r\n\r\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\r\n\r\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\r\n\r\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\r\n\r\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\r\n\r\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\r\n\r\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.(CVE-2023-2650)\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\r\n\r\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)\r\n\r\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)",
"cves": [
{
"id": "CVE-2024-0727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-4_openEuler-SA-2022-1799.json b/cusa/s/shim/shim-15.4-4_openEuler-SA-2022-1799.json
index d5a6fe2..5528c30 100644
--- a/cusa/s/shim/shim-15.4-4_openEuler-SA-2022-1799.json
+++ b/cusa/s/shim/shim-15.4-4_openEuler-SA-2022-1799.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1799",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1799",
"title": "An update for shim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2022-28737)",
"cves": [
{
"id": "CVE-2022-28737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28737",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-5_openEuler-SA-2022-1938.json b/cusa/s/shim/shim-15.4-5_openEuler-SA-2022-1938.json
index edc2cb3..bc2fcb6 100644
--- a/cusa/s/shim/shim-15.4-5_openEuler-SA-2022-1938.json
+++ b/cusa/s/shim/shim-15.4-5_openEuler-SA-2022-1938.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1938",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1938",
"title": "An update for shim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Initial UEFI bootloader that handles chaining to a trusted full \\ bootloader under secure boot environments.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nThe X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).(CVE-2020-1971)\r\n\r\nCalls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).(CVE-2021-23840)\r\n\r\nWhile parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.(CVE-2017-3735)\r\n\r\nDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).(CVE-2018-0732)\r\n\r\nASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).(CVE-2021-3712)\r\n\r\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)",
"cves": [
{
"id": "CVE-2022-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/shim/shim-15.4-8_openEuler-SA-2023-1121.json b/cusa/s/shim/shim-15.4-8_openEuler-SA-2023-1121.json
index 650d62e..4220871 100644
--- a/cusa/s/shim/shim-15.4-8_openEuler-SA-2023-1121.json
+++ b/cusa/s/shim/shim-15.4-8_openEuler-SA-2023-1121.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1121",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1121",
"title": "An update for shim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments.\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)",
"cves": [
{
"id": "CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/skopeo/skopeo-1.5.2-5_openEuler-SA-2024-1503.json b/cusa/s/skopeo/skopeo-1.5.2-5_openEuler-SA-2024-1503.json
index 308586c..3541f4d 100644
--- a/cusa/s/skopeo/skopeo-1.5.2-5_openEuler-SA-2024-1503.json
+++ b/cusa/s/skopeo/skopeo-1.5.2-5_openEuler-SA-2024-1503.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1503",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1503",
"title": "An update for skopeo is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "A command line utility that performs various operations on container images and image repositories\r\n\r\nSecurity Fix(es):\r\n\r\nA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)",
"cves": [
{
"id": "CVE-2022-41723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/skopeo/skopeo-1.5.2-7_openEuler-SA-2024-1584.json b/cusa/s/skopeo/skopeo-1.5.2-7_openEuler-SA-2024-1584.json
index ecd78bd..943553c 100644
--- a/cusa/s/skopeo/skopeo-1.5.2-7_openEuler-SA-2024-1584.json
+++ b/cusa/s/skopeo/skopeo-1.5.2-7_openEuler-SA-2024-1584.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1584",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1584",
"title": "An update for skopeo is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "A command line utility that performs various operations on container images and image repositories\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.(CVE-2023-29406)",
"cves": [
{
"id": "CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1162.json b/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1162.json
index df376e0..17e5f58 100644
--- a/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1162.json
+++ b/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1162.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1162",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1162",
"title": "An update for snakeyaml is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "SnakeYAML is a YAML parser and emitter for the Java Virtual Machine. YAML is a data serialization format designed for human readability and interaction with scripting languages.\r\n\r\nSecurity Fix(es):\r\n\r\nThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.(CVE-2022-25857)\r\n\r\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38749)\r\n\r\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38750)\r\n\r\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38751)\r\n\r\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.(CVE-2022-38752)\n\nThose using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854)",
"cves": [
{
"id": "CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1503.json b/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1503.json
index fbef1de..1365b01 100644
--- a/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1503.json
+++ b/cusa/s/snakeyaml/snakeyaml-1.32-1_openEuler-SA-2023-1503.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1503",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1503",
"title": "An update for snakeyaml is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "SnakeYAML is a YAML parser and emitter for the Java Virtual Machine. YAML is a data serialization format designed for human readability and interaction with scripting languages.\r\n\r\nSecurity Fix(es):\r\n\r\nThose using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854)",
"cves": [
{
"id": "CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/snappy-java/snappy-java-1.1.2.4-2_openEuler-SA-2023-1398.json b/cusa/s/snappy-java/snappy-java-1.1.2.4-2_openEuler-SA-2023-1398.json
index 2999bcc..3461052 100644
--- a/cusa/s/snappy-java/snappy-java-1.1.2.4-2_openEuler-SA-2023-1398.json
+++ b/cusa/s/snappy-java/snappy-java-1.1.2.4-2_openEuler-SA-2023-1398.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1398",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1398",
"title": "An update for snappy-java is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "A Java port of the snappy, a fast compresser/decompresser written in C++.\n\nSecurity Fix(es):\n\nsnappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.\n\nThe function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.\n\nSince the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.\n\nSince the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.\n\nThe same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.\n\nVersion 1.1.10.1 contains a patch for this issue.(CVE-2023-34454)\n\nsnappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.\n\nThe code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.\n\nIn the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.\n\nVersion 1.1.10.1 contains a patch for this issue.(CVE-2023-34455)",
"cves": [
{
"id": "CVE-2023-34455",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34455",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/snappy-java/snappy-java-1.1.2.4-3_openEuler-SA-2023-1700.json b/cusa/s/snappy-java/snappy-java-1.1.2.4-3_openEuler-SA-2023-1700.json
index 4ad3f55..0ca5184 100644
--- a/cusa/s/snappy-java/snappy-java-1.1.2.4-3_openEuler-SA-2023-1700.json
+++ b/cusa/s/snappy-java/snappy-java-1.1.2.4-3_openEuler-SA-2023-1700.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1700",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1700",
"title": "An update for snappy-java is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "A Java port of the snappy, a fast compresser/decompresser written in C++.\r\n\r\nSecurity Fix(es):\r\n\r\nsnappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.(CVE-2023-43642)",
"cves": [
{
"id": "CVE-2023-43642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sos/sos-4.0-6_openEuler-SA-2024-1564.json b/cusa/s/sos/sos-4.0-6_openEuler-SA-2024-1564.json
index 9ce454f..95c21b3 100644
--- a/cusa/s/sos/sos-4.0-6_openEuler-SA-2024-1564.json
+++ b/cusa/s/sos/sos-4.0-6_openEuler-SA-2024-1564.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1564",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1564",
"title": "An update for sos is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Sos is an extensible, portable, support data collection tool primarily aimed at Linux distributions and other UNIX-like operating systems.\r\n\r\nSecurity Fix(es):\r\n\r\nIt was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev(CVE-2022-2806)",
"cves": [
{
"id": "CVE-2022-2806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sox/sox-14.4.2.0-29_openEuler-SA-2023-1931.json b/cusa/s/sox/sox-14.4.2.0-29_openEuler-SA-2023-1931.json
index d98a699..b1a6e70 100644
--- a/cusa/s/sox/sox-14.4.2.0-29_openEuler-SA-2023-1931.json
+++ b/cusa/s/sox/sox-14.4.2.0-29_openEuler-SA-2023-1931.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1931",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1931",
"title": "An update for sox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "SoX is a cross-platform (Windows, Linux, MacOS X, etc.) command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files, and, as an added bonus, SoX can play and record audio files on most platforms.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.(CVE-2021-23159)\r\n\r\nA vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.(CVE-2021-23172)\r\n\r\nA floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.(CVE-2021-23210)\r\n\r\nA floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.(CVE-2021-33844)\r\n\r\nA floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.(CVE-2023-26590)\r\n\r\nA floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.(CVE-2023-32627)\r\n\r\nA heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34318)\r\n\r\nA heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34432)",
"cves": [
{
"id": "CVE-2023-34432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34432",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/speex/speex-1.2.0-6_openEuler-SA-2022-1701.json b/cusa/s/speex/speex-1.2.0-6_openEuler-SA-2022-1701.json
index 52be525..5fd15d5 100644
--- a/cusa/s/speex/speex-1.2.0-6_openEuler-SA-2022-1701.json
+++ b/cusa/s/speex/speex-1.2.0-6_openEuler-SA-2022-1701.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1701",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1701",
"title": "An update for speex is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Speex is an Open Source/Free Software patent-free audio compression format designed for speech. The Speex Project aims to lower the barrier of entry for voice applications by providing a free alternative to expensive proprietary speech codecs. Moreover, Speex is well-adapted to Internet applications and provides useful features that are not present in most other codecs.\r\n\r\nSecurity Fix(es):\r\n\r\nA Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.(CVE-2020-23903)",
"cves": [
{
"id": "CVE-2020-23903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23903",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sqlite/sqlite-3.37.2-2_openEuler-SA-2022-1909.json b/cusa/s/sqlite/sqlite-3.37.2-2_openEuler-SA-2022-1909.json
index 91b50ea..a234101 100644
--- a/cusa/s/sqlite/sqlite-3.37.2-2_openEuler-SA-2022-1909.json
+++ b/cusa/s/sqlite/sqlite-3.37.2-2_openEuler-SA-2022-1909.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1909",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1909",
"title": "An update for sqlite is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "SQLite is a C-language library that implements a small, fast, self-contained,high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools.\r\n\r\nSecurity Fix(es):\r\n\r\nSQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.(CVE-2022-35737)",
"cves": [
{
"id": "CVE-2022-35737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35737",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sqlite/sqlite-3.37.2-6_openEuler-SA-2023-1484.json b/cusa/s/sqlite/sqlite-3.37.2-6_openEuler-SA-2023-1484.json
index 898e120..ad922b6 100644
--- a/cusa/s/sqlite/sqlite-3.37.2-6_openEuler-SA-2023-1484.json
+++ b/cusa/s/sqlite/sqlite-3.37.2-6_openEuler-SA-2023-1484.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1484",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1484",
"title": "An update for sqlite is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools.\r\n\r\nSecurity Fix(es):\r\n\r\nsqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.(CVE-2023-36191)",
"cves": [
{
"id": "CVE-2023-36191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36191",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sqlite/sqlite-3.37.2-7_openEuler-SA-2024-1063.json b/cusa/s/sqlite/sqlite-3.37.2-7_openEuler-SA-2024-1063.json
index 0ea423d..d57e531 100644
--- a/cusa/s/sqlite/sqlite-3.37.2-7_openEuler-SA-2024-1063.json
+++ b/cusa/s/sqlite/sqlite-3.37.2-7_openEuler-SA-2024-1063.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1063",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1063",
"title": "An update for sqlite is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104)",
"cves": [
{
"id": "CVE-2023-7104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-13_openEuler-SA-2022-1618.json b/cusa/s/squid/squid-4.9-13_openEuler-SA-2022-1618.json
index 5a55cc3..30f3c70 100644
--- a/cusa/s/squid/squid-4.9-13_openEuler-SA-2022-1618.json
+++ b/cusa/s/squid/squid-4.9-13_openEuler-SA-2022-1618.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1618",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1618",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nSquid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.(CVE-2021-28116)",
"cves": [
{
"id": "CVE-2021-28116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28116",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-14_openEuler-SA-2022-1732.json b/cusa/s/squid/squid-4.9-14_openEuler-SA-2022-1732.json
index 57ea9af..7ef0cd3 100644
--- a/cusa/s/squid/squid-4.9-14_openEuler-SA-2022-1732.json
+++ b/cusa/s/squid/squid-4.9-14_openEuler-SA-2022-1732.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1732",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1732",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in squid. Due to improper buffer management Squid is vulnerable to a Denial of Service attack when processing Gopher server responses.(CVE-2021-46784)",
"cves": [
{
"id": "CVE-2021-46784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46784",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-16_openEuler-SA-2022-1974.json b/cusa/s/squid/squid-4.9-16_openEuler-SA-2022-1974.json
index 0c8386f..d7b4d51 100644
--- a/cusa/s/squid/squid-4.9-16_openEuler-SA-2022-1974.json
+++ b/cusa/s/squid/squid-4.9-16_openEuler-SA-2022-1974.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1974",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1974",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nExposure of Sensitive Information in Cache Manager \nhttps://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq(CVE-2022-41317)\r\n\r\nBuffer Over Read in SSPI and SMB Authentication \nhttps://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78(CVE-2022-41318)",
"cves": [
{
"id": "CVE-2022-41318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41318",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-20_openEuler-SA-2023-1794.json b/cusa/s/squid/squid-4.9-20_openEuler-SA-2023-1794.json
index 625719a..180a1b1 100644
--- a/cusa/s/squid/squid-4.9-20_openEuler-SA-2023-1794.json
+++ b/cusa/s/squid/squid-4.9-20_openEuler-SA-2023-1794.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1794",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1794",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\n Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.(CVE-2023-46724)\r\n\r\nSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.(CVE-2023-46728)",
"cves": [
{
"id": "CVE-2023-46728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46728",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-21_openEuler-SA-2023-1932.json b/cusa/s/squid/squid-4.9-21_openEuler-SA-2023-1932.json
index 81c6e04..b677699 100644
--- a/cusa/s/squid/squid-4.9-21_openEuler-SA-2023-1932.json
+++ b/cusa/s/squid/squid-4.9-21_openEuler-SA-2023-1932.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1932",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1932",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49285)\r\n\r\nSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49286)",
"cves": [
{
"id": "CVE-2023-49286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49286",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-22_openEuler-SA-2023-1947.json b/cusa/s/squid/squid-4.9-22_openEuler-SA-2023-1947.json
index aaa4697..02f3028 100644
--- a/cusa/s/squid/squid-4.9-22_openEuler-SA-2023-1947.json
+++ b/cusa/s/squid/squid-4.9-22_openEuler-SA-2023-1947.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1947",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1947",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nSquid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.(CVE-2023-50269)",
"cves": [
{
"id": "CVE-2023-50269",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50269",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-23_openEuler-SA-2024-1124.json b/cusa/s/squid/squid-4.9-23_openEuler-SA-2024-1124.json
index 25549b7..d7c0f5f 100644
--- a/cusa/s/squid/squid-4.9-23_openEuler-SA-2024-1124.json
+++ b/cusa/s/squid/squid-4.9-23_openEuler-SA-2024-1124.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1124",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1124",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nSquid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.(CVE-2024-23638)",
"cves": [
{
"id": "CVE-2024-23638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23638",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/squid/squid-4.9-24_openEuler-SA-2024-1162.json b/cusa/s/squid/squid-4.9-24_openEuler-SA-2024-1162.json
index 860027c..ec84aa8 100644
--- a/cusa/s/squid/squid-4.9-24_openEuler-SA-2024-1162.json
+++ b/cusa/s/squid/squid-4.9-24_openEuler-SA-2024-1162.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1162",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1162",
"title": "An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\r\n\r\nSquid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2(CVE-2024-25617)",
"cves": [
{
"id": "CVE-2024-25617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25617",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sssd/sssd-2.6.1-14_openEuler-SA-2024-1546.json b/cusa/s/sssd/sssd-2.6.1-14_openEuler-SA-2024-1546.json
index b5dfba4..68fa9de 100644
--- a/cusa/s/sssd/sssd-2.6.1-14_openEuler-SA-2024-1546.json
+++ b/cusa/s/sssd/sssd-2.6.1-14_openEuler-SA-2024-1546.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1546",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1546",
"title": "An update for sssd is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources.\r\n\r\nSecurity Fix(es):\r\n\r\nA race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.(CVE-2023-3758)",
"cves": [
{
"id": "CVE-2023-3758",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3758",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/strongswan/strongswan-5.7.2-12_openEuler-SA-2022-2034.json b/cusa/s/strongswan/strongswan-5.7.2-12_openEuler-SA-2022-2034.json
index ce8f50c..2439e9e 100644
--- a/cusa/s/strongswan/strongswan-5.7.2-12_openEuler-SA-2022-2034.json
+++ b/cusa/s/strongswan/strongswan-5.7.2-12_openEuler-SA-2022-2034.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2034",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2034",
"title": "An update for strongswan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.\r\n\r\nSecurity Fix(es):\r\n\r\nstrongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.(CVE-2022-40617)",
"cves": [
{
"id": "CVE-2022-40617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40617",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/subversion/subversion-1.14.1-2_openEuler-SA-2022-1647.json b/cusa/s/subversion/subversion-1.14.1-2_openEuler-SA-2022-1647.json
index 702c9ef..c0723fb 100644
--- a/cusa/s/subversion/subversion-1.14.1-2_openEuler-SA-2022-1647.json
+++ b/cusa/s/subversion/subversion-1.14.1-2_openEuler-SA-2022-1647.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1647",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1647",
"title": "An update for subversion is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects, from individuals to large-scale enterprise operations.\r\n\r\nSecurity Fix(es):\r\n\r\nApache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the copyfrom path of the original. This also reveals the fact that the node was copied. Only the copyfrom path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.(CVE-2021-28544)\n\nSubversion s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.(CVE-2022-24070)",
"cves": [
{
"id": "CVE-2022-24070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24070",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sudo/sudo-1.9.8p2-11_openEuler-SA-2023-1205.json b/cusa/s/sudo/sudo-1.9.8p2-11_openEuler-SA-2023-1205.json
index bdbbf6f..b477cd0 100644
--- a/cusa/s/sudo/sudo-1.9.8p2-11_openEuler-SA-2023-1205.json
+++ b/cusa/s/sudo/sudo-1.9.8p2-11_openEuler-SA-2023-1205.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1205",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1205",
"title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nSudo before 1.9.13 does not escape control characters in sudoreplay output.(CVE-2023-28487)\r\n\r\nSudo before 1.9.13 does not escape control characters in log messages.(CVE-2023-28486)",
"cves": [
{
"id": "CVE-2023-28486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28486",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sudo/sudo-1.9.8p2-15_openEuler-SA-2024-1071.json b/cusa/s/sudo/sudo-1.9.8p2-15_openEuler-SA-2024-1071.json
index e0a33bf..dce7009 100644
--- a/cusa/s/sudo/sudo-1.9.8p2-15_openEuler-SA-2024-1071.json
+++ b/cusa/s/sudo/sudo-1.9.8p2-15_openEuler-SA-2024-1071.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1071",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1071",
"title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nSudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.(CVE-2023-42465)",
"cves": [
{
"id": "CVE-2023-42465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42465",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sudo/sudo-1.9.8p2-3_openEuler-SA-2022-1904.json b/cusa/s/sudo/sudo-1.9.8p2-3_openEuler-SA-2022-1904.json
index 3a3f87d..cdf1cd8 100644
--- a/cusa/s/sudo/sudo-1.9.8p2-3_openEuler-SA-2022-1904.json
+++ b/cusa/s/sudo/sudo-1.9.8p2-3_openEuler-SA-2022-1904.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1904",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1904",
"title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nProtobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33070)",
"cves": [
{
"id": "CVE-2022-33070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33070",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sudo/sudo-1.9.8p2-4_openEuler-SA-2022-2079.json b/cusa/s/sudo/sudo-1.9.8p2-4_openEuler-SA-2022-2079.json
index 2a36a2e..1827392 100644
--- a/cusa/s/sudo/sudo-1.9.8p2-4_openEuler-SA-2022-2079.json
+++ b/cusa/s/sudo/sudo-1.9.8p2-4_openEuler-SA-2022-2079.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2079",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2079",
"title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nSudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.(CVE-2022-43995)",
"cves": [
{
"id": "CVE-2022-43995",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43995",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sudo/sudo-1.9.8p2-9_openEuler-SA-2023-1049.json b/cusa/s/sudo/sudo-1.9.8p2-9_openEuler-SA-2023-1049.json
index f5c0829..8ddc7a1 100644
--- a/cusa/s/sudo/sudo-1.9.8p2-9_openEuler-SA-2023-1049.json
+++ b/cusa/s/sudo/sudo-1.9.8p2-9_openEuler-SA-2023-1049.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1049",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1049",
"title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.(CVE-2023-22809)",
"cves": [
{
"id": "CVE-2023-22809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22809",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-1741.json b/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-1741.json
index b254b75..e2b6214 100644
--- a/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-1741.json
+++ b/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-1741.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1741",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1741",
"title": "An update for swtpm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "TPM emulator built on libtpms providing TPM functionality for QEMU VMs\r\n\r\nSecurity Fix(es):\r\n\r\n** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2020-28407)",
"cves": [
{
"id": "CVE-2020-28407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28407",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-2049.json b/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-2049.json
index 463cbd8..54fccd0 100644
--- a/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-2049.json
+++ b/cusa/s/swtpm/swtpm-0.3.3-6_openEuler-SA-2022-2049.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2049",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2049",
"title": "An update for swtpm is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "TPM emulator built on libtpms providing TPM functionality for QEMU VMs\r\n\r\nSecurity Fix(es):\r\n\r\nswtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.(CVE-2022-23645)",
"cves": [
{
"id": "CVE-2022-23645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23645",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/syslinux/syslinux-6.04-14_openEuler-SA-2023-1433.json b/cusa/s/syslinux/syslinux-6.04-14_openEuler-SA-2023-1433.json
index eb8c950..b1f7585 100644
--- a/cusa/s/syslinux/syslinux-6.04-14_openEuler-SA-2023-1433.json
+++ b/cusa/s/syslinux/syslinux-6.04-14_openEuler-SA-2023-1433.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2016-9843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/sysstat/sysstat-12.5.4-8_openEuler-SA-2023-1301.json b/cusa/s/sysstat/sysstat-12.5.4-8_openEuler-SA-2023-1301.json
index 2836a4d..8b415d3 100644
--- a/cusa/s/sysstat/sysstat-12.5.4-8_openEuler-SA-2023-1301.json
+++ b/cusa/s/sysstat/sysstat-12.5.4-8_openEuler-SA-2023-1301.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1301",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1301",
"title": "An update for sysstat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The sysstat package contains various utilities, common to many commercial Unixes, to monitor system performance and usage activity:iostat: reports CPU statistics and input/output statistics for block devices and partitions.mpstat: reports individual or combined processor related statistics.pidstat: reports statistics for Linux tasks (processes) : I/O, CPU, memory, etc.tapestat: reports statistics for tape drives connected to the system.cifsiostat: reports CIFS statistics.Sysstat also contains tools you can schedule via cron or systemd to collect and historize performance and activity data:sar: collects, reports and saves system activity information (see below a list of metrics collected by sar).sadc: is the system activity data collector, used as a backend for sar.sa1: collects and stores binary data in the system activity daily data file. It is a front end to sadc designed to be run from cron or systemd.sa2: writes a summarized daily activity report. It is a front end to sar designed to be run from cron or systemd.sadf: displays data collected by sar in multiple formats (CSV, XML, JSON, etc.) and can be used for data exchange with other programs. This command can also be used to draw graphs for the various activities collected by sar using SVG (Scalable Vector Graphics) format.\r\n\r\nSecurity Fix(es):\r\n\r\nsysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.(CVE-2023-33204)",
"cves": [
{
"id": "CVE-2023-33204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33204",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/systemd/systemd-249-40_openEuler-SA-2022-2099.json b/cusa/s/systemd/systemd-249-40_openEuler-SA-2022-2099.json
index 60f154e..e99a233 100644
--- a/cusa/s/systemd/systemd-249-40_openEuler-SA-2022-2099.json
+++ b/cusa/s/systemd/systemd-249-40_openEuler-SA-2022-2099.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2099",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2099",
"title": "An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. \r\n\r\nSecurity Fix(es):\r\n\r\nAn off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.(CVE-2022-3821)",
"cves": [
{
"id": "CVE-2022-3821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3821",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/systemd/systemd-249-44_openEuler-SA-2023-1028.json b/cusa/s/systemd/systemd-249-44_openEuler-SA-2023-1028.json
index ded237c..7a0fc38 100644
--- a/cusa/s/systemd/systemd-249-44_openEuler-SA-2023-1028.json
+++ b/cusa/s/systemd/systemd-249-44_openEuler-SA-2023-1028.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1028",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1028",
"title": "An update for systemd is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. \r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.(CVE-2022-4415)",
"cves": [
{
"id": "CVE-2022-4415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4415",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/systemd/systemd-249-64_openEuler-SA-2024-1020.json b/cusa/s/systemd/systemd-249-64_openEuler-SA-2024-1020.json
index b31c81a..7aad820 100644
--- a/cusa/s/systemd/systemd-249-64_openEuler-SA-2024-1020.json
+++ b/cusa/s/systemd/systemd-249-64_openEuler-SA-2024-1020.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1020",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1020",
"title": "An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.(CVE-2023-7008)",
"cves": [
{
"id": "CVE-2023-7008",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7008",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/s/systemd/systemd-249-75_openEuler-SA-2024-1489.json b/cusa/s/systemd/systemd-249-75_openEuler-SA-2024-1489.json
index 6938825..8531d6f 100644
--- a/cusa/s/systemd/systemd-249-75_openEuler-SA-2024-1489.json
+++ b/cusa/s/systemd/systemd-249-75_openEuler-SA-2024-1489.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1489",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1489",
"title": "An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system.\r\n\r\nSecurity Fix(es):\r\n\r\nCertain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)\r\n\r\nThe Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868)",
"cves": [
{
"id": "CVE-2023-50868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50868",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tang/tang-7-3_openEuler-SA-2023-1403.json b/cusa/t/tang/tang-7-3_openEuler-SA-2023-1403.json
index 4ffe312..325fa48 100644
--- a/cusa/t/tang/tang-7-3_openEuler-SA-2023-1403.json
+++ b/cusa/t/tang/tang-7-3_openEuler-SA-2023-1403.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1403",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1403",
"title": "An update for tang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This package is a server for binding data to network presence. First, the client gets a list of the Tang server's advertised asymmetric keys. This can happen online by a simple HTTP GET. Alternatively, since the keys are asymmetric, the public key list can be distributed out of band. Second, the client uses one of these public keys to generate a unique, cryptographically strong encryption key. The data is then encrypted using this key. Once the data is encrypted, the key is discarded. Some small metadata is produced as part of this operation which the client should store in a convenient location. This process of encrypting data is the provisioning step. Third, when the client is ready to access its data, it simply loads the metadata produced in the provisioning step and performs an HTTP POST in order to recover the encryption key. This process is the recovery step.\n\nSecurity Fix(es):\n\nA race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.(CVE-2023-1672)",
"cves": [
{
"id": "CVE-2023-1672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1672",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tar/tar-1.34-4_openEuler-SA-2023-1104.json b/cusa/t/tar/tar-1.34-4_openEuler-SA-2023-1104.json
index 43b41a6..f98a88c 100644
--- a/cusa/t/tar/tar-1.34-4_openEuler-SA-2023-1104.json
+++ b/cusa/t/tar/tar-1.34-4_openEuler-SA-2023-1104.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1104",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1104",
"title": "An update for tar is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.(CVE-2022-48303)",
"cves": [
{
"id": "CVE-2022-48303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48303",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tcl/tcl-8.6.10-4_openEuler-SA-2022-1720.json b/cusa/t/tcl/tcl-8.6.10-4_openEuler-SA-2022-1720.json
index 3b0d2fb..8411f48 100644
--- a/cusa/t/tcl/tcl-8.6.10-4_openEuler-SA-2022-1720.json
+++ b/cusa/t/tcl/tcl-8.6.10-4_openEuler-SA-2022-1720.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1720",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1720",
"title": "An update for tcl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Tcl(Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides the fastest and most powerful way to create GUI applications that run on linux, Unix, and Mac OS X. Tcl can also be used for a variety of web-related tasks and for creating powerful command languages for applications.\r\n\r\nSecurity Fix(es):\r\n\r\n** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.(CVE-2021-35331)",
"cves": [
{
"id": "CVE-2021-35331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35331",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tcpdump/tcpdump-4.99.1-6_openEuler-SA-2023-1243.json b/cusa/t/tcpdump/tcpdump-4.99.1-6_openEuler-SA-2023-1243.json
index 91d286a..d8d102d 100644
--- a/cusa/t/tcpdump/tcpdump-4.99.1-6_openEuler-SA-2023-1243.json
+++ b/cusa/t/tcpdump/tcpdump-4.99.1-6_openEuler-SA-2023-1243.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1243",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1243",
"title": "An update for tcpdump is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria.\r\n\r\nSecurity Fix(es):\r\n\r\nThe SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.(CVE-2023-1801)",
"cves": [
{
"id": "CVE-2023-1801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1801",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/telnet/telnet-0.17-79_openEuler-SA-2024-1360.json b/cusa/t/telnet/telnet-0.17-79_openEuler-SA-2024-1360.json
index 36680f2..5df95a4 100644
--- a/cusa/t/telnet/telnet-0.17-79_openEuler-SA-2024-1360.json
+++ b/cusa/t/telnet/telnet-0.17-79_openEuler-SA-2024-1360.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1360",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1360",
"title": "An update for telnet is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. The package includes a remote login client program for telnet and a server daemon.\r\n\r\nSecurity Fix(es):\r\n\r\ntelnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.(CVE-2022-39028)",
"cves": [
{
"id": "CVE-2022-39028",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39028",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/testng/testng-6.14.3-7_openEuler-SA-2024-1072.json b/cusa/t/testng/testng-6.14.3-7_openEuler-SA-2024-1072.json
index 3c388b8..a312733 100644
--- a/cusa/t/testng/testng-6.14.3-7_openEuler-SA-2024-1072.json
+++ b/cusa/t/testng/testng-6.14.3-7_openEuler-SA-2024-1072.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1072",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1072",
"title": "An update for testng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality that make it more powerful and easier to use, such as: * Annotations. * Run your tests in arbitrarily big thread pools with various policies available (all methods in their own thread, one thread per test class, etc...). * Test that your code is multithread safe. * Flexible test configuration. * Support for data-driven testing (with @DataProvider). * Support for parameters. * Powerful execution model (no more TestSuite). * Supported by a variety of tools and plug-ins (Eclipse, IDEA, Maven, etc...). * Embeds BeanShell for further flexibility. * Default JDK functions for runtime and logging (no dependencies). * Dependent methods for application server testing.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.(CVE-2022-4065)",
"cves": [
{
"id": "CVE-2022-4065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4065",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/texlive-base/texlive-base-20180414-35_openEuler-SA-2023-1421.json b/cusa/t/texlive-base/texlive-base-20180414-35_openEuler-SA-2023-1421.json
index 89965d5..0761465 100644
--- a/cusa/t/texlive-base/texlive-base-20180414-35_openEuler-SA-2023-1421.json
+++ b/cusa/t/texlive-base/texlive-base-20180414-35_openEuler-SA-2023-1421.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1421",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1421",
"title": "An update for texlive-base is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font libraries.\n\nSecurity Fix(es):\n\nLuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.(CVE-2023-32700)",
"cves": [
{
"id": "CVE-2023-32700",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32700",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tmux/tmux-3.2a-3_openEuler-SA-2023-1069.json b/cusa/t/tmux/tmux-3.2a-3_openEuler-SA-2023-1069.json
index c993fd0..6c48de5 100644
--- a/cusa/t/tmux/tmux-3.2a-3_openEuler-SA-2023-1069.json
+++ b/cusa/t/tmux/tmux-3.2a-3_openEuler-SA-2023-1069.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1069",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1069",
"title": "An update for tmux is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal.\r\n\r\nSecurity Fix(es):\r\n\r\nA null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47016)",
"cves": [
{
"id": "CVE-2022-47016",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47016",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-1622.json b/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-1622.json
index b442d5f..9cddd2e 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-1622.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-1622.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1622",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1622",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\n\t\t\n\t\t\r\nSecurity Fix(es):\r\n\r\nApache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.(CVE-2021-41079)",
"cves": [
{
"id": "CVE-2021-41079",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-2064.json b/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-2064.json
index 77a4e8d..47fdd44 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-2064.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-26_openEuler-SA-2022-2064.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2064",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2064",
"title": "An update for tomcat is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nThe fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.(CVE-2022-23181)",
"cves": [
{
"id": "CVE-2022-23181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23181",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-27_openEuler-SA-2023-1058.json b/cusa/t/tomcat/tomcat-9.0.10-27_openEuler-SA-2023-1058.json
index 8db6770..05f3f5c 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-27_openEuler-SA-2023-1058.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-27_openEuler-SA-2023-1058.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1058",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1058",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nIf Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.(CVE-2022-42252)",
"cves": [
{
"id": "CVE-2022-42252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42252",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-28_openEuler-SA-2023-1247.json b/cusa/t/tomcat/tomcat-9.0.10-28_openEuler-SA-2023-1247.json
index 40d382b..9a78365 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-28_openEuler-SA-2023-1247.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-28_openEuler-SA-2023-1247.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1247",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1247",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.(CVE-2023-28708)",
"cves": [
{
"id": "CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-29_openEuler-SA-2023-1632.json b/cusa/t/tomcat/tomcat-9.0.10-29_openEuler-SA-2023-1632.json
index 16fb874..131ba1e 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-29_openEuler-SA-2023-1632.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-29_openEuler-SA-2023-1632.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1632",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1632",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nURL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\r\n\r\nThe vulnerability is limited to the ROOT (default) web application.(CVE-2023-41080)",
"cves": [
{
"id": "CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-30_openEuler-SA-2023-1788.json b/cusa/t/tomcat/tomcat-9.0.10-30_openEuler-SA-2023-1788.json
index b77fa87..3e83d83 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-30_openEuler-SA-2023-1788.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-30_openEuler-SA-2023-1788.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1788",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1788",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nImproper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\r\n\r\n(CVE-2023-45648)",
"cves": [
{
"id": "CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1100.json b/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1100.json
index d880f75..2c3bd75 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1100.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1100.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1100",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1100",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\r\n\r\n\r\n\r\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\r\n\r\n\n(CVE-2023-24998)\r\n\r\nThe fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.\r\n\r\n\r\n\r\n\n(CVE-2023-28709)\r\n\r\nIncomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\r\n\r\n(CVE-2023-42795)",
"cves": [
{
"id": "CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1107.json b/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1107.json
index 2e23645..0898196 100644
--- a/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1107.json
+++ b/cusa/t/tomcat/tomcat-9.0.10-31_openEuler-SA-2024-1107.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1107",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1107",
"title": "An update for tomcat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project\r\n\r\nSecurity Fix(es):\r\n\r\nGeneration of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.\r\n\r\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.\r\n\r\n(CVE-2024-21733)",
"cves": [
{
"id": "CVE-2024-21733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tpm2-tss/tpm2-tss-3.1.0-3_openEuler-SA-2023-1079.json b/cusa/t/tpm2-tss/tpm2-tss-3.1.0-3_openEuler-SA-2023-1079.json
index c718e68..fa9b2b8 100644
--- a/cusa/t/tpm2-tss/tpm2-tss-3.1.0-3_openEuler-SA-2023-1079.json
+++ b/cusa/t/tpm2-tss/tpm2-tss-3.1.0-3_openEuler-SA-2023-1079.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1079",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1079",
"title": "An update for tpm2-tss is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.\r\n\r\nSecurity Fix(es):\r\n\r\ntpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.(CVE-2023-22745)",
"cves": [
{
"id": "CVE-2023-22745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22745",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tpm2-tss/tpm2-tss-3.1.0-5_openEuler-SA-2024-1613.json b/cusa/t/tpm2-tss/tpm2-tss-3.1.0-5_openEuler-SA-2024-1613.json
index 74b561c..0648fd2 100644
--- a/cusa/t/tpm2-tss/tpm2-tss-3.1.0-5_openEuler-SA-2024-1613.json
+++ b/cusa/t/tpm2-tss/tpm2-tss-3.1.0-5_openEuler-SA-2024-1613.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1613",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1613",
"title": "An update for tpm2-tss is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.(CVE-2024-29040)",
"cves": [
{
"id": "CVE-2024-29040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29040",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/t/tracker3-miners/tracker3-miners-3.0.5-5_openEuler-SA-2024-1670.json b/cusa/t/tracker3-miners/tracker3-miners-3.0.5-5_openEuler-SA-2024-1670.json
index f08e67e..2c955ba 100644
--- a/cusa/t/tracker3-miners/tracker3-miners-3.0.5-5_openEuler-SA-2024-1670.json
+++ b/cusa/t/tracker3-miners/tracker3-miners-3.0.5-5_openEuler-SA-2024-1670.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1670",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1670",
"title": "An update for tracker3-miners is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Tracker is an efficient search engine and for desktop, embedded and mobile.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.(CVE-2023-5557)",
"cves": [
{
"id": "CVE-2023-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5557",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/uboot-tools/uboot-tools-2021.10-6_openEuler-SA-2022-1800.json b/cusa/u/uboot-tools/uboot-tools-2021.10-6_openEuler-SA-2022-1800.json
index 6c91d55..3ecb909 100644
--- a/cusa/u/uboot-tools/uboot-tools-2021.10-6_openEuler-SA-2022-1800.json
+++ b/cusa/u/uboot-tools/uboot-tools-2021.10-6_openEuler-SA-2022-1800.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1800",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1800",
"title": "An update for uboot-tools is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fw_printenv and fw_setenv programs to read and modify U-Boot's environment.\r\n\r\nSecurity Fix(es):\r\n\r\nsquashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.(CVE-2022-33967)",
"cves": [
{
"id": "CVE-2022-33967",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33967",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/unbound/unbound-1.13.2-10_openEuler-SA-2024-1210.json b/cusa/u/unbound/unbound-1.13.2-10_openEuler-SA-2024-1210.json
index 9248989..f2f1770 100644
--- a/cusa/u/unbound/unbound-1.13.2-10_openEuler-SA-2024-1210.json
+++ b/cusa/u/unbound/unbound-1.13.2-10_openEuler-SA-2024-1210.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1210",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1210",
"title": "An update for unbound is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most platforms such as FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows. Unbound is a totally free, open source software under the BSD license. It doesn't make custom builds or provide specific features to paying customers only.\r\n\r\nSecurity Fix(es):\r\n\r\nCertain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)\r\n\r\nThe Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868)\r\n\r\nA vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.(CVE-2024-1488)",
"cves": [
{
"id": "CVE-2024-1488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1488",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/unbound/unbound-1.13.2-5_openEuler-SA-2022-1836.json b/cusa/u/unbound/unbound-1.13.2-5_openEuler-SA-2022-1836.json
index ca3d658..430d82c 100644
--- a/cusa/u/unbound/unbound-1.13.2-5_openEuler-SA-2022-1836.json
+++ b/cusa/u/unbound/unbound-1.13.2-5_openEuler-SA-2022-1836.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1836",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1836",
"title": "An update for unbound is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most platforms such as FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows.Unbound is a totally free, open source software under the BSD license. It doesn'tmake custom builds or provide specific features to paying customers only.\r\n\r\nSecurity Fix(es):\r\n\r\nNLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.(CVE-2022-30698)\r\n\r\nNLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.(CVE-2022-30699)",
"cves": [
{
"id": "CVE-2022-30699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30699",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/unbound/unbound-1.13.2-6_openEuler-SA-2022-1972.json b/cusa/u/unbound/unbound-1.13.2-6_openEuler-SA-2022-1972.json
index ef4a32a..712d170 100644
--- a/cusa/u/unbound/unbound-1.13.2-6_openEuler-SA-2022-1972.json
+++ b/cusa/u/unbound/unbound-1.13.2-6_openEuler-SA-2022-1972.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1972",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1972",
"title": "An update for unbound is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.(CVE-2022-3204)",
"cves": [
{
"id": "CVE-2022-3204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3204",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/undertow/undertow-1.4.0-5_openEuler-SA-2023-1202.json b/cusa/u/undertow/undertow-1.4.0-5_openEuler-SA-2023-1202.json
index 8a3a67a..4b8605d 100644
--- a/cusa/u/undertow/undertow-1.4.0-5_openEuler-SA-2023-1202.json
+++ b/cusa/u/undertow/undertow-1.4.0-5_openEuler-SA-2023-1202.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1202",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1202",
"title": "An update for undertow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Java web server using non-blocking IO\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.(CVE-2023-1108)",
"cves": [
{
"id": "CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/unixODBC/unixODBC-2.3.7-3.h1_openEuler-SA-2024-1371.json b/cusa/u/unixODBC/unixODBC-2.3.7-3.h1_openEuler-SA-2024-1371.json
index 24ef498..5c1ed7e 100644
--- a/cusa/u/unixODBC/unixODBC-2.3.7-3.h1_openEuler-SA-2024-1371.json
+++ b/cusa/u/unixODBC/unixODBC-2.3.7-3.h1_openEuler-SA-2024-1371.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1371",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1371",
"title": "An update for unixODBC is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The unixODBC Project goals are to develop and promote unixODBC to be the definitive standard for ODBC on non MS Windows platforms. This is to include GUI support for both KDE and GNOME.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.(CVE-2024-1013)",
"cves": [
{
"id": "CVE-2024-1013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1013",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/unzip/unzip-6.0-50_openEuler-SA-2022-1902.json b/cusa/u/unzip/unzip-6.0-50_openEuler-SA-2022-1902.json
index ca4c699..dfe06ed 100644
--- a/cusa/u/unzip/unzip-6.0-50_openEuler-SA-2022-1902.json
+++ b/cusa/u/unzip/unzip-6.0-50_openEuler-SA-2022-1902.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1902",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1902",
"title": "An update for unzip is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "UnZip is an extraction utility for archives compressed in .zip format. UnZip will list, test, or extract files from a .zip archive, commonly found on MS-DOS systems. The default behavior (with no options) is to extract all files into the current directory (and subdirectorie below it) from the specified zipfile.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2021-4217)",
"cves": [
{
"id": "CVE-2021-4217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4217",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/uriparser/uriparser-0.9.6-2_openEuler-SA-2024-1534.json b/cusa/u/uriparser/uriparser-0.9.6-2_openEuler-SA-2024-1534.json
index 15a989e..a59f7a1 100644
--- a/cusa/u/uriparser/uriparser-0.9.6-2_openEuler-SA-2024-1534.json
+++ b/cusa/u/uriparser/uriparser-0.9.6-2_openEuler-SA-2024-1534.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1534",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1534",
"title": "An update for uriparser is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The package is a strictly RFC 3986 compliant URI parsing library written in C89(\"ANSI C\"). uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party wrappers. uriparser is packaged in major distributions.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.(CVE-2024-34402)\r\n\r\nAn issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.(CVE-2024-34403)",
"cves": [
{
"id": "CVE-2024-34403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34403",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/u/usbguard/usbguard-0.7.2-7_openEuler-SA-2022-2088.json b/cusa/u/usbguard/usbguard-0.7.2-7_openEuler-SA-2022-2088.json
index 5a5a34a..97ea892 100644
--- a/cusa/u/usbguard/usbguard-0.7.2-7_openEuler-SA-2022-2088.json
+++ b/cusa/u/usbguard/usbguard-0.7.2-7_openEuler-SA-2022-2088.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2088",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2088",
"title": "An update for usbguard is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "USBGuard helps to protect your computer against rogue USB devices.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.(CVE-2019-25058)",
"cves": [
{
"id": "CVE-2019-25058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25058",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/varnish/varnish-7.0.1-6_openEuler-SA-2022-1854.json b/cusa/v/varnish/varnish-7.0.1-6_openEuler-SA-2022-1854.json
index 98fc349..0753eae 100644
--- a/cusa/v/varnish/varnish-7.0.1-6_openEuler-SA-2022-1854.json
+++ b/cusa/v/varnish/varnish-7.0.1-6_openEuler-SA-2022-1854.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1854",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1854",
"title": "An update for varnish is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.(CVE-2022-38150)",
"cves": [
{
"id": "CVE-2022-38150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38150",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/varnish/varnish-7.0.1-7_openEuler-SA-2022-2111.json b/cusa/v/varnish/varnish-7.0.1-7_openEuler-SA-2022-2111.json
index 97cc59f..edbb8ca 100644
--- a/cusa/v/varnish/varnish-7.0.1-7_openEuler-SA-2022-2111.json
+++ b/cusa/v/varnish/varnish-7.0.1-7_openEuler-SA-2022-2111.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2111",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2111",
"title": "An update for varnish is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.\r\n\r\nSecurity Fix(es):\r\n\r\nAn HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.(CVE-2022-45060)",
"cves": [
{
"id": "CVE-2022-45060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45060",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/varnish/varnish-7.0.1-8_openEuler-SA-2023-1917.json b/cusa/v/varnish/varnish-7.0.1-8_openEuler-SA-2023-1917.json
index da9a524..b5de118 100644
--- a/cusa/v/varnish/varnish-7.0.1-8_openEuler-SA-2023-1917.json
+++ b/cusa/v/varnish/varnish-7.0.1-8_openEuler-SA-2023-1917.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1917",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1917",
"title": "An update for varnish is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.(CVE-2022-45059)",
"cves": [
{
"id": "CVE-2022-45059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45059",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/varnish/varnish-7.4.2-1_openEuler-SA-2024-1189.json b/cusa/v/varnish/varnish-7.4.2-1_openEuler-SA-2024-1189.json
index 72c5791..c19efd5 100644
--- a/cusa/v/varnish/varnish-7.4.2-1_openEuler-SA-2024-1189.json
+++ b/cusa/v/varnish/varnish-7.4.2-1_openEuler-SA-2024-1189.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1189",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1189",
"title": "An update for varnish is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)",
"cves": [
{
"id": "CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/varnish/varnish-7.4.3-1_openEuler-SA-2024-1415.json b/cusa/v/varnish/varnish-7.4.3-1_openEuler-SA-2024-1415.json
index 8e4ed2a..58056e3 100644
--- a/cusa/v/varnish/varnish-7.4.3-1_openEuler-SA-2024-1415.json
+++ b/cusa/v/varnish/varnish-7.4.3-1_openEuler-SA-2024-1415.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1415",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1415",
"title": "An update for varnish is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.\r\n\r\nSecurity Fix(es):\r\n\r\nVarnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.(CVE-2024-30156)",
"cves": [
{
"id": "CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-34_openEuler-SA-2022-1668.json b/cusa/v/vim/vim-8.2-34_openEuler-SA-2022-1668.json
index 504be7a..2807507 100644
--- a/cusa/v/vim/vim-8.2-34_openEuler-SA-2022-1668.json
+++ b/cusa/v/vim/vim-8.2-34_openEuler-SA-2022-1668.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1668",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1668",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\n\nSecurity Fix(es):\n\nHeap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution.(CVE-2022-1619)\n\nNULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.(CVE-2022-1620)\n\nHeap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.(CVE-2022-1621)\n\nBuffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution.(CVE-2022-1629)\n\nNULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.(CVE-2022-1674)",
"cves": [
{
"id": "CVE-2022-1674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1674",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-35_openEuler-SA-2022-1687.json b/cusa/v/vim/vim-8.2-35_openEuler-SA-2022-1687.json
index 48c70f1..d7e8fe3 100644
--- a/cusa/v/vim/vim-8.2-35_openEuler-SA-2022-1687.json
+++ b/cusa/v/vim/vim-8.2-35_openEuler-SA-2022-1687.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1687",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1687",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\n\nSecurity Fix(es):\n\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.(CVE-2022-1733)\n\nClassic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.(CVE-2022-1735)",
"cves": [
{
"id": "CVE-2022-1735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1735",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-37_openEuler-SA-2022-1699.json b/cusa/v/vim/vim-8.2-37_openEuler-SA-2022-1699.json
index 3418eed..4994a45 100644
--- a/cusa/v/vim/vim-8.2-37_openEuler-SA-2022-1699.json
+++ b/cusa/v/vim/vim-8.2-37_openEuler-SA-2022-1699.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1699",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1699",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\n\nSecurity Fix(es):\n\nUse After Free in GitHub repository vim/vim prior to 8.2.4979.(CVE-2022-1796)\n\nOut-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.(CVE-2022-1785)",
"cves": [
{
"id": "CVE-2022-1785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1785",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-43_openEuler-SA-2022-1717.json b/cusa/v/vim/vim-8.2-43_openEuler-SA-2022-1717.json
index 6aedd86..cbc94c8 100644
--- a/cusa/v/vim/vim-8.2-43_openEuler-SA-2022-1717.json
+++ b/cusa/v/vim/vim-8.2-43_openEuler-SA-2022-1717.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1717",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1717",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nOut-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-1851)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-1898)\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-1942)\r\n\r\nOut-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-1897)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-1968)\n\nUncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.(CVE-2022-1771)",
"cves": [
{
"id": "CVE-2022-1771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1771",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-45_openEuler-SA-2022-1731.json b/cusa/v/vim/vim-8.2-45_openEuler-SA-2022-1731.json
index d75acf0..3ebb239 100644
--- a/cusa/v/vim/vim-8.2-45_openEuler-SA-2022-1731.json
+++ b/cusa/v/vim/vim-8.2-45_openEuler-SA-2022-1731.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1731",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1731",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Over-read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2124)",
"cves": [
{
"id": "CVE-2022-2124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2124",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-48_openEuler-SA-2022-1740.json b/cusa/v/vim/vim-8.2-48_openEuler-SA-2022-1740.json
index 281fdc9..105cfdf 100644
--- a/cusa/v/vim/vim-8.2-48_openEuler-SA-2022-1740.json
+++ b/cusa/v/vim/vim-8.2-48_openEuler-SA-2022-1740.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1740",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1740",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nOut-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2126)\r\n\r\nBuffer Over-read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2175)\r\n\r\nOut-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2206)\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-2125)",
"cves": [
{
"id": "CVE-2022-2125",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2125",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-50_openEuler-SA-2022-1749.json b/cusa/v/vim/vim-8.2-50_openEuler-SA-2022-1749.json
index 46606e3..a633b9a 100644
--- a/cusa/v/vim/vim-8.2-50_openEuler-SA-2022-1749.json
+++ b/cusa/v/vim/vim-8.2-50_openEuler-SA-2022-1749.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-2000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2000",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-57_openEuler-SA-2022-1810.json b/cusa/v/vim/vim-8.2-57_openEuler-SA-2022-1810.json
index 56c02fa..d932877 100644
--- a/cusa/v/vim/vim-8.2-57_openEuler-SA-2022-1810.json
+++ b/cusa/v/vim/vim-8.2-57_openEuler-SA-2022-1810.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1810",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1810",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.(CVE-2022-2522)\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.(CVE-2022-2571)\r\n\r\nUndefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.(CVE-2022-2598)",
"cves": [
{
"id": "CVE-2022-2598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2598",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-59_openEuler-SA-2022-1865.json b/cusa/v/vim/vim-8.2-59_openEuler-SA-2022-1865.json
index 56cf3df..94cc737 100644
--- a/cusa/v/vim/vim-8.2-59_openEuler-SA-2022-1865.json
+++ b/cusa/v/vim/vim-8.2-59_openEuler-SA-2022-1865.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1865",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1865",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Over-read in GitHub repository vim/vim prior to 9.0.0218.(CVE-2022-2845)",
"cves": [
{
"id": "CVE-2022-2845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2845",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-62_openEuler-SA-2022-1882.json b/cusa/v/vim/vim-8.2-62_openEuler-SA-2022-1882.json
index 4afb050..a6f66b0 100644
--- a/cusa/v/vim/vim-8.2-62_openEuler-SA-2022-1882.json
+++ b/cusa/v/vim/vim-8.2-62_openEuler-SA-2022-1882.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1882",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1882",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.(CVE-2022-2923)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0246.(CVE-2022-2946)\r\n\r\nNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.(CVE-2022-2980)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0286.(CVE-2022-3016)",
"cves": [
{
"id": "CVE-2022-3016",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3016",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1913.json b/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1913.json
index 2479946..d05d779 100644
--- a/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1913.json
+++ b/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1913.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1913",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1913",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX\nsystems\r\n\r\nSecurity Fix(es):\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0360.(CVE-2022-3099)",
"cves": [
{
"id": "CVE-2022-3099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3099",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1919.json b/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1919.json
index 720a80c..6f2ec9f 100644
--- a/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1919.json
+++ b/cusa/v/vim/vim-8.2-65_openEuler-SA-2022-1919.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1919",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1919",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX\nsystems.\r\n\r\nSecurity Fix(es):\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0389.(CVE-2022-3134)",
"cves": [
{
"id": "CVE-2022-3134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3134",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-67_openEuler-SA-2022-1975.json b/cusa/v/vim/vim-8.2-67_openEuler-SA-2022-1975.json
index 562a0b5..b094ae7 100644
--- a/cusa/v/vim/vim-8.2-67_openEuler-SA-2022-1975.json
+++ b/cusa/v/vim/vim-8.2-67_openEuler-SA-2022-1975.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1975",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1975",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.(CVE-2022-3234)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0490.(CVE-2022-3235)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0530.(CVE-2022-3256)",
"cves": [
{
"id": "CVE-2022-3256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3256",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-69_openEuler-SA-2022-1980.json b/cusa/v/vim/vim-8.2-69_openEuler-SA-2022-1980.json
index 2f1ba95..5a0b27a 100644
--- a/cusa/v/vim/vim-8.2-69_openEuler-SA-2022-1980.json
+++ b/cusa/v/vim/vim-8.2-69_openEuler-SA-2022-1980.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1980",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1980",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.(CVE-2022-3296)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0614.(CVE-2022-3352)",
"cves": [
{
"id": "CVE-2022-3352",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3352",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-71_openEuler-SA-2022-1999.json b/cusa/v/vim/vim-8.2-71_openEuler-SA-2022-1999.json
index 6f44d71..ff0285f 100644
--- a/cusa/v/vim/vim-8.2-71_openEuler-SA-2022-1999.json
+++ b/cusa/v/vim/vim-8.2-71_openEuler-SA-2022-1999.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1999",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1999",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing.It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0579.(CVE-2022-3297)\r\n\r\nStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.(CVE-2022-3324)",
"cves": [
{
"id": "CVE-2022-3324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3324",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-8.2-72_openEuler-SA-2022-2043.json b/cusa/v/vim/vim-8.2-72_openEuler-SA-2022-2043.json
index 2c17552..2d9a609 100644
--- a/cusa/v/vim/vim-8.2-72_openEuler-SA-2022-2043.json
+++ b/cusa/v/vim/vim-8.2-72_openEuler-SA-2022-2043.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2043",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2043",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.(CVE-2022-3705)",
"cves": [
{
"id": "CVE-2022-3705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3705",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-11_openEuler-SA-2023-1168.json b/cusa/v/vim/vim-9.0-11_openEuler-SA-2023-1168.json
index f710df9..7ee104c 100644
--- a/cusa/v/vim/vim-9.0-11_openEuler-SA-2023-1168.json
+++ b/cusa/v/vim/vim-9.0-11_openEuler-SA-2023-1168.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1168",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1168",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.(CVE-2023-1170)\r\n\r\nIncorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.(CVE-2023-1175)",
"cves": [
{
"id": "CVE-2023-1175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1175",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-12_openEuler-SA-2023-1179.json b/cusa/v/vim/vim-9.0-12_openEuler-SA-2023-1179.json
index cb531a6..267c433 100644
--- a/cusa/v/vim/vim-9.0-12_openEuler-SA-2023-1179.json
+++ b/cusa/v/vim/vim-9.0-12_openEuler-SA-2023-1179.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1179",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1179",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.(CVE-2023-1264)",
"cves": [
{
"id": "CVE-2023-1264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1264",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-14_openEuler-SA-2023-1278.json b/cusa/v/vim/vim-9.0-14_openEuler-SA-2023-1278.json
index 654efd4..8cf16dc 100644
--- a/cusa/v/vim/vim-9.0-14_openEuler-SA-2023-1278.json
+++ b/cusa/v/vim/vim-9.0-14_openEuler-SA-2023-1278.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1278",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1278",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nUse of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.(CVE-2023-2426)",
"cves": [
{
"id": "CVE-2023-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2426",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-15_openEuler-SA-2023-1281.json b/cusa/v/vim/vim-9.0-15_openEuler-SA-2023-1281.json
index 0d680f0..610394e 100644
--- a/cusa/v/vim/vim-9.0-15_openEuler-SA-2023-1281.json
+++ b/cusa/v/vim/vim-9.0-15_openEuler-SA-2023-1281.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1281",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1281",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.(CVE-2023-2609)\r\n\r\nInteger Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.(CVE-2023-2610)",
"cves": [
{
"id": "CVE-2023-2610",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2610",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-17_openEuler-SA-2023-1653.json b/cusa/v/vim/vim-9.0-17_openEuler-SA-2023-1653.json
index d333e88..0eeb31b 100644
--- a/cusa/v/vim/vim-9.0-17_openEuler-SA-2023-1653.json
+++ b/cusa/v/vim/vim-9.0-17_openEuler-SA-2023-1653.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1653",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1653",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.1840.(CVE-2023-4733)\r\n\r\nInteger Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.(CVE-2023-4734)\r\n\r\nOut-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.(CVE-2023-4735)\r\n\r\nUntrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.(CVE-2023-4736)\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.(CVE-2023-4738)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.1857.(CVE-2023-4750)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.1858.(CVE-2023-4752)\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.(CVE-2023-4781)",
"cves": [
{
"id": "CVE-2023-4781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4781",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-18_openEuler-SA-2023-1721.json b/cusa/v/vim/vim-9.0-18_openEuler-SA-2023-1721.json
index 0c3bb18..df371cd 100644
--- a/cusa/v/vim/vim-9.0-18_openEuler-SA-2023-1721.json
+++ b/cusa/v/vim/vim-9.0-18_openEuler-SA-2023-1721.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1721",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1721",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.(CVE-2023-5344)",
"cves": [
{
"id": "CVE-2023-5344",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5344",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-19_openEuler-SA-2023-1749.json b/cusa/v/vim/vim-9.0-19_openEuler-SA-2023-1749.json
index 2d57b2a..dce034d 100644
--- a/cusa/v/vim/vim-9.0-19_openEuler-SA-2023-1749.json
+++ b/cusa/v/vim/vim-9.0-19_openEuler-SA-2023-1749.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1749",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1749",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nNULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.(CVE-2023-5441)\r\n\r\nUse After Free in GitHub repository vim/vim prior to v9.0.2010.(CVE-2023-5535)",
"cves": [
{
"id": "CVE-2023-5535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5535",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-4_openEuler-SA-2022-2135.json b/cusa/v/vim/vim-9.0-4_openEuler-SA-2022-2135.json
index e8e4768..9dee903 100644
--- a/cusa/v/vim/vim-9.0-4_openEuler-SA-2022-2135.json
+++ b/cusa/v/vim/vim-9.0-4_openEuler-SA-2022-2135.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-3491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3491",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-5_openEuler-SA-2022-2138.json b/cusa/v/vim/vim-9.0-5_openEuler-SA-2022-2138.json
index a1ba81f..54be04b 100644
--- a/cusa/v/vim/vim-9.0-5_openEuler-SA-2022-2138.json
+++ b/cusa/v/vim/vim-9.0-5_openEuler-SA-2022-2138.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2138",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2138",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing.It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nFloating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.(CVE-2022-4293)\r\n\r\nUse After Free in GitHub repository vim/vim prior to 9.0.0882.(CVE-2022-4292)",
"cves": [
{
"id": "CVE-2022-4292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4292",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-7_openEuler-SA-2023-1026.json b/cusa/v/vim/vim-9.0-7_openEuler-SA-2023-1026.json
index 9ab2880..a97591a 100644
--- a/cusa/v/vim/vim-9.0-7_openEuler-SA-2023-1026.json
+++ b/cusa/v/vim/vim-9.0-7_openEuler-SA-2023-1026.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1026",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1026",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.(CVE-2023-0049)\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.(CVE-2023-0051)\r\n\r\nOut-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.(CVE-2023-0054)",
"cves": [
{
"id": "CVE-2023-0054",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0054",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-8_openEuler-SA-2023-1061.json b/cusa/v/vim/vim-9.0-8_openEuler-SA-2023-1061.json
index 4d5f78f..5ba8db4 100644
--- a/cusa/v/vim/vim-9.0-8_openEuler-SA-2023-1061.json
+++ b/cusa/v/vim/vim-9.0-8_openEuler-SA-2023-1061.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1061",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1061",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.(CVE-2023-0288)\r\n\r\nA null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47024)",
"cves": [
{
"id": "CVE-2022-47024",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47024",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vim/vim-9.0-9_openEuler-SA-2023-1066.json b/cusa/v/vim/vim-9.0-9_openEuler-SA-2023-1066.json
index e819bf8..c10bb55 100644
--- a/cusa/v/vim/vim-9.0-9_openEuler-SA-2023-1066.json
+++ b/cusa/v/vim/vim-9.0-9_openEuler-SA-2023-1066.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1066",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1066",
"title": "An update for vim is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.(CVE-2023-0433)",
"cves": [
{
"id": "CVE-2023-0433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0433",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/virglrenderer/virglrenderer-0.8.2-2_openEuler-SA-2022-1776.json b/cusa/v/virglrenderer/virglrenderer-0.8.2-2_openEuler-SA-2022-1776.json
index 7235582..e17078f 100644
--- a/cusa/v/virglrenderer/virglrenderer-0.8.2-2_openEuler-SA-2022-1776.json
+++ b/cusa/v/virglrenderer/virglrenderer-0.8.2-2_openEuler-SA-2022-1776.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1776",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1776",
"title": "An update for virglrenderer is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The virgil3d rendering library is a library used by qemu to implement 3D GPU support for the virtio GPU.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2022-0175)",
"cves": [
{
"id": "CVE-2022-0175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0175",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/virglrenderer/virglrenderer-0.8.2-3_openEuler-SA-2022-1890.json b/cusa/v/virglrenderer/virglrenderer-0.8.2-3_openEuler-SA-2022-1890.json
index 7149536..5bf7cbf 100644
--- a/cusa/v/virglrenderer/virglrenderer-0.8.2-3_openEuler-SA-2022-1890.json
+++ b/cusa/v/virglrenderer/virglrenderer-0.8.2-3_openEuler-SA-2022-1890.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1890",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1890",
"title": "An update for virglrenderer is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The virgil3d rendering library is a library used by qemu to implement 3D GPU support for the virtio GPU.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.(CVE-2022-0135)",
"cves": [
{
"id": "CVE-2022-0135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0135",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/v/vte/vte-0.28.2-4_openEuler-SA-2022-1648.json b/cusa/v/vte/vte-0.28.2-4_openEuler-SA-2022-1648.json
index fc506d9..3954eb8 100644
--- a/cusa/v/vte/vte-0.28.2-4_openEuler-SA-2022-1648.json
+++ b/cusa/v/vte/vte-0.28.2-4_openEuler-SA-2022-1648.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1648",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1648",
"title": "An update for vte is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "VTE is a terminal emulator widget for use with GTK+ 2.0.\r\n\r\nSecurity Fix(es):\r\n\r\nThe VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.(CVE-2012-2738)",
"cves": [
{
"id": "CVE-2012-2738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2738",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wayland/wayland-1.19.91-4_openEuler-SA-2022-1920.json b/cusa/w/wayland/wayland-1.19.91-4_openEuler-SA-2022-1920.json
index 99761dc..6b6d86b 100644
--- a/cusa/w/wayland/wayland-1.19.91-4_openEuler-SA-2022-1920.json
+++ b/cusa/w/wayland/wayland-1.19.91-4_openEuler-SA-2022-1920.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1920",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1920",
"title": "An update for wayland is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wayland is a protocol for a compositor to talk to its clients as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers. Part of the Wayland project is also the Weston reference implementation of a Wayland compositor. Weston can run as an X client or under Linux KMS and ships with a few demo clients. The Weston compositor is a minimal and fast compositor and is suitable for many embedded and mobile use cases.\r\n\r\nSecurity Fix(es):\r\n\r\nAn internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.(CVE-2021-3782)",
"cves": [
{
"id": "CVE-2021-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3782",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/webkit2gtk3/webkit2gtk3-2.36.3-4_openEuler-SA-2023-1309.json b/cusa/w/webkit2gtk3/webkit2gtk3-2.36.3-4_openEuler-SA-2023-1309.json
index 4062095..abd74a0 100644
--- a/cusa/w/webkit2gtk3/webkit2gtk3-2.36.3-4_openEuler-SA-2023-1309.json
+++ b/cusa/w/webkit2gtk3/webkit2gtk3-2.36.3-4_openEuler-SA-2023-1309.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1309",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1309",
"title": "An update for webkit2gtk3 is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "WebKitGTK is a full-featured port of the WebKit rendering engine,suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. This package contains WebKit2 based WebKitGTK+ for GTK+ 3.\r\n\r\nSecurity Fix(es):\r\n\r\nA use after free vulnerability was found in the webkitgtk package. Processing maliciously crafted web content may lead to arbitrary code execution.(CVE-2023-32373)\r\n\r\nA flaw was found in the webkitgtk package. An out of bounds read may be possible when processing malicious web content, which can lead to information disclosure.(CVE-2023-28204)\r\n\r\nA flaw was found in the WebGPU, part of the Webkit project. This flaw allows a remote attacker to break out of the Web Content sandbox.(CVE-2023-32409)",
"cves": [
{
"id": "CVE-2023-32409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32409",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.0-1_openEuler-SA-2023-1373.json b/cusa/w/wireshark/wireshark-3.6.0-1_openEuler-SA-2023-1373.json
index 13043c1..292b3cc 100644
--- a/cusa/w/wireshark/wireshark-3.6.0-1_openEuler-SA-2023-1373.json
+++ b/cusa/w/wireshark/wireshark-3.6.0-1_openEuler-SA-2023-1373.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2023-0667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0667",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.11-1_openEuler-SA-2023-1094.json b/cusa/w/wireshark/wireshark-3.6.11-1_openEuler-SA-2023-1094.json
index 41f5c88..b19c3a0 100644
--- a/cusa/w/wireshark/wireshark-3.6.11-1_openEuler-SA-2023-1094.json
+++ b/cusa/w/wireshark/wireshark-3.6.11-1_openEuler-SA-2023-1094.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1094",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1094",
"title": "An update for wireshark is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data. This information can be useful for evaluating security events and troubleshooting network security device issues.\r\n\r\nSecurity Fix(es):\r\n\r\nCrash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows(CVE-2022-3724)\r\n\r\nMemory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file(CVE-2022-4344)\r\n\r\nInfinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file(CVE-2022-4345)\r\n\r\nDissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0413)\r\n\r\nMemory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0417)\r\n\r\niSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0415)\r\n\r\nExcessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0411)\r\n\r\nTIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0412)\r\n\r\nGNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0416)",
"cves": [
{
"id": "CVE-2023-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0416",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.11-2_openEuler-SA-2023-1189.json b/cusa/w/wireshark/wireshark-3.6.11-2_openEuler-SA-2023-1189.json
index 3109833..ead4035 100644
--- a/cusa/w/wireshark/wireshark-3.6.11-2_openEuler-SA-2023-1189.json
+++ b/cusa/w/wireshark/wireshark-3.6.11-2_openEuler-SA-2023-1189.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1189",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1189",
"title": "An update for wireshark is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data. This information can be useful for evaluating security events and troubleshooting network security device issues.\r\n\r\nSecurity Fix(es):\r\n\r\nISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file(CVE-2023-1161)",
"cves": [
{
"id": "CVE-2023-1161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1161",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.11-3_openEuler-SA-2023-1260.json b/cusa/w/wireshark/wireshark-3.6.11-3_openEuler-SA-2023-1260.json
index c0ca39c..3ae708e 100644
--- a/cusa/w/wireshark/wireshark-3.6.11-3_openEuler-SA-2023-1260.json
+++ b/cusa/w/wireshark/wireshark-3.6.11-3_openEuler-SA-2023-1260.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1260",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1260",
"title": "An update for wireshark is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data. This information can be useful for evaluating security events and troubleshooting network security device issues.\n\r\n\r\nSecurity Fix(es):\r\n\r\nLISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file(CVE-2023-1993)\r\n\r\nRPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file(CVE-2023-1992)\r\n\r\nGQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file(CVE-2023-1994)",
"cves": [
{
"id": "CVE-2023-1994",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1994",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.11-4_openEuler-SA-2023-1321.json b/cusa/w/wireshark/wireshark-3.6.11-4_openEuler-SA-2023-1321.json
index c7d322f..b6a4099 100644
--- a/cusa/w/wireshark/wireshark-3.6.11-4_openEuler-SA-2023-1321.json
+++ b/cusa/w/wireshark/wireshark-3.6.11-4_openEuler-SA-2023-1321.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1321",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1321",
"title": "An update for wireshark is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful features including a rich display filter language and the ability to reassemble multiple protocol packets in order to, for example, view a complete TCP stream, save the contents of a file which was transferred over HTTP or CIFS, or play back an RTP audio stream.\r\n\r\nSecurity Fix(es):\r\n\r\nBLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2857)\r\n\r\nNetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2858)\r\n\r\nCandump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2855)\r\n\r\nA flaw was found in the IEEE C37.118 Synchrophasor dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service.(CVE-2023-0668)\r\n\r\nVMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file(CVE-2023-2856)\r\n\r\nGDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file(CVE-2023-2879)",
"cves": [
{
"id": "CVE-2023-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2879",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-2_openEuler-SA-2023-1488.json b/cusa/w/wireshark/wireshark-3.6.14-2_openEuler-SA-2023-1488.json
index 85643e2..4fc7657 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-2_openEuler-SA-2023-1488.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-2_openEuler-SA-2023-1488.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1488",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1488",
"title": "An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nKafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file(CVE-2023-3648)",
"cves": [
{
"id": "CVE-2023-3648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3648",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-3_openEuler-SA-2023-1652.json b/cusa/w/wireshark/wireshark-3.6.14-3_openEuler-SA-2023-1652.json
index 854ded6..b6b1748 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-3_openEuler-SA-2023-1652.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-3_openEuler-SA-2023-1652.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1652",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1652",
"title": "An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.\r\n\r\nSecurity Fix(es):\r\n\r\nDue to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\n(CVE-2023-2906)\r\n\r\niSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file(CVE-2023-3649)\r\n\r\nBT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file(CVE-2023-4511)\r\n\r\nBT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file(CVE-2023-4513)",
"cves": [
{
"id": "CVE-2023-4513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4513",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-4_openEuler-SA-2023-1706.json b/cusa/w/wireshark/wireshark-3.6.14-4_openEuler-SA-2023-1706.json
index c90356a..de70a13 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-4_openEuler-SA-2023-1706.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-4_openEuler-SA-2023-1706.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1706",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1706",
"title": "An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.\r\n\r\nSecurity Fix(es):\r\n\r\nRTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file(CVE-2023-5371)",
"cves": [
{
"id": "CVE-2023-5371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5371",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-5_openEuler-SA-2023-1847.json b/cusa/w/wireshark/wireshark-3.6.14-5_openEuler-SA-2023-1847.json
index 8f12608..d55bca5 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-5_openEuler-SA-2023-1847.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-5_openEuler-SA-2023-1847.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1847",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1847",
"title": "An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-based buffer overflow was found in Wireshark's NetScreen file parser. This issue may allow local arbitrary code execution via a crafted capture file.(CVE-2023-6175)",
"cves": [
{
"id": "CVE-2023-6175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6175",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-6_openEuler-SA-2024-1070.json b/cusa/w/wireshark/wireshark-3.6.14-6_openEuler-SA-2024-1070.json
index ac6134b..1399066 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-6_openEuler-SA-2024-1070.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-6_openEuler-SA-2024-1070.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1070",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1070",
"title": "An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.\r\n\r\nSecurity Fix(es):\r\n\r\nGVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file(CVE-2024-0208)\r\n\r\nIEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file(CVE-2024-0209)",
"cves": [
{
"id": "CVE-2024-0209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0209",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-7_openEuler-SA-2024-1428.json b/cusa/w/wireshark/wireshark-3.6.14-7_openEuler-SA-2024-1428.json
index e8b2bb6..e33f079 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-7_openEuler-SA-2024-1428.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-7_openEuler-SA-2024-1428.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1428",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1428",
"title": "An update for wireshark is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.\r\n\r\nSecurity Fix(es):\r\n\r\nDue to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.(CVE-2023-0666)",
"cves": [
{
"id": "CVE-2023-0666",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0666",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.14-8_openEuler-SA-2024-1654.json b/cusa/w/wireshark/wireshark-3.6.14-8_openEuler-SA-2024-1654.json
index 237ad52..92b9230 100644
--- a/cusa/w/wireshark/wireshark-3.6.14-8_openEuler-SA-2024-1654.json
+++ b/cusa/w/wireshark/wireshark-3.6.14-8_openEuler-SA-2024-1654.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1654",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1654",
"title": "An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.\r\n\r\nSecurity Fix(es):\r\n\r\nMemory handling issue in editcap could cause denial of service via crafted capture file(CVE-2024-4853)\r\n\r\nUse after free issue in editcap could cause denial of service via crafted capture file(CVE-2024-4855)",
"cves": [
{
"id": "CVE-2024-4855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4855",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.2-2_openEuler-SA-2022-1992.json b/cusa/w/wireshark/wireshark-3.6.2-2_openEuler-SA-2022-1992.json
index 5c4ddb7..d54f366 100644
--- a/cusa/w/wireshark/wireshark-3.6.2-2_openEuler-SA-2022-1992.json
+++ b/cusa/w/wireshark/wireshark-3.6.2-2_openEuler-SA-2022-1992.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1992",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1992",
"title": "An update for wireshark is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data. This information can be useful for evaluating security events and troubleshooting network security device issues.\r\n\r\nSecurity Fix(es):\r\n\r\nInfinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file(CVE-2022-3190)",
"cves": [
{
"id": "CVE-2022-3190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3190",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/w/wireshark/wireshark-3.6.2-3_openEuler-SA-2022-2078.json b/cusa/w/wireshark/wireshark-3.6.2-3_openEuler-SA-2022-2078.json
index e930f7e..637e894 100644
--- a/cusa/w/wireshark/wireshark-3.6.2-3_openEuler-SA-2022-2078.json
+++ b/cusa/w/wireshark/wireshark-3.6.2-3_openEuler-SA-2022-2078.json
@@ -8,7 +8,7 @@
{
"id": "CVE-2022-3725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3725",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xerces-c/xerces-c-3.2.2-5_openEuler-SA-2024-1236.json b/cusa/x/xerces-c/xerces-c-3.2.2-5_openEuler-SA-2024-1236.json
index 0e2e477..3628499 100644
--- a/cusa/x/xerces-c/xerces-c-3.2.2-5_openEuler-SA-2024-1236.json
+++ b/cusa/x/xerces-c/xerces-c-3.2.2-5_openEuler-SA-2024-1236.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1236",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1236",
"title": "An update for xerces-c is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recommendation and associated standards ( DOM 1.0, DOM 2.0. SAX 1.0, SAX 2.0, Namespaces).\r\n\r\nSecurity Fix(es):\r\n\r\nThe Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.(CVE-2018-1311)",
"cves": [
{
"id": "CVE-2018-1311",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1311",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2022-1625.json b/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2022-1625.json
index 4191380..727f104 100644
--- a/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2022-1625.json
+++ b/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2022-1625.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1625",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1625",
"title": "An update for xerces-j2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.\n\nThe Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.\n\nXerces 2 is a fully conforming XML Schema processor. For more information, refer to the XML Schema page.\n\nXerces 2 also provides a partial implementation of Document Object Model Level 3 Core, Load and Save and Abstract Schemas [deprecated] Working Drafts. For more information, refer to the DOM Level 3 Implementation page.\r\n\r\nSecurity Fix(es):\r\n\r\nThere s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437)",
"cves": [
{
"id": "CVE-2022-23437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2023-1748.json b/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2023-1748.json
index adde6ff..97e8463 100644
--- a/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2023-1748.json
+++ b/cusa/x/xerces-j2/xerces-j2-2.12.2-1_openEuler-SA-2023-1748.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1748",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1748",
"title": "An update for xerces-j2 is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "\r\n\r\nSecurity Fix(es):\r\n\r\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2018-2799)",
"cves": [
{
"id": "CVE-2018-2799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2799",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xmlgraphics-commons/xmlgraphics-commons-2.2-4_openEuler-SA-2022-1649.json b/cusa/x/xmlgraphics-commons/xmlgraphics-commons-2.2-4_openEuler-SA-2022-1649.json
index a30b404..ad182db 100644
--- a/cusa/x/xmlgraphics-commons/xmlgraphics-commons-2.2-4_openEuler-SA-2022-1649.json
+++ b/cusa/x/xmlgraphics-commons/xmlgraphics-commons-2.2-4_openEuler-SA-2022-1649.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1649",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1649",
"title": "An update for xmlgraphics-commons is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D implementations that let you generate PDF and PostScript files, and much more. The Apache™ XML Graphics Commons project is part of the Apache™ Software Foundation, which is a wider community of users and developers of open source projects.\r\n\r\nSecurity Fix(es):\r\n\r\nApache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988)",
"cves": [
{
"id": "CVE-2020-11988",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-12_openEuler-SA-2022-2110.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-12_openEuler-SA-2022-2110.json
index 2738ecc..dee0fd7 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-12_openEuler-SA-2022-2110.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-12_openEuler-SA-2022-2110.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2110",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2110",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.(CVE-2022-3553)\r\n\r\nA vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.(CVE-2022-3551)",
"cves": [
{
"id": "CVE-2022-3551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3551",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-13_openEuler-SA-2022-2163.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-13_openEuler-SA-2022-2163.json
index 4fa7083..6adfa12 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-13_openEuler-SA-2022-2163.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-13_openEuler-SA-2022-2163.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2163",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2163",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Xephyr is an X server which has been implemented as an ordinary X application. It runs in a window just like other X applications,but it is an X server itself in which you can run other software. It is a very useful tool for developers who wish to test their applications without running them on their real X server. Unlike Xnest, Xephyr renders to an X image rather than relaying the X protocol, and therefore supports the newer X extensions like Render and Composite.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se(CVE-2022-46342)\r\n\r\nA vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46344)\r\n\r\nA vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.(CVE-2022-46340)\r\n\r\nA vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46341)\r\n\r\nA vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46343)\r\n\r\nA vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-4283)",
"cves": [
{
"id": "CVE-2022-4283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4283",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-16_openEuler-SA-2023-1127.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-16_openEuler-SA-2023-1127.json
index 883fc53..78b5e65 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-16_openEuler-SA-2023-1127.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-16_openEuler-SA-2023-1127.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1127",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1127",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.(CVE-2023-0494)",
"cves": [
{
"id": "CVE-2023-0494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0494",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-18_openEuler-SA-2023-1239.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-18_openEuler-SA-2023-1239.json
index 45e3518..baf6913 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-18_openEuler-SA-2023-1239.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-18_openEuler-SA-2023-1239.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1239",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1239",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.(CVE-2023-1393)",
"cves": [
{
"id": "CVE-2023-1393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1393",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-23_openEuler-SA-2023-1795.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-23_openEuler-SA-2023-1795.json
index d014c0b..414c72a 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-23_openEuler-SA-2023-1795.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-23_openEuler-SA-2023-1795.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1795",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1795",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nA out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.(CVE-2023-5367)\r\n\r\nA use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.(CVE-2023-5380)",
"cves": [
{
"id": "CVE-2023-5380",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5380",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-24_openEuler-SA-2023-1951.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-24_openEuler-SA-2023-1951.json
index c49f012..20b19c9 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-24_openEuler-SA-2023-1951.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-24_openEuler-SA-2023-1951.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1951",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1951",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.(CVE-2023-6377)\r\n\r\nA flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.(CVE-2023-6478)",
"cves": [
{
"id": "CVE-2023-6478",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6478",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-25_openEuler-SA-2024-1102.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-25_openEuler-SA-2024-1102.json
index f87840e..9eaa4b9 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-25_openEuler-SA-2024-1102.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-25_openEuler-SA-2024-1102.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1102",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1102",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.(CVE-2023-6816)\r\n\r\nAn out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.(CVE-2024-0229)\r\n\r\nA flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.(CVE-2024-0408)\r\n\r\nA flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.(CVE-2024-0409)\r\n\r\nA flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.(CVE-2024-21885)\r\n\r\nA heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.(CVE-2024-21886)",
"cves": [
{
"id": "CVE-2024-21886",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21886",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-28_openEuler-SA-2024-1416.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-28_openEuler-SA-2024-1416.json
index f833b46..acd4d73 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-28_openEuler-SA-2024-1416.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-28_openEuler-SA-2024-1416.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2024-1416",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1416",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31080)\r\n\r\nA heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31081)\r\n\r\nA heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31082)\r\n\r\nA use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083)",
"cves": [
{
"id": "CVE-2024-31083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31083",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-7_openEuler-SA-2022-1834.json b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-7_openEuler-SA-2022-1834.json
index f671cde..f6ae518 100644
--- a/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-7_openEuler-SA-2022-1834.json
+++ b/cusa/x/xorg-x11-server/xorg-x11-server-1.20.11-7_openEuler-SA-2022-1834.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1834",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1834",
"title": "An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nCVE-2022-2320/ZDI-CAN-16070: xorg-x11-server: out-of-bounds write in ProcXkbSetDeviceInfo request handler of the Xkb extension\r\n\r\nIntroduced In:\nhttps://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132\r\n\r\nFixed In:\nhttps://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc(CVE-2022-2320)\r\n\r\nCVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access\nhttps://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938\nhttps://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939(CVE-2022-2319)",
"cves": [
{
"id": "CVE-2022-2319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2319",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xstream/xstream-1.4.18-2_openEuler-SA-2022-2066.json b/cusa/x/xstream/xstream-1.4.18-2_openEuler-SA-2022-2066.json
index 9b70b52..3d623b5 100644
--- a/cusa/x/xstream/xstream-1.4.18-2_openEuler-SA-2022-2066.json
+++ b/cusa/x/xstream/xstream-1.4.18-2_openEuler-SA-2022-2066.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2066",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2066",
"title": "An update for xstream is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design,making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor.Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem.\r\n\r\nSecurity Fix(es):\r\n\r\nXStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.(CVE-2021-43859)",
"cves": [
{
"id": "CVE-2021-43859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xstream/xstream-1.4.20-1_openEuler-SA-2023-1929.json b/cusa/x/xstream/xstream-1.4.20-1_openEuler-SA-2023-1929.json
index 7c80467..431732e 100644
--- a/cusa/x/xstream/xstream-1.4.20-1_openEuler-SA-2023-1929.json
+++ b/cusa/x/xstream/xstream-1.4.20-1_openEuler-SA-2023-1929.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1929",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1929",
"title": "An update for xstream is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Important",
+ "severity": "High",
"description": "XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor. Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem.\r\n\r\nSecurity Fix(es):\r\n\r\nThose using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40151)\r\n\r\nXStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.(CVE-2022-41966)",
"cves": [
{
"id": "CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xterm/xterm-363-4_openEuler-SA-2022-2072.json b/cusa/x/xterm/xterm-363-4_openEuler-SA-2022-2072.json
index 76257f5..8fe6a11 100644
--- a/cusa/x/xterm/xterm-363-4_openEuler-SA-2022-2072.json
+++ b/cusa/x/xterm/xterm-363-4_openEuler-SA-2022-2072.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2072",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2072",
"title": "An update for xterm is now available for openEuler-22.03-LTS",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The xterm program is a terminal emulator for the X Window System.It provides DEC VT102 and Tektronix 4014 compatible terminals.\r\n\r\nSecurity Fix(es):\r\n\r\nxterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.(CVE-2022-24130)",
"cves": [
{
"id": "CVE-2022-24130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24130",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/x/xz/xz-5.2.5-2_openEuler-SA-2022-1650.json b/cusa/x/xz/xz-5.2.5-2_openEuler-SA-2022-1650.json
index 0a66cbe..20bd1fe 100644
--- a/cusa/x/xz/xz-5.2.5-2_openEuler-SA-2022-1650.json
+++ b/cusa/x/xz/xz-5.2.5-2_openEuler-SA-2022-1650.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1650",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1650",
"title": "An update for xz is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. The core of the XZ Utils compression code is based on LZMA SDK, but it has been modified quite a lot to be suitable for XZ Utils. The primary compression algorithm is currently LZMA2, which is used inside the .xz container format. With typical files, XZ Utils create 30% smaller output than gzip and 15% smaller output than bzip2.\r\n\r\nSecurity Fix(es):\r\n\r\nThe vulnerability exists due to insufficient validation when handling filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system. The vulnerability allows a remote attacker to compromise an affected system.(CVE-2022-1271)",
"cves": [
{
"id": "CVE-2022-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1271",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/y/yajl/yajl-2.1.0-18_openEuler-SA-2022-1912.json b/cusa/y/yajl/yajl-2.1.0-18_openEuler-SA-2022-1912.json
index 4d9575e..4524eb0 100644
--- a/cusa/y/yajl/yajl-2.1.0-18_openEuler-SA-2022-1912.json
+++ b/cusa/y/yajl/yajl-2.1.0-18_openEuler-SA-2022-1912.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1912",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1912",
"title": "An update for yajl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator.\r\n\r\nSecurity Fix(es):\r\n\r\nyajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795)",
"cves": [
{
"id": "CVE-2022-24795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24795",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/y/yasm/yasm-1.3.0-11_openEuler-SA-2023-1508.json b/cusa/y/yasm/yasm-1.3.0-11_openEuler-SA-2023-1508.json
index 1d8f06e..35e38f1 100644
--- a/cusa/y/yasm/yasm-1.3.0-11_openEuler-SA-2023-1508.json
+++ b/cusa/y/yasm/yasm-1.3.0-11_openEuler-SA-2023-1508.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1508",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1508",
"title": "An update for yasm is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "Yasm is a complete rewrite of the NASM assembler under the “new” BSD License.\r\n\r\nSecurity Fix(es):\r\n\r\nYasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.(CVE-2023-37732)",
"cves": [
{
"id": "CVE-2023-37732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37732",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cusa/z/zlib/zlib-1.2.11-20_openEuler-SA-2022-1651.json b/cusa/z/zlib/zlib-1.2.11-20_openEuler-SA-2022-1651.json
index e031556..562e34c 100644
--- a/cusa/z/zlib/zlib-1.2.11-20_openEuler-SA-2022-1651.json
+++ b/cusa/z/zlib/zlib-1.2.11-20_openEuler-SA-2022-1651.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-1651",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1651",
"title": "An update for zlib is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Zlib is a free, general-purpose, not covered by any patents, lossless data-compression library for use on virtually any computer hardware and operating system. The zlib data format is itself portable across platforms.\r\n\r\nSecurity Fix(es):\r\n\r\nzlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.(CVE-2018-25032)",
"cves": [
{
"id": "CVE-2018-25032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/z/zsh/zsh-5.8-3_openEuler-SA-2022-2094.json b/cusa/z/zsh/zsh-5.8-3_openEuler-SA-2022-2094.json
index 98e7d6d..083de7f 100644
--- a/cusa/z/zsh/zsh-5.8-3_openEuler-SA-2022-2094.json
+++ b/cusa/z/zsh/zsh-5.8-3_openEuler-SA-2022-2094.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2022-2094",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2094",
"title": "An update for zsh is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nIn zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444)",
"cves": [
{
"id": "CVE-2021-45444",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45444",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/z/zstd/zstd-1.5.0-4_openEuler-SA-2023-1214.json b/cusa/z/zstd/zstd-1.5.0-4_openEuler-SA-2023-1214.json
index 2515da5..f983f6e 100644
--- a/cusa/z/zstd/zstd-1.5.0-4_openEuler-SA-2023-1214.json
+++ b/cusa/z/zstd/zstd-1.5.0-4_openEuler-SA-2023-1214.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1214",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1214",
"title": "An update for zstd is now available for openEuler-22.03-LTS",
- "severity": "Important",
+ "severity": "High",
"description": "Zstd is a fast lossless compression algorithm. It's backed by a very fast entropy stage,provided by Huff0 and FSE library. It's a real-time compression scenario for zlib levels and has a better compression ratio.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.(CVE-2022-4899)",
"cves": [
{
"id": "CVE-2022-4899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899",
- "severity": "Important"
+ "severity": "High"
}
]
}
\ No newline at end of file
diff --git a/cusa/z/zziplib/zziplib-0.13.71-5_openEuler-SA-2023-1816.json b/cusa/z/zziplib/zziplib-0.13.71-5_openEuler-SA-2023-1816.json
index 269732a..0d5472c 100644
--- a/cusa/z/zziplib/zziplib-0.13.71-5_openEuler-SA-2023-1816.json
+++ b/cusa/z/zziplib/zziplib-0.13.71-5_openEuler-SA-2023-1816.json
@@ -2,13 +2,13 @@
"id": "openEuler-SA-2023-1816",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1816",
"title": "An update for zziplib is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
- "severity": "Moderate",
+ "severity": "Medium",
"description": "The zziplib is a lightweight library to easily extract data from zip files. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.(CVE-2020-18770)",
"cves": [
{
"id": "CVE-2020-18770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18770",
- "severity": "Moderate"
+ "severity": "Medium"
}
]
}
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1881.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1881.xml
new file mode 100644
index 0000000..7e97516
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1881.xml
@@ -0,0 +1,220 @@
+
+
+ An update for mysql is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1881
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ mysql security update
+ An update for mysql is now available for openEuler-22.03-LTS-SP3
+ The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates
+
+Security Fix(es):
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)
+ An update for mysql is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ mysql
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21129
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21163
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21171
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21173
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ mysql-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-common-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-config-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-debuginfo-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-debugsource-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-devel-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-errmsg-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-help-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-libs-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-server-8.0.38-1.oe2203sp3.x86_64.rpm
+ mysql-test-8.0.38-1.oe2203sp3.x86_64.rpm
+
+
+ mysql-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-common-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-config-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-debuginfo-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-debugsource-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-devel-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-errmsg-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-help-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-libs-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-server-8.0.38-1.oe2203sp3.aarch64.rpm
+ mysql-test-8.0.38-1.oe2203sp3.aarch64.rpm
+
+
+ mysql-8.0.38-1.oe2203sp3.src.rpm
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21129
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+
+ 2024-07-26
+ CVE-2024-21163
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21171
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21173
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1881
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1882.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1882.xml
new file mode 100644
index 0000000..b6e4a27
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1882.xml
@@ -0,0 +1,220 @@
+
+
+ An update for mysql is now available for openEuler-22.03-LTS-SP1
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1882
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ mysql security update
+ An update for mysql is now available for openEuler-22.03-LTS-SP1
+ The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates
+
+Security Fix(es):
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)
+ An update for mysql is now available for openEuler-22.03-LTS-SP1.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ mysql
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21129
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21163
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21171
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21173
+
+
+
+
+ openEuler-22.03-LTS-SP1
+
+
+ mysql-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-common-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-config-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-debuginfo-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-debugsource-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-devel-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-errmsg-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-help-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-libs-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-server-8.0.38-1.oe2203sp1.aarch64.rpm
+ mysql-test-8.0.38-1.oe2203sp1.aarch64.rpm
+
+
+ mysql-8.0.38-1.oe2203sp1.src.rpm
+
+
+ mysql-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-common-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-config-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-debuginfo-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-debugsource-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-devel-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-errmsg-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-help-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-libs-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-server-8.0.38-1.oe2203sp1.x86_64.rpm
+ mysql-test-8.0.38-1.oe2203sp1.x86_64.rpm
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21129
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+
+ 2024-07-26
+ CVE-2024-21163
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21171
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21173
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1882
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1883.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1883.xml
new file mode 100644
index 0000000..cfc654a
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1883.xml
@@ -0,0 +1,220 @@
+
+
+ An update for mysql is now available for openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1883
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ mysql security update
+ An update for mysql is now available for openEuler-24.03-LTS
+ The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates
+
+Security Fix(es):
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)
+ An update for mysql is now available for openEuler-24.03-LTS.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ mysql
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21129
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21163
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21171
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21173
+
+
+
+
+ openEuler-24.03-LTS
+
+
+ mysql-8.0.38-1.oe2403.aarch64.rpm
+ mysql-common-8.0.38-1.oe2403.aarch64.rpm
+ mysql-config-8.0.38-1.oe2403.aarch64.rpm
+ mysql-debuginfo-8.0.38-1.oe2403.aarch64.rpm
+ mysql-debugsource-8.0.38-1.oe2403.aarch64.rpm
+ mysql-devel-8.0.38-1.oe2403.aarch64.rpm
+ mysql-errmsg-8.0.38-1.oe2403.aarch64.rpm
+ mysql-help-8.0.38-1.oe2403.aarch64.rpm
+ mysql-libs-8.0.38-1.oe2403.aarch64.rpm
+ mysql-server-8.0.38-1.oe2403.aarch64.rpm
+ mysql-test-8.0.38-1.oe2403.aarch64.rpm
+
+
+ mysql-8.0.38-1.oe2403.src.rpm
+
+
+ mysql-8.0.38-1.oe2403.x86_64.rpm
+ mysql-common-8.0.38-1.oe2403.x86_64.rpm
+ mysql-config-8.0.38-1.oe2403.x86_64.rpm
+ mysql-debuginfo-8.0.38-1.oe2403.x86_64.rpm
+ mysql-debugsource-8.0.38-1.oe2403.x86_64.rpm
+ mysql-devel-8.0.38-1.oe2403.x86_64.rpm
+ mysql-errmsg-8.0.38-1.oe2403.x86_64.rpm
+ mysql-help-8.0.38-1.oe2403.x86_64.rpm
+ mysql-libs-8.0.38-1.oe2403.x86_64.rpm
+ mysql-server-8.0.38-1.oe2403.x86_64.rpm
+ mysql-test-8.0.38-1.oe2403.x86_64.rpm
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21129
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+
+ 2024-07-26
+ CVE-2024-21163
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21171
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21173
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1883
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1884.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1884.xml
new file mode 100644
index 0000000..f9bdb40
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1884.xml
@@ -0,0 +1,220 @@
+
+
+ An update for mysql is now available for openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1884
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ mysql security update
+ An update for mysql is now available for openEuler-22.03-LTS-SP4
+ The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates
+
+Security Fix(es):
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171)
+
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173)
+ An update for mysql is now available for openEuler-22.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ mysql
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21129
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21163
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21171
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21173
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21129
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21163
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21171
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21173
+
+
+
+
+ openEuler-22.03-LTS-SP4
+
+
+ mysql-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-common-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-config-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-debuginfo-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-debugsource-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-devel-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-errmsg-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-help-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-libs-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-server-8.0.38-1.oe2203sp4.x86_64.rpm
+ mysql-test-8.0.38-1.oe2203sp4.x86_64.rpm
+
+
+ mysql-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-common-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-config-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-debuginfo-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-debugsource-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-devel-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-errmsg-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-help-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-libs-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-server-8.0.38-1.oe2203sp4.aarch64.rpm
+ mysql-test-8.0.38-1.oe2203sp4.aarch64.rpm
+
+
+ mysql-8.0.38-1.oe2203sp4.src.rpm
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21129
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+
+ 2024-07-26
+ CVE-2024-21163
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21171
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884
+
+
+
+
+
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+
+ 2024-07-26
+ CVE-2024-21173
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.9
+ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ mysql security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1884
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1885.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1885.xml
new file mode 100644
index 0000000..4a5011a
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1885.xml
@@ -0,0 +1,155 @@
+
+
+ An update for openvpn is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1885
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ openvpn security update
+ An update for openvpn is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4
+ OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-adapted for the SME and enterprise markets.
+
+Security Fix(es):
+
+(CVE-2024-5594)
+ An update for openvpn is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ openvpn
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1885
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5594
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-5594
+
+
+
+
+ openEuler-22.03-LTS-SP3
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+
+
+ openvpn-2.5.5-4.oe2203sp3.aarch64.rpm
+ openvpn-debuginfo-2.5.5-4.oe2203sp3.aarch64.rpm
+ openvpn-debugsource-2.5.5-4.oe2203sp3.aarch64.rpm
+ openvpn-devel-2.5.5-4.oe2203sp3.aarch64.rpm
+ openvpn-2.4.8-10.oe2003sp4.aarch64.rpm
+ openvpn-debuginfo-2.4.8-10.oe2003sp4.aarch64.rpm
+ openvpn-debugsource-2.4.8-10.oe2003sp4.aarch64.rpm
+ openvpn-devel-2.4.8-10.oe2003sp4.aarch64.rpm
+ openvpn-2.5.5-4.oe2203sp1.aarch64.rpm
+ openvpn-debuginfo-2.5.5-4.oe2203sp1.aarch64.rpm
+ openvpn-debugsource-2.5.5-4.oe2203sp1.aarch64.rpm
+ openvpn-devel-2.5.5-4.oe2203sp1.aarch64.rpm
+ openvpn-2.6.9-3.oe2403.aarch64.rpm
+ openvpn-debuginfo-2.6.9-3.oe2403.aarch64.rpm
+ openvpn-debugsource-2.6.9-3.oe2403.aarch64.rpm
+ openvpn-devel-2.6.9-3.oe2403.aarch64.rpm
+ openvpn-2.5.5-4.oe2203sp4.aarch64.rpm
+ openvpn-debuginfo-2.5.5-4.oe2203sp4.aarch64.rpm
+ openvpn-debugsource-2.5.5-4.oe2203sp4.aarch64.rpm
+ openvpn-devel-2.5.5-4.oe2203sp4.aarch64.rpm
+
+
+ openvpn-2.5.5-4.oe2203sp3.src.rpm
+ openvpn-2.4.8-10.oe2003sp4.src.rpm
+ openvpn-2.5.5-4.oe2203sp1.src.rpm
+ openvpn-2.6.9-3.oe2403.src.rpm
+ openvpn-2.5.5-4.oe2203sp4.src.rpm
+
+
+ openvpn-2.5.5-4.oe2203sp3.x86_64.rpm
+ openvpn-debuginfo-2.5.5-4.oe2203sp3.x86_64.rpm
+ openvpn-debugsource-2.5.5-4.oe2203sp3.x86_64.rpm
+ openvpn-devel-2.5.5-4.oe2203sp3.x86_64.rpm
+ openvpn-2.4.8-10.oe2003sp4.x86_64.rpm
+ openvpn-debuginfo-2.4.8-10.oe2003sp4.x86_64.rpm
+ openvpn-debugsource-2.4.8-10.oe2003sp4.x86_64.rpm
+ openvpn-devel-2.4.8-10.oe2003sp4.x86_64.rpm
+ openvpn-2.5.5-4.oe2203sp1.x86_64.rpm
+ openvpn-debuginfo-2.5.5-4.oe2203sp1.x86_64.rpm
+ openvpn-debugsource-2.5.5-4.oe2203sp1.x86_64.rpm
+ openvpn-devel-2.5.5-4.oe2203sp1.x86_64.rpm
+ openvpn-2.6.9-3.oe2403.x86_64.rpm
+ openvpn-debuginfo-2.6.9-3.oe2403.x86_64.rpm
+ openvpn-debugsource-2.6.9-3.oe2403.x86_64.rpm
+ openvpn-devel-2.6.9-3.oe2403.x86_64.rpm
+ openvpn-2.5.5-4.oe2203sp4.x86_64.rpm
+ openvpn-debuginfo-2.5.5-4.oe2203sp4.x86_64.rpm
+ openvpn-debugsource-2.5.5-4.oe2203sp4.x86_64.rpm
+ openvpn-devel-2.5.5-4.oe2203sp4.x86_64.rpm
+
+
+ openvpn-help-2.5.5-4.oe2203sp3.noarch.rpm
+ openvpn-help-2.4.8-10.oe2003sp4.noarch.rpm
+ openvpn-help-2.5.5-4.oe2203sp1.noarch.rpm
+ openvpn-help-2.6.9-3.oe2403.noarch.rpm
+ openvpn-help-2.5.5-4.oe2203sp4.noarch.rpm
+
+
+
+
+
+
+ 2024-07-26
+ CVE-2024-5594
+
+
+ openEuler-22.03-LTS-SP3
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.4
+ AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
+
+
+
+
+ openvpn security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1885
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1886.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1886.xml
new file mode 100644
index 0000000..7067d2d
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1886.xml
@@ -0,0 +1,168 @@
+
+
+ An update for gtk2 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1886
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ gtk2 security update
+ An update for gtk2 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3
+ GTK+ is a library for creating graphical user interfaces. The library is created in C programming language. The GTK+ is also called the GIMP Toolkit. Originally, the library was created while developing the GIMP image manipulation program.
+
+Security Fix(es):
+
+A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655)
+ An update for gtk2 is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ gtk2
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1886
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6655
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-6655
+
+
+
+
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+ openEuler-22.03-LTS-SP3
+
+
+ gtk2-2.24.32-11.oe2003sp4.src.rpm
+ gtk2-2.24.33-9.oe2203sp1.src.rpm
+ gtk2-2.24.33-10.oe2403.src.rpm
+ gtk2-2.24.33-9.oe2203sp4.src.rpm
+ gtk2-2.24.33-9.oe2203sp3.src.rpm
+
+
+ gtk2-2.24.32-11.oe2003sp4.x86_64.rpm
+ gtk2-debuginfo-2.24.32-11.oe2003sp4.x86_64.rpm
+ gtk2-debugsource-2.24.32-11.oe2003sp4.x86_64.rpm
+ gtk2-devel-2.24.32-11.oe2003sp4.x86_64.rpm
+ gtk2-help-2.24.32-11.oe2003sp4.x86_64.rpm
+ gtk2-immodule-xim-2.24.32-11.oe2003sp4.x86_64.rpm
+ gtk2-2.24.33-9.oe2203sp1.x86_64.rpm
+ gtk2-debuginfo-2.24.33-9.oe2203sp1.x86_64.rpm
+ gtk2-debugsource-2.24.33-9.oe2203sp1.x86_64.rpm
+ gtk2-devel-2.24.33-9.oe2203sp1.x86_64.rpm
+ gtk2-help-2.24.33-9.oe2203sp1.x86_64.rpm
+ gtk2-immodule-xim-2.24.33-9.oe2203sp1.x86_64.rpm
+ gtk2-2.24.33-10.oe2403.x86_64.rpm
+ gtk2-debuginfo-2.24.33-10.oe2403.x86_64.rpm
+ gtk2-debugsource-2.24.33-10.oe2403.x86_64.rpm
+ gtk2-devel-2.24.33-10.oe2403.x86_64.rpm
+ gtk2-help-2.24.33-10.oe2403.x86_64.rpm
+ gtk2-immodule-xim-2.24.33-10.oe2403.x86_64.rpm
+ gtk2-2.24.33-9.oe2203sp4.x86_64.rpm
+ gtk2-debuginfo-2.24.33-9.oe2203sp4.x86_64.rpm
+ gtk2-debugsource-2.24.33-9.oe2203sp4.x86_64.rpm
+ gtk2-devel-2.24.33-9.oe2203sp4.x86_64.rpm
+ gtk2-help-2.24.33-9.oe2203sp4.x86_64.rpm
+ gtk2-immodule-xim-2.24.33-9.oe2203sp4.x86_64.rpm
+ gtk2-2.24.33-9.oe2203sp3.x86_64.rpm
+ gtk2-debuginfo-2.24.33-9.oe2203sp3.x86_64.rpm
+ gtk2-debugsource-2.24.33-9.oe2203sp3.x86_64.rpm
+ gtk2-devel-2.24.33-9.oe2203sp3.x86_64.rpm
+ gtk2-help-2.24.33-9.oe2203sp3.x86_64.rpm
+ gtk2-immodule-xim-2.24.33-9.oe2203sp3.x86_64.rpm
+
+
+ gtk2-2.24.32-11.oe2003sp4.aarch64.rpm
+ gtk2-debuginfo-2.24.32-11.oe2003sp4.aarch64.rpm
+ gtk2-debugsource-2.24.32-11.oe2003sp4.aarch64.rpm
+ gtk2-devel-2.24.32-11.oe2003sp4.aarch64.rpm
+ gtk2-help-2.24.32-11.oe2003sp4.aarch64.rpm
+ gtk2-immodule-xim-2.24.32-11.oe2003sp4.aarch64.rpm
+ gtk2-2.24.33-9.oe2203sp1.aarch64.rpm
+ gtk2-debuginfo-2.24.33-9.oe2203sp1.aarch64.rpm
+ gtk2-debugsource-2.24.33-9.oe2203sp1.aarch64.rpm
+ gtk2-devel-2.24.33-9.oe2203sp1.aarch64.rpm
+ gtk2-help-2.24.33-9.oe2203sp1.aarch64.rpm
+ gtk2-immodule-xim-2.24.33-9.oe2203sp1.aarch64.rpm
+ gtk2-2.24.33-10.oe2403.aarch64.rpm
+ gtk2-debuginfo-2.24.33-10.oe2403.aarch64.rpm
+ gtk2-debugsource-2.24.33-10.oe2403.aarch64.rpm
+ gtk2-devel-2.24.33-10.oe2403.aarch64.rpm
+ gtk2-help-2.24.33-10.oe2403.aarch64.rpm
+ gtk2-immodule-xim-2.24.33-10.oe2403.aarch64.rpm
+ gtk2-2.24.33-9.oe2203sp4.aarch64.rpm
+ gtk2-debuginfo-2.24.33-9.oe2203sp4.aarch64.rpm
+ gtk2-debugsource-2.24.33-9.oe2203sp4.aarch64.rpm
+ gtk2-devel-2.24.33-9.oe2203sp4.aarch64.rpm
+ gtk2-help-2.24.33-9.oe2203sp4.aarch64.rpm
+ gtk2-immodule-xim-2.24.33-9.oe2203sp4.aarch64.rpm
+ gtk2-2.24.33-9.oe2203sp3.aarch64.rpm
+ gtk2-debuginfo-2.24.33-9.oe2203sp3.aarch64.rpm
+ gtk2-debugsource-2.24.33-9.oe2203sp3.aarch64.rpm
+ gtk2-devel-2.24.33-9.oe2203sp3.aarch64.rpm
+ gtk2-help-2.24.33-9.oe2203sp3.aarch64.rpm
+ gtk2-immodule-xim-2.24.33-9.oe2203sp3.aarch64.rpm
+
+
+
+
+ A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
+
+ 2024-07-26
+ CVE-2024-6655
+
+
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ High
+
+
+
+
+ 7.0
+ AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ gtk2 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1886
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1887.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1887.xml
new file mode 100644
index 0000000..1dfa9a0
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1887.xml
@@ -0,0 +1,96 @@
+
+
+ An update for python-zipp is now available for openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1887
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ python-zipp security update
+ An update for python-zipp is now available for openEuler-24.03-LTS
+ A pathlib-compatible Zipfile object wrapper. A backport of the Path object.
+
+Security Fix(es):
+
+A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)
+ An update for python-zipp is now available for openEuler-24.03-LTS.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ python-zipp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1887
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-5569
+
+
+
+
+ openEuler-24.03-LTS
+
+
+ python-zipp-3.17.0-2.oe2403.src.rpm
+
+
+ python-zipp-help-3.17.0-2.oe2403.noarch.rpm
+ python3-zipp-3.17.0-2.oe2403.noarch.rpm
+
+
+
+
+ A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
+
+ 2024-07-26
+ CVE-2024-5569
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 6.2
+ AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ python-zipp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1887
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1888.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1888.xml
new file mode 100644
index 0000000..e3fbfc1
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1888.xml
@@ -0,0 +1,96 @@
+
+
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1888
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ python-zipp security update
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP4
+ A pathlib-compatible Zipfile object wrapper. A backport of the Path object.
+
+Security Fix(es):
+
+A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ python-zipp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1888
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-5569
+
+
+
+
+ openEuler-22.03-LTS-SP4
+
+
+ python-zipp-3.7.0-3.oe2203sp4.src.rpm
+
+
+ python-zipp-help-3.7.0-3.oe2203sp4.noarch.rpm
+ python3-zipp-3.7.0-3.oe2203sp4.noarch.rpm
+
+
+
+
+ A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
+
+ 2024-07-26
+ CVE-2024-5569
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 6.2
+ AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ python-zipp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1888
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1889.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1889.xml
new file mode 100644
index 0000000..d2a0060
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1889.xml
@@ -0,0 +1,96 @@
+
+
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1889
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ python-zipp security update
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP3
+ A pathlib-compatible Zipfile object wrapper. A backport of the Path object.
+
+Security Fix(es):
+
+A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ python-zipp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1889
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-5569
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ python-zipp-3.7.0-3.oe2203sp3.src.rpm
+
+
+ python-zipp-help-3.7.0-3.oe2203sp3.noarch.rpm
+ python3-zipp-3.7.0-3.oe2203sp3.noarch.rpm
+
+
+
+
+ A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
+
+ 2024-07-26
+ CVE-2024-5569
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 6.2
+ AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ python-zipp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1889
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1890.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1890.xml
new file mode 100644
index 0000000..9450956
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1890.xml
@@ -0,0 +1,96 @@
+
+
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP1
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1890
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ python-zipp security update
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP1
+ A pathlib-compatible Zipfile object wrapper. A backport of the Path object.
+
+Security Fix(es):
+
+A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.(CVE-2024-5569)
+ An update for python-zipp is now available for openEuler-22.03-LTS-SP1.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ python-zipp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1890
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5569
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-5569
+
+
+
+
+ openEuler-22.03-LTS-SP1
+
+
+ python-zipp-3.7.0-3.oe2203sp1.src.rpm
+
+
+ python-zipp-help-3.7.0-3.oe2203sp1.noarch.rpm
+ python3-zipp-3.7.0-3.oe2203sp1.noarch.rpm
+
+
+
+
+ A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
+
+ 2024-07-26
+ CVE-2024-5569
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 6.2
+ AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ python-zipp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1890
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1891.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1891.xml
new file mode 100644
index 0000000..ca80968
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1891.xml
@@ -0,0 +1,178 @@
+
+
+ An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1891
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ mongo-c-driver security update
+ An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS
+ mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents.
+
+Security Fix(es):
+
+The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2(CVE-2024-6381)
+ An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ mongo-c-driver
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1891
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6381
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-6381
+
+
+
+
+ openEuler-22.03-LTS-SP4
+ openEuler-22.03-LTS-SP3
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+
+
+ mongo-c-driver-1.27.4-1.oe2203sp4.src.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp3.src.rpm
+ mongo-c-driver-1.27.4-1.oe2003sp4.src.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp1.src.rpm
+ mongo-c-driver-1.27.4-1.oe2403.src.rpm
+
+
+ libbson-1.27.4-1.oe2203sp4.aarch64.rpm
+ libbson-devel-1.27.4-1.oe2203sp4.aarch64.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp4.aarch64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64.rpm
+ libbson-1.27.4-1.oe2203sp3.aarch64.rpm
+ libbson-devel-1.27.4-1.oe2203sp3.aarch64.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp3.aarch64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64.rpm
+ libbson-1.27.4-1.oe2003sp4.aarch64.rpm
+ libbson-devel-1.27.4-1.oe2003sp4.aarch64.rpm
+ mongo-c-driver-1.27.4-1.oe2003sp4.aarch64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64.rpm
+ libbson-1.27.4-1.oe2203sp1.aarch64.rpm
+ libbson-devel-1.27.4-1.oe2203sp1.aarch64.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp1.aarch64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64.rpm
+ libbson-1.27.4-1.oe2403.aarch64.rpm
+ libbson-devel-1.27.4-1.oe2403.aarch64.rpm
+ mongo-c-driver-1.27.4-1.oe2403.aarch64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2403.aarch64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2403.aarch64.rpm
+
+
+ libbson-1.27.4-1.oe2203sp4.x86_64.rpm
+ libbson-devel-1.27.4-1.oe2203sp4.x86_64.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp4.x86_64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64.rpm
+ libbson-1.27.4-1.oe2203sp3.x86_64.rpm
+ libbson-devel-1.27.4-1.oe2203sp3.x86_64.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp3.x86_64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64.rpm
+ libbson-1.27.4-1.oe2003sp4.x86_64.rpm
+ libbson-devel-1.27.4-1.oe2003sp4.x86_64.rpm
+ mongo-c-driver-1.27.4-1.oe2003sp4.x86_64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64.rpm
+ libbson-1.27.4-1.oe2203sp1.x86_64.rpm
+ libbson-devel-1.27.4-1.oe2203sp1.x86_64.rpm
+ mongo-c-driver-1.27.4-1.oe2203sp1.x86_64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64.rpm
+ libbson-1.27.4-1.oe2403.x86_64.rpm
+ libbson-devel-1.27.4-1.oe2403.x86_64.rpm
+ mongo-c-driver-1.27.4-1.oe2403.x86_64.rpm
+ mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64.rpm
+ mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64.rpm
+ mongo-c-driver-devel-1.27.4-1.oe2403.x86_64.rpm
+ mongo-c-driver-help-1.27.4-1.oe2403.x86_64.rpm
+
+
+
+
+ The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
+
+ 2024-07-26
+ CVE-2024-6381
+
+
+ openEuler-22.03-LTS-SP4
+ openEuler-22.03-LTS-SP3
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 4.0
+ AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+
+
+
+
+ mongo-c-driver security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1891
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1892.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1892.xml
new file mode 100644
index 0000000..e4010fa
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1892.xml
@@ -0,0 +1,176 @@
+
+
+ An update for gtk3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1892
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ gtk3 security update
+ An update for gtk3 is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3
+ GTK+ is an object-oriented widget toolkit written in the programming language C; it has a C-based object-oriented architecture that allows for maximum flexibility. The GTK+ library contains a set of graphical control elements (widgets)for creating graphical user interfaces. This package contains version 3 of GTK+.
+
+Security Fix(es):
+
+A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655)
+ An update for gtk3 is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ gtk3
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1892
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6655
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-6655
+
+
+
+
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+ openEuler-22.03-LTS-SP3
+
+
+ gtk3-3.24.21-6.oe2003sp4.src.rpm
+ gtk3-3.24.30-11.oe2203sp1.src.rpm
+ gtk3-3.24.41-2.oe2403.src.rpm
+ gtk3-3.24.30-11.oe2203sp4.src.rpm
+ gtk3-3.24.30-11.oe2203sp3.src.rpm
+
+
+ gtk3-3.24.21-6.oe2003sp4.x86_64.rpm
+ gtk3-debuginfo-3.24.21-6.oe2003sp4.x86_64.rpm
+ gtk3-debugsource-3.24.21-6.oe2003sp4.x86_64.rpm
+ gtk3-devel-3.24.21-6.oe2003sp4.x86_64.rpm
+ gtk3-help-3.24.21-6.oe2003sp4.x86_64.rpm
+ gtk3-immodule-xim-3.24.21-6.oe2003sp4.x86_64.rpm
+ gtk-update-icon-cache-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk3-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk3-debuginfo-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk3-debugsource-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk3-devel-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk3-help-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk3-immodule-xim-3.24.30-11.oe2203sp1.x86_64.rpm
+ gtk-update-icon-cache-3.24.41-2.oe2403.x86_64.rpm
+ gtk3-3.24.41-2.oe2403.x86_64.rpm
+ gtk3-debuginfo-3.24.41-2.oe2403.x86_64.rpm
+ gtk3-debugsource-3.24.41-2.oe2403.x86_64.rpm
+ gtk3-devel-3.24.41-2.oe2403.x86_64.rpm
+ gtk3-help-3.24.41-2.oe2403.x86_64.rpm
+ gtk3-immodule-xim-3.24.41-2.oe2403.x86_64.rpm
+ gtk-update-icon-cache-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk3-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk3-debuginfo-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk3-debugsource-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk3-devel-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk3-help-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk3-immodule-xim-3.24.30-11.oe2203sp4.x86_64.rpm
+ gtk-update-icon-cache-3.24.30-11.oe2203sp3.x86_64.rpm
+ gtk3-3.24.30-11.oe2203sp3.x86_64.rpm
+ gtk3-debuginfo-3.24.30-11.oe2203sp3.x86_64.rpm
+ gtk3-debugsource-3.24.30-11.oe2203sp3.x86_64.rpm
+ gtk3-devel-3.24.30-11.oe2203sp3.x86_64.rpm
+ gtk3-help-3.24.30-11.oe2203sp3.x86_64.rpm
+ gtk3-immodule-xim-3.24.30-11.oe2203sp3.x86_64.rpm
+
+
+ gtk3-3.24.21-6.oe2003sp4.aarch64.rpm
+ gtk3-debuginfo-3.24.21-6.oe2003sp4.aarch64.rpm
+ gtk3-debugsource-3.24.21-6.oe2003sp4.aarch64.rpm
+ gtk3-devel-3.24.21-6.oe2003sp4.aarch64.rpm
+ gtk3-help-3.24.21-6.oe2003sp4.aarch64.rpm
+ gtk3-immodule-xim-3.24.21-6.oe2003sp4.aarch64.rpm
+ gtk-update-icon-cache-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk3-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk3-debuginfo-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk3-debugsource-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk3-devel-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk3-help-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk3-immodule-xim-3.24.30-11.oe2203sp1.aarch64.rpm
+ gtk-update-icon-cache-3.24.41-2.oe2403.aarch64.rpm
+ gtk3-3.24.41-2.oe2403.aarch64.rpm
+ gtk3-debuginfo-3.24.41-2.oe2403.aarch64.rpm
+ gtk3-debugsource-3.24.41-2.oe2403.aarch64.rpm
+ gtk3-devel-3.24.41-2.oe2403.aarch64.rpm
+ gtk3-help-3.24.41-2.oe2403.aarch64.rpm
+ gtk3-immodule-xim-3.24.41-2.oe2403.aarch64.rpm
+ gtk-update-icon-cache-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk3-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk3-debuginfo-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk3-debugsource-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk3-devel-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk3-help-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk3-immodule-xim-3.24.30-11.oe2203sp4.aarch64.rpm
+ gtk-update-icon-cache-3.24.30-11.oe2203sp3.aarch64.rpm
+ gtk3-3.24.30-11.oe2203sp3.aarch64.rpm
+ gtk3-debuginfo-3.24.30-11.oe2203sp3.aarch64.rpm
+ gtk3-debugsource-3.24.30-11.oe2203sp3.aarch64.rpm
+ gtk3-devel-3.24.30-11.oe2203sp3.aarch64.rpm
+ gtk3-help-3.24.30-11.oe2203sp3.aarch64.rpm
+ gtk3-immodule-xim-3.24.30-11.oe2203sp3.aarch64.rpm
+
+
+
+
+ A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
+
+ 2024-07-26
+ CVE-2024-6655
+
+
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ High
+
+
+
+
+ 7.0
+ AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ gtk3 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1892
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1893.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1893.xml
new file mode 100644
index 0000000..6578ff4
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1893.xml
@@ -0,0 +1,137 @@
+
+
+ An update for firefox is now available for openEuler-20.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1893
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ firefox security update
+ An update for firefox is now available for openEuler-20.03-LTS-SP4
+ Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
+
+Security Fix(es):
+
+Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29984)
+
+Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29988)
+ An update for firefox is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ firefox
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1893
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-29984
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-29988
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2021-29984
+ https://nvd.nist.gov/vuln/detail/CVE-2021-29988
+
+
+
+
+ openEuler-20.03-LTS-SP4
+
+
+ firefox-79.0-28.oe2003sp4.aarch64.rpm
+ firefox-debuginfo-79.0-28.oe2003sp4.aarch64.rpm
+ firefox-debugsource-79.0-28.oe2003sp4.aarch64.rpm
+
+
+ firefox-79.0-28.oe2003sp4.src.rpm
+
+
+ firefox-79.0-28.oe2003sp4.x86_64.rpm
+ firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm
+ firefox-debugsource-79.0-28.oe2003sp4.x86_64.rpm
+ mozilla-crashreporter-firefox-debuginfo-79.0-28.oe2003sp4.x86_64.rpm
+
+
+
+
+ Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
+
+ 2024-07-26
+ CVE-2021-29984
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 8.8
+ AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ firefox security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1893
+
+
+
+
+
+ Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
+
+ 2024-07-26
+ CVE-2021-29988
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 8.8
+ AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ firefox security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1893
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1894.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1894.xml
new file mode 100644
index 0000000..5101202
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1894.xml
@@ -0,0 +1,3149 @@
+
+
+ An update for kernel is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1894
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ kernel security update
+ An update for kernel is now available for openEuler-22.03-LTS-SP3
+ The Linux Kernel, the operating system core itself.
+
+Security Fix(es):
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+lib/generic-radix-tree.c: Don't overflow in peek()
+
+When we started spreading new inode numbers throughout most of the 64
+bit inode space, that triggered some corner case bugs, in particular
+some integer overflows related to the radix tree code. Oops.(CVE-2021-47432)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: ufs: Fix a deadlock in the error handler
+
+The following deadlock has been observed on a test setup:
+
+ - All tags allocated
+
+ - The SCSI error handler calls ufshcd_eh_host_reset_handler()
+
+ - ufshcd_eh_host_reset_handler() queues work that calls
+ ufshcd_err_handler()
+
+ - ufshcd_err_handler() locks up as follows:
+
+Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt
+Call trace:
+ __switch_to+0x298/0x5d8
+ __schedule+0x6cc/0xa94
+ schedule+0x12c/0x298
+ blk_mq_get_tag+0x210/0x480
+ __blk_mq_alloc_request+0x1c8/0x284
+ blk_get_request+0x74/0x134
+ ufshcd_exec_dev_cmd+0x68/0x640
+ ufshcd_verify_dev_init+0x68/0x35c
+ ufshcd_probe_hba+0x12c/0x1cb8
+ ufshcd_host_reset_and_restore+0x88/0x254
+ ufshcd_reset_and_restore+0xd0/0x354
+ ufshcd_err_handler+0x408/0xc58
+ process_one_work+0x24c/0x66c
+ worker_thread+0x3e8/0xa4c
+ kthread+0x150/0x1b4
+ ret_from_fork+0x10/0x30
+
+Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved
+request.(CVE-2021-47622)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+net: dsa: seville: register the mdiobus under devres
+
+As explained in commits:
+74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
+5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
+
+mdiobus_free() will panic when called from devm_mdiobus_free() <-
+devres_release_all() <- __device_release_driver(), and that mdiobus was
+not previously unregistered.
+
+The Seville VSC9959 switch is a platform device, so the initial set of
+constraints that I thought would cause this (I2C or SPI buses which call
+->remove on ->shutdown) do not apply. But there is one more which
+applies here.
+
+If the DSA master itself is on a bus that calls ->remove from ->shutdown
+(like dpaa2-eth, which is on the fsl-mc bus), there is a device link
+between the switch and the DSA master, and device_links_unbind_consumers()
+will unbind the seville switch driver on shutdown.
+
+So the same treatment must be applied to all DSA switch drivers, which
+is: either use devres for both the mdiobus allocation and registration,
+or don't use devres at all.
+
+The seville driver has a code structure that could accommodate both the
+mdiobus_unregister and mdiobus_free calls, but it has an external
+dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls
+devm_mdiobus_alloc_size() on its behalf. So rather than restructuring
+that, and exporting yet one more symbol mscc_miim_teardown(), let's work
+with devres and replace of_mdiobus_register with the devres variant.
+When we use all-devres, we can ensure that devres doesn't free a
+still-registered bus (it either runs both callbacks, or none).(CVE-2022-48814)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+SUNRPC: lock against ->sock changing during sysfs read
+
+->sock can be set to NULL asynchronously unless ->recv_mutex is held.
+So it is important to hold that mutex. Otherwise a sysfs read can
+trigger an oops.
+Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before
+handling sysfs reads") appears to attempt to fix this problem, but it
+only narrows the race window.(CVE-2022-48816)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+Bluetooth: hci_core: Fix leaking sent_cmd skb
+
+sent_cmd memory is not freed before freeing hci_dev causing it to leak
+it contents.(CVE-2022-48844)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+smb: client: fix potential deadlock when releasing mids
+
+All release_mid() callers seem to hold a reference of @mid so there is
+no need to call kref_put(&mid->refcount, __release_mid) under
+@server->mid_lock spinlock. If they don't, then an use-after-free bug
+would have occurred anyways.
+
+By getting rid of such spinlock also fixes a potential deadlock as
+shown below
+
+CPU 0 CPU 1
+------------------------------------------------------------------
+cifs_demultiplex_thread() cifs_debug_data_proc_show()
+ release_mid()
+ spin_lock(&server->mid_lock);
+ spin_lock(&cifs_tcp_ses_lock)
+ spin_lock(&server->mid_lock)
+ __release_mid()
+ smb2_find_smb_tcon()
+ spin_lock(&cifs_tcp_ses_lock) *deadlock*(CVE-2023-52757)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
+
+The BOS descriptor defines a root descriptor and is the base descriptor for
+accessing a family of related descriptors.
+
+Function 'usb_get_bos_descriptor()' encounters an iteration issue when
+skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
+the same descriptor being read repeatedly.
+
+To address this issue, a 'goto' statement is introduced to ensure that the
+pointer and the amount read is updated correctly. This ensures that the
+function iterates to the next descriptor instead of reading the same
+descriptor repeatedly.(CVE-2023-52781)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+keys: Fix overwrite of key expiration on instantiation
+
+The expiry time of a key is unconditionally overwritten during
+instantiation, defaulting to turn it permanent. This causes a problem
+for DNS resolution as the expiration set by user-space is overwritten to
+TIME64_MAX, disabling further DNS updates. Fix this by restoring the
+condition that key_set_expiry is only called when the pre-parser sets a
+specific expiry.(CVE-2024-36031)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>(CVE-2024-36939)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: qedf: Ensure the copied buf is NUL terminated
+
+Currently, we allocate a count-sized kernel buffer and copy count from
+userspace to that buffer. Later, we use kstrtouint on this buffer but we
+don't ensure that the string is terminated inside the buffer, this can
+lead to OOB read when using kstrtouint. Fix this issue by using
+memdup_user_nul instead of memdup_user.(CVE-2024-38559)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
+
+The perf tool allows users to create event groups through following
+cmd [1], but the driver does not check whether the array index is out
+of bounds when writing data to the event_group array. If the number of
+events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the
+memory write overflow of event_group array occurs.
+
+Add array index check to fix the possible array out of bounds violation,
+and return directly when write new events are written to array bounds.
+
+There are 9 different events in an event_group.
+[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}(CVE-2024-38568)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ecryptfs: Fix buffer size for tag 66 packet
+
+The 'TAG 66 Packet Format' description is missing the cipher code and
+checksum fields that are packed into the message packet. As a result,
+the buffer allocated for the packet is 3 bytes too small and
+write_tag_66_packet() will write up to 3 bytes past the end of the
+buffer.
+
+Fix this by increasing the size of the allocation so the whole packet
+will always fit in the buffer.
+
+This fixes the below kasan slab-out-of-bounds bug:
+
+ BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ Write of size 1 at addr ffff88800afbb2a5 by task touch/181
+
+ CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x4c/0x70
+ print_report+0xc5/0x610
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? kasan_complete_mode_report_info+0x44/0x210
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ kasan_report+0xc2/0x110
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ __asan_store1+0x62/0x80
+ ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
+ ? __alloc_pages+0x2e2/0x540
+ ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
+ ? dentry_open+0x8f/0xd0
+ ecryptfs_write_metadata+0x30a/0x550
+ ? __pfx_ecryptfs_write_metadata+0x10/0x10
+ ? ecryptfs_get_lower_file+0x6b/0x190
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ ? __pfx_path_openat+0x10/0x10
+ do_filp_open+0x15e/0x290
+ ? __pfx_do_filp_open+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? _raw_spin_lock+0x86/0xf0
+ ? __pfx__raw_spin_lock+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? alloc_fd+0xf4/0x330
+ do_sys_openat2+0x122/0x160
+ ? __pfx_do_sys_openat2+0x10/0x10
+ __x64_sys_openat+0xef/0x170
+ ? __pfx___x64_sys_openat+0x10/0x10
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+ RIP: 0033:0x7f00a703fd67
+ Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
+ RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+ RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
+ RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
+ RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
+ R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
+ R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
+ </TASK>
+
+ Allocated by task 181:
+ kasan_save_stack+0x2f/0x60
+ kasan_set_track+0x29/0x40
+ kasan_save_alloc_info+0x25/0x40
+ __kasan_kmalloc+0xc5/0xd0
+ __kmalloc+0x66/0x160
+ ecryptfs_generate_key_packet_set+0x6d2/0xde0
+ ecryptfs_write_metadata+0x30a/0x550
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ do_filp_open+0x15e/0x290
+ do_sys_openat2+0x122/0x160
+ __x64_sys_openat+0xef/0x170
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2024-38578)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---(CVE-2024-38589)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ALSA: timer: Set lower bound of start tick time
+
+Currently ALSA timer doesn't have the lower limit of the start tick
+time, and it allows a very small size, e.g. 1 tick with 1ns resolution
+for hrtimer. Such a situation may lead to an unexpected RCU stall,
+where the callback repeatedly queuing the expire update, as reported
+by fuzzer.
+
+This patch introduces a sanity check of the timer start tick time, so
+that the system returns an error when a too small start size is set.
+As of this patch, the lower limit is hard-coded to 100us, which is
+small enough but can still work somehow.(CVE-2024-38618)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+usb-storage: alauda: Check whether the media is initialized
+
+The member "uzonesize" of struct alauda_info will remain 0
+if alauda_init_media() fails, potentially causing divide errors
+in alauda_read_data() and alauda_write_lba().
+- Add a member "media_initialized" to struct alauda_info.
+- Change a condition in alauda_check_media() to ensure the
+ first initialization.
+- Add an error check for the return value of alauda_init_media().(CVE-2024-38619)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
+
+The error handling in nilfs_empty_dir() when a directory folio/page read
+fails is incorrect, as in the old ext2 implementation, and if the
+folio/page cannot be read or nilfs_check_folio() fails, it will falsely
+determine the directory as empty and corrupt the file system.
+
+In addition, since nilfs_empty_dir() does not immediately return on a
+failed folio/page read, but continues to loop, this can cause a long loop
+with I/O if i_size of the directory's inode is also corrupted, causing the
+log writer thread to wait and hang, as reported by syzbot.
+
+Fix these issues by making nilfs_empty_dir() immediately return a false
+value (0) if it fails to get a directory folio/page.(CVE-2024-39469)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+xfs: fix log recovery buffer allocation for the legacy h_size fixup
+
+Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by
+mkfs") added a fixup for incorrect h_size values used for the initial
+umount record in old xfsprogs versions. Later commit 0c771b99d6c9
+("xfs: clean up calculation of LR header blocks") cleaned up the log
+reover buffer calculation, but stoped using the fixed up h_size value
+to size the log recovery buffer, which can lead to an out of bounds
+access when the incorrect h_size does not come from the old mkfs
+tool, but a fuzzer.
+
+Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
+into account for this calculation.(CVE-2024-39472)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.(CVE-2024-39494)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.(CVE-2024-39499)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/komeda: check for error-valued pointer
+
+komeda_pipeline_get_state() may return an error-valued pointer, thus
+check the pointer for negative or null value before dereferencing.(CVE-2024-39505)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().(CVE-2024-40904)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ipv6: fix possible race in __fib6_drop_pcpu_from()
+
+syzbot found a race in __fib6_drop_pcpu_from() [1]
+
+If compiler reads more than once (*ppcpu_rt),
+second read could read NULL, if another cpu clears
+the value in rt6_get_pcpu_route().
+
+Add a READ_ONCE() to prevent this race.
+
+Also add rcu_read_lock()/rcu_read_unlock() because
+we rely on RCU protection while dereferencing pcpu_rt.
+
+[1]
+
+Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
+KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
+CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+Workqueue: netns cleanup_net
+ RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
+Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
+RSP: 0018:ffffc900040df070 EFLAGS: 00010206
+RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
+RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
+RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
+R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
+R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
+FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
+ fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
+ fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
+ fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
+ fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
+ fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
+ fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
+ fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
+ fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
+ __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
+ rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
+ rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
+ addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
+ addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
+ notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
+ call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
+ call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
+ call_netdevice_notifiers net/core/dev.c:2044 [inline]
+ dev_close_many+0x333/0x6a0 net/core/dev.c:1585
+ unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
+ unregister_netdevice_many net/core/dev.c:11276 [inline]
+ default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
+ ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
+ cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
+ process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
+ process_scheduled_works kernel/workqueue.c:3312 [inline]
+ worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
+ kthread+0x2c1/0x3a0 kernel/kthread.c:389
+ ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.(CVE-2024-40912)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.(CVE-2024-40932)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.(CVE-2024-40941)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.(CVE-2024-40943)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.(CVE-2024-40968)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.(CVE-2024-40974)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: force a dst refcount before doing decryption
+
+As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
+entering the xfrm type handlers"):
+
+"Crypto requests might return asynchronous. In this case we leave the
+ rcu protected region, so force a refcount on the skb's destination
+ entry before we enter the xfrm type input/output handlers."
+
+On TIPC decryption path it has the same problem, and skb_dst_force()
+should be called before doing decryption to avoid a possible crash.
+
+Shuang reported this issue when this warning is triggered:
+
+ [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
+ [] Workqueue: crypto cryptd_queue_worker
+ [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Call Trace:
+ [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
+ [] tipc_rcv+0xcf5/0x1060 [tipc]
+ [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
+ [] cryptd_aead_crypt+0xdb/0x190
+ [] cryptd_queue_worker+0xed/0x190
+ [] process_one_work+0x93d/0x17e0(CVE-2024-40983)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.(CVE-2024-40984)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tracing: Build event generation tests only as modules
+
+The kprobes and synth event generation test modules add events and lock
+(get a reference) those event file reference in module init function,
+and unlock and delete it in module exit function. This is because those
+are designed for playing as modules.
+
+If we make those modules as built-in, those events are left locked in the
+kernel, and never be removed. This causes kprobe event self-test failure
+as below.
+
+[ 97.349708] ------------[ cut here ]------------
+[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.357106] Modules linked in:
+[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14
+[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90
+[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286
+[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000
+[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68
+[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000
+[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000
+[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000
+[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0
+[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 97.391196] Call Trace:
+[ 97.391967] <TASK>
+[ 97.392647] ? __warn+0xcc/0x180
+[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.395181] ? report_bug+0xbd/0x150
+[ 97.396234] ? handle_bug+0x3e/0x60
+[ 97.397311] ? exc_invalid_op+0x1a/0x50
+[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20
+[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20
+[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90
+[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.403773] ? init_kprobe_trace+0x50/0x50
+[ 97.404972] do_one_initcall+0x112/0x240
+[ 97.406113] do_initcall_level+0x95/0xb0
+[ 97.407286] ? kernel_init+0x1a/0x1a0
+[ 97.408401] do_initcalls+0x3f/0x70
+[ 97.409452] kernel_init_freeable+0x16f/0x1e0
+[ 97.410662] ? rest_init+0x1f0/0x1f0
+[ 97.411738] kernel_init+0x1a/0x1a0
+[ 97.412788] ret_from_fork+0x39/0x50
+[ 97.413817] ? rest_init+0x1f0/0x1f0
+[ 97.414844] ret_from_fork_asm+0x11/0x20
+[ 97.416285] </TASK>
+[ 97.417134] irq event stamp: 13437323
+[ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150
+[ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150
+[ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0
+[ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0
+[ 97.428850] ---[ end trace 0000000000000000 ]---
+
+And also, since we can not cleanup dynamic_event file, ftracetest are
+failed too.
+
+To avoid these issues, build these tests only as modules.(CVE-2024-41004)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.(CVE-2024-41007)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+bpf: Fix overrunning reservations in ringbuf
+
+The BPF ring buffer internally is implemented as a power-of-2 sized circular
+buffer, with two logical and ever-increasing counters: consumer_pos is the
+consumer counter to show which logical position the consumer consumed the
+data, and producer_pos which is the producer counter denoting the amount of
+data reserved by all producers.
+
+Each time a record is reserved, the producer that "owns" the record will
+successfully advance producer counter. In user space each time a record is
+read, the consumer of the data advanced the consumer counter once it finished
+processing. Both counters are stored in separate pages so that from user
+space, the producer counter is read-only and the consumer counter is read-write.
+
+One aspect that simplifies and thus speeds up the implementation of both
+producers and consumers is how the data area is mapped twice contiguously
+back-to-back in the virtual memory, allowing to not take any special measures
+for samples that have to wrap around at the end of the circular buffer data
+area, because the next page after the last data page would be first data page
+again, and thus the sample will still appear completely contiguous in virtual
+memory.
+
+Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
+book-keeping the length and offset, and is inaccessible to the BPF program.
+Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
+for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
+possible to make a second allocated memory chunk overlapping with the first
+chunk and as a result, the BPF program is now able to edit first chunk's
+header.
+
+For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
+of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
+bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
+[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
+allocate a chunk B with size 0x3000. This will succeed because consumer_pos
+was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
+check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
+to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
+earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
+pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
+bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
+locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
+B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
+page and could cause a crash.
+
+Fix it by calculating the oldest pending_pos and check whether the range
+from the oldest outstanding record to the newest would span beyond the ring
+buffer size. If that is the case, then reject the request. We've tested with
+the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
+before/after the fix and while it seems a bit slower on some benchmarks, it
+is still not significantly enough to matter.(CVE-2024-41009)
+ An update for kernel is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Critical
+ kernel
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47432
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47622
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48814
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48816
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48844
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52757
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52781
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36031
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38559
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38568
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38578
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38618
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38619
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39469
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39472
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39505
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40983
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41004
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41009
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2021-47432
+ https://nvd.nist.gov/vuln/detail/CVE-2021-47622
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48814
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48816
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48844
+ https://nvd.nist.gov/vuln/detail/CVE-2023-52757
+ https://nvd.nist.gov/vuln/detail/CVE-2023-52781
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36031
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36939
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38559
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38568
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38578
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38589
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38618
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38619
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39469
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39472
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39494
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39499
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39505
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40904
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40905
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40912
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40929
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40932
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40941
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40943
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40968
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40974
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40983
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40984
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40987
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41004
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41005
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41007
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41009
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ kernel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-headers-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-source-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-tools-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ python3-perf-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+ python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.aarch64.rpm
+
+
+ kernel-5.10.0-220.0.0.123.oe2203sp3.src.rpm
+
+
+ kernel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-debugsource-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-headers-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-source-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-tools-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-tools-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ kernel-tools-devel-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ python3-perf-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+ python3-perf-debuginfo-5.10.0-220.0.0.123.oe2203sp3.x86_64.rpm
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+lib/generic-radix-tree.c: Don't overflow in peek()
+
+When we started spreading new inode numbers throughout most of the 64
+bit inode space, that triggered some corner case bugs, in particular
+some integer overflows related to the radix tree code. Oops.
+
+ 2024-07-26
+ CVE-2021-47432
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: ufs: Fix a deadlock in the error handler
+
+The following deadlock has been observed on a test setup:
+
+ - All tags allocated
+
+ - The SCSI error handler calls ufshcd_eh_host_reset_handler()
+
+ - ufshcd_eh_host_reset_handler() queues work that calls
+ ufshcd_err_handler()
+
+ - ufshcd_err_handler() locks up as follows:
+
+Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt
+Call trace:
+ __switch_to+0x298/0x5d8
+ __schedule+0x6cc/0xa94
+ schedule+0x12c/0x298
+ blk_mq_get_tag+0x210/0x480
+ __blk_mq_alloc_request+0x1c8/0x284
+ blk_get_request+0x74/0x134
+ ufshcd_exec_dev_cmd+0x68/0x640
+ ufshcd_verify_dev_init+0x68/0x35c
+ ufshcd_probe_hba+0x12c/0x1cb8
+ ufshcd_host_reset_and_restore+0x88/0x254
+ ufshcd_reset_and_restore+0xd0/0x354
+ ufshcd_err_handler+0x408/0xc58
+ process_one_work+0x24c/0x66c
+ worker_thread+0x3e8/0xa4c
+ kthread+0x150/0x1b4
+ ret_from_fork+0x10/0x30
+
+Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved
+request.
+
+ 2024-07-26
+ CVE-2021-47622
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+net: dsa: seville: register the mdiobus under devres
+
+As explained in commits:
+74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
+5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
+
+mdiobus_free() will panic when called from devm_mdiobus_free() <-
+devres_release_all() <- __device_release_driver(), and that mdiobus was
+not previously unregistered.
+
+The Seville VSC9959 switch is a platform device, so the initial set of
+constraints that I thought would cause this (I2C or SPI buses which call
+->remove on ->shutdown) do not apply. But there is one more which
+applies here.
+
+If the DSA master itself is on a bus that calls ->remove from ->shutdown
+(like dpaa2-eth, which is on the fsl-mc bus), there is a device link
+between the switch and the DSA master, and device_links_unbind_consumers()
+will unbind the seville switch driver on shutdown.
+
+So the same treatment must be applied to all DSA switch drivers, which
+is: either use devres for both the mdiobus allocation and registration,
+or don't use devres at all.
+
+The seville driver has a code structure that could accommodate both the
+mdiobus_unregister and mdiobus_free calls, but it has an external
+dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls
+devm_mdiobus_alloc_size() on its behalf. So rather than restructuring
+that, and exporting yet one more symbol mscc_miim_teardown(), let's work
+with devres and replace of_mdiobus_register with the devres variant.
+When we use all-devres, we can ensure that devres doesn't free a
+still-registered bus (it either runs both callbacks, or none).
+
+ 2024-07-26
+ CVE-2022-48814
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+SUNRPC: lock against ->sock changing during sysfs read
+
+->sock can be set to NULL asynchronously unless ->recv_mutex is held.
+So it is important to hold that mutex. Otherwise a sysfs read can
+trigger an oops.
+Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before
+handling sysfs reads") appears to attempt to fix this problem, but it
+only narrows the race window.
+
+ 2024-07-26
+ CVE-2022-48816
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+Bluetooth: hci_core: Fix leaking sent_cmd skb
+
+sent_cmd memory is not freed before freeing hci_dev causing it to leak
+it contents.
+
+ 2024-07-26
+ CVE-2022-48844
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+smb: client: fix potential deadlock when releasing mids
+
+All release_mid() callers seem to hold a reference of @mid so there is
+no need to call kref_put(&mid->refcount, __release_mid) under
+@server->mid_lock spinlock. If they don't, then an use-after-free bug
+would have occurred anyways.
+
+By getting rid of such spinlock also fixes a potential deadlock as
+shown below
+
+CPU 0 CPU 1
+------------------------------------------------------------------
+cifs_demultiplex_thread() cifs_debug_data_proc_show()
+ release_mid()
+ spin_lock(&server->mid_lock);
+ spin_lock(&cifs_tcp_ses_lock)
+ spin_lock(&server->mid_lock)
+ __release_mid()
+ smb2_find_smb_tcon()
+ spin_lock(&cifs_tcp_ses_lock) *deadlock*
+
+ 2024-07-26
+ CVE-2023-52757
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
+
+The BOS descriptor defines a root descriptor and is the base descriptor for
+accessing a family of related descriptors.
+
+Function 'usb_get_bos_descriptor()' encounters an iteration issue when
+skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
+the same descriptor being read repeatedly.
+
+To address this issue, a 'goto' statement is introduced to ensure that the
+pointer and the amount read is updated correctly. This ensures that the
+function iterates to the next descriptor instead of reading the same
+descriptor repeatedly.
+
+ 2024-07-26
+ CVE-2023-52781
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.3
+ AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:keys: Fix overwrite of key expiration on instantiationThe expiry time of a key is unconditionally overwritten duringinstantiation, defaulting to turn it permanent. This causes a problemfor DNS resolution as the expiration set by user-space is overwritten toTIME64_MAX, disabling further DNS updates. Fix this by restoring thecondition that key_set_expiry is only called when the pre-parser sets aspecific expiry.
+
+ 2024-07-26
+ CVE-2024-36031
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Critical
+
+
+
+
+ 9.8
+ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>
+
+ 2024-07-26
+ CVE-2024-36939
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.6
+ AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: qedf: Ensure the copied buf is NUL terminated
+
+Currently, we allocate a count-sized kernel buffer and copy count from
+userspace to that buffer. Later, we use kstrtouint on this buffer but we
+don't ensure that the string is terminated inside the buffer, this can
+lead to OOB read when using kstrtouint. Fix this issue by using
+memdup_user_nul instead of memdup_user.
+
+ 2024-07-26
+ CVE-2024-38559
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
+
+The perf tool allows users to create event groups through following
+cmd [1], but the driver does not check whether the array index is out
+of bounds when writing data to the event_group array. If the number of
+events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the
+memory write overflow of event_group array occurs.
+
+Add array index check to fix the possible array out of bounds violation,
+and return directly when write new events are written to array bounds.
+
+There are 9 different events in an event_group.
+[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}
+
+ 2024-07-26
+ CVE-2024-38568
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 6.1
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ecryptfs: Fix buffer size for tag 66 packet
+
+The 'TAG 66 Packet Format' description is missing the cipher code and
+checksum fields that are packed into the message packet. As a result,
+the buffer allocated for the packet is 3 bytes too small and
+write_tag_66_packet() will write up to 3 bytes past the end of the
+buffer.
+
+Fix this by increasing the size of the allocation so the whole packet
+will always fit in the buffer.
+
+This fixes the below kasan slab-out-of-bounds bug:
+
+ BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ Write of size 1 at addr ffff88800afbb2a5 by task touch/181
+
+ CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x4c/0x70
+ print_report+0xc5/0x610
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? kasan_complete_mode_report_info+0x44/0x210
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ kasan_report+0xc2/0x110
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ __asan_store1+0x62/0x80
+ ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
+ ? __alloc_pages+0x2e2/0x540
+ ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
+ ? dentry_open+0x8f/0xd0
+ ecryptfs_write_metadata+0x30a/0x550
+ ? __pfx_ecryptfs_write_metadata+0x10/0x10
+ ? ecryptfs_get_lower_file+0x6b/0x190
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ ? __pfx_path_openat+0x10/0x10
+ do_filp_open+0x15e/0x290
+ ? __pfx_do_filp_open+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? _raw_spin_lock+0x86/0xf0
+ ? __pfx__raw_spin_lock+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? alloc_fd+0xf4/0x330
+ do_sys_openat2+0x122/0x160
+ ? __pfx_do_sys_openat2+0x10/0x10
+ __x64_sys_openat+0xef/0x170
+ ? __pfx___x64_sys_openat+0x10/0x10
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+ RIP: 0033:0x7f00a703fd67
+ Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
+ RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+ RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
+ RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
+ RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
+ R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
+ R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
+ </TASK>
+
+ Allocated by task 181:
+ kasan_save_stack+0x2f/0x60
+ kasan_set_track+0x29/0x40
+ kasan_save_alloc_info+0x25/0x40
+ __kasan_kmalloc+0xc5/0xd0
+ __kmalloc+0x66/0x160
+ ecryptfs_generate_key_packet_set+0x6d2/0xde0
+ ecryptfs_write_metadata+0x30a/0x550
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ do_filp_open+0x15e/0x290
+ do_sys_openat2+0x122/0x160
+ __x64_sys_openat+0xef/0x170
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+
+ 2024-07-26
+ CVE-2024-38578
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---
+
+ 2024-07-26
+ CVE-2024-38589
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ALSA: timer: Set lower bound of start tick time
+
+Currently ALSA timer doesn't have the lower limit of the start tick
+time, and it allows a very small size, e.g. 1 tick with 1ns resolution
+for hrtimer. Such a situation may lead to an unexpected RCU stall,
+where the callback repeatedly queuing the expire update, as reported
+by fuzzer.
+
+This patch introduces a sanity check of the timer start tick time, so
+that the system returns an error when a too small start size is set.
+As of this patch, the lower limit is hard-coded to 100us, which is
+small enough but can still work somehow.
+
+ 2024-07-26
+ CVE-2024-38618
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+usb-storage: alauda: Check whether the media is initialized
+
+The member "uzonesize" of struct alauda_info will remain 0
+if alauda_init_media() fails, potentially causing divide errors
+in alauda_read_data() and alauda_write_lba().
+- Add a member "media_initialized" to struct alauda_info.
+- Change a condition in alauda_check_media() to ensure the
+ first initialization.
+- Add an error check for the return value of alauda_init_media().
+
+ 2024-07-26
+ CVE-2024-38619
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
+
+The error handling in nilfs_empty_dir() when a directory folio/page read
+fails is incorrect, as in the old ext2 implementation, and if the
+folio/page cannot be read or nilfs_check_folio() fails, it will falsely
+determine the directory as empty and corrupt the file system.
+
+In addition, since nilfs_empty_dir() does not immediately return on a
+failed folio/page read, but continues to loop, this can cause a long loop
+with I/O if i_size of the directory's inode is also corrupted, causing the
+log writer thread to wait and hang, as reported by syzbot.
+
+Fix these issues by making nilfs_empty_dir() immediately return a false
+value (0) if it fails to get a directory folio/page.
+
+ 2024-07-26
+ CVE-2024-39469
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ( xfs: detect and handle invalid iclog size set bymkfs ) added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9( xfs: clean up calculation of LR header blocks ) cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.
+
+ 2024-07-26
+ CVE-2024-39472
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.
+
+ 2024-07-26
+ CVE-2024-39494
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.
+
+ 2024-07-26
+ CVE-2024-39499
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/komeda: check for error-valued pointer
+
+komeda_pipeline_get_state() may return an error-valued pointer, thus
+check the pointer for negative or null value before dereferencing.
+
+ 2024-07-26
+ CVE-2024-39505
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().
+
+ 2024-07-26
+ CVE-2024-40904
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ipv6: fix possible race in __fib6_drop_pcpu_from()
+
+syzbot found a race in __fib6_drop_pcpu_from() [1]
+
+If compiler reads more than once (*ppcpu_rt),
+second read could read NULL, if another cpu clears
+the value in rt6_get_pcpu_route().
+
+Add a READ_ONCE() to prevent this race.
+
+Also add rcu_read_lock()/rcu_read_unlock() because
+we rely on RCU protection while dereferencing pcpu_rt.
+
+[1]
+
+Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
+KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
+CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+Workqueue: netns cleanup_net
+ RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
+Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
+RSP: 0018:ffffc900040df070 EFLAGS: 00010206
+RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
+RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
+RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
+R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
+R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
+FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
+ fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
+ fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
+ fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
+ fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
+ fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
+ fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
+ fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
+ fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
+ __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
+ rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
+ rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
+ addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
+ addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
+ notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
+ call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
+ call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
+ call_netdevice_notifiers net/core/dev.c:2044 [inline]
+ dev_close_many+0x333/0x6a0 net/core/dev.c:1585
+ unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
+ unregister_netdevice_many net/core/dev.c:11276 [inline]
+ default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
+ ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
+ cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
+ process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
+ process_scheduled_works kernel/workqueue.c:3312 [inline]
+ worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
+ kthread+0x2c1/0x3a0 kernel/kthread.c:389
+ ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+
+ 2024-07-26
+ CVE-2024-40905
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ None
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.
+
+ 2024-07-26
+ CVE-2024-40912
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.
+
+ 2024-07-26
+ CVE-2024-40929
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.
+
+ 2024-07-26
+ CVE-2024-40932
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.
+
+ 2024-07-26
+ CVE-2024-40941
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.
+
+ 2024-07-26
+ CVE-2024-40943
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.
+
+ 2024-07-26
+ CVE-2024-40968
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.
+
+ 2024-07-26
+ CVE-2024-40974
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: force a dst refcount before doing decryption
+
+As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
+entering the xfrm type handlers"):
+
+"Crypto requests might return asynchronous. In this case we leave the
+ rcu protected region, so force a refcount on the skb's destination
+ entry before we enter the xfrm type input/output handlers."
+
+On TIPC decryption path it has the same problem, and skb_dst_force()
+should be called before doing decryption to avoid a possible crash.
+
+Shuang reported this issue when this warning is triggered:
+
+ [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
+ [] Workqueue: crypto cryptd_queue_worker
+ [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Call Trace:
+ [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
+ [] tipc_rcv+0xcf5/0x1060 [tipc]
+ [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
+ [] cryptd_aead_crypt+0xdb/0x190
+ [] cryptd_queue_worker+0xed/0x190
+ [] process_one_work+0x93d/0x17e0
+
+ 2024-07-26
+ CVE-2024-40983
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.
+
+ 2024-07-26
+ CVE-2024-40984
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.
+
+ 2024-07-26
+ CVE-2024-40987
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tracing: Build event generation tests only as modules
+
+The kprobes and synth event generation test modules add events and lock
+(get a reference) those event file reference in module init function,
+and unlock and delete it in module exit function. This is because those
+are designed for playing as modules.
+
+If we make those modules as built-in, those events are left locked in the
+kernel, and never be removed. This causes kprobe event self-test failure
+as below.
+
+[ 97.349708] ------------[ cut here ]------------
+[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.357106] Modules linked in:
+[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14
+[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90
+[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286
+[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000
+[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68
+[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000
+[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000
+[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000
+[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0
+[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 97.391196] Call Trace:
+[ 97.391967] <TASK>
+[ 97.392647] ? __warn+0xcc/0x180
+[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.395181] ? report_bug+0xbd/0x150
+[ 97.396234] ? handle_bug+0x3e/0x60
+[ 97.397311] ? exc_invalid_op+0x1a/0x50
+[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20
+[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20
+[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90
+[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.403773] ? init_kprobe_trace+0x50/0x50
+[ 97.404972] do_one_initcall+0x112/0x240
+[ 97.406113] do_initcall_level+0x95/0xb0
+[ 97.407286] ? kernel_init+0x1a/0x1a0
+[ 97.408401] do_initcalls+0x3f/0x70
+[ 97.409452] kernel_init_freeable+0x16f/0x1e0
+[ 97.410662] ? rest_init+0x1f0/0x1f0
+[ 97.411738] kernel_init+0x1a/0x1a0
+[ 97.412788] ret_from_fork+0x39/0x50
+[ 97.413817] ? rest_init+0x1f0/0x1f0
+[ 97.414844] ret_from_fork_asm+0x11/0x20
+[ 97.416285] </TASK>
+[ 97.417134] irq event stamp: 13437323
+[ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150
+[ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150
+[ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0
+[ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0
+[ 97.428850] ---[ end trace 0000000000000000 ]---
+
+And also, since we can not cleanup dynamic_event file, ftracetest are
+failed too.
+
+To avoid these issues, build these tests only as modules.
+
+ 2024-07-26
+ CVE-2024-41004
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.
+
+ 2024-07-26
+ CVE-2024-41005
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.
+
+ 2024-07-26
+ CVE-2024-41007
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that owns the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A s header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header s pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A s header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We ve tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.
+
+ 2024-07-26
+ CVE-2024-41009
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1894
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1895.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1895.xml
new file mode 100644
index 0000000..27c519a
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1895.xml
@@ -0,0 +1,2058 @@
+
+
+ An update for kernel is now available for openEuler-20.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1895
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ kernel security update
+ An update for kernel is now available for openEuler-20.03-LTS-SP4
+ The Linux Kernel, the operating system core itself.
+
+Security Fix(es):
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nfc: fix segfault in nfc_genl_dump_devices_done
+
+When kmalloc in nfc_genl_dump_devices() fails then
+nfc_genl_dump_devices_done() segfaults as below
+
+KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
+CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014
+Workqueue: events netlink_sock_destruct_work
+RIP: 0010:klist_iter_exit+0x26/0x80
+Call Trace:
+<TASK>
+class_dev_iter_exit+0x15/0x20
+nfc_genl_dump_devices_done+0x3b/0x50
+genl_lock_done+0x84/0xd0
+netlink_sock_destruct+0x8f/0x270
+__sk_destruct+0x64/0x3b0
+sk_destruct+0xa8/0xd0
+__sk_free+0x2e8/0x3d0
+sk_free+0x51/0x90
+netlink_sock_destruct_work+0x1c/0x20
+process_one_work+0x411/0x710
+worker_thread+0x6fd/0xa80(CVE-2021-47612)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
+
+kobject_init_and_add() takes reference even when it fails.
+According to the doc of kobject_init_and_add()?
+
+ If this function returns an error, kobject_put() must be called to
+ properly clean up the memory associated with the object.
+
+Fix memory leak by calling kobject_put().(CVE-2022-48775)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nvme-rdma: fix possible use-after-free in transport error_recovery work
+
+While nvme_rdma_submit_async_event_work is checking the ctrl and queue
+state before preparing the AER command and scheduling io_work, in order
+to fully prevent a race where this check is not reliable the error
+recovery work must flush async_event_work before continuing to destroy
+the admin queue after setting the ctrl state to RESETTING such that
+there is no race .submit_async_event and the error recovery handler
+itself changing the ctrl state.(CVE-2022-48788)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
+
+The syzbot fuzzer found a use-after-free bug:
+
+BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320
+Read of size 8 at addr ffff88802b934098 by task udevd/3689
+
+CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0
+Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
+Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
+ print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255
+ __kasan_report mm/kasan/report.c:442 [inline]
+ kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
+ dev_uevent+0x712/0x780 drivers/base/core.c:2320
+ uevent_show+0x1b8/0x380 drivers/base/core.c:2391
+ dev_attr_show+0x4b/0x90 drivers/base/core.c:2094
+
+Although the bug manifested in the driver core, the real cause was a
+race with the gadget core. dev_uevent() does:
+
+ if (dev->driver)
+ add_uevent_var(env, "DRIVER=%s", dev->driver->name);
+
+and between the test and the dereference of dev->driver, the gadget
+core sets dev->driver to NULL.
+
+The race wouldn't occur if the gadget core registered its devices on
+a real bus, using the standard synchronization techniques of the
+driver core. However, it's not necessary to make such a large change
+in order to fix this bug; all we need to do is make sure that
+udc->dev.driver is always NULL.
+
+In fact, there is no reason for udc->dev.driver ever to be set to
+anything, let alone to the value it currently gets: the address of the
+gadget's driver. After all, a gadget driver only knows how to manage
+a gadget, not how to manage a UDC.
+
+This patch simply removes the statements in the gadget core that touch
+udc->dev.driver.(CVE-2022-48838)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+sctp: fix kernel-infoleak for SCTP sockets
+
+syzbot reported a kernel infoleak [1] of 4 bytes.
+
+After analysis, it turned out r->idiag_expires is not initialized
+if inet_sctp_diag_fill() calls inet_diag_msg_common_fill()
+
+Make sure to clear idiag_timer/idiag_retrans/idiag_expires
+and let inet_diag_msg_sctpasoc_fill() fill them again if needed.
+
+[1]
+
+BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
+BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline]
+BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668
+ instrument_copy_to_user include/linux/instrumented.h:121 [inline]
+ copyout lib/iov_iter.c:154 [inline]
+ _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668
+ copy_to_iter include/linux/uio.h:162 [inline]
+ simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519
+ __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425
+ skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533
+ skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline]
+ netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977
+ sock_recvmsg_nosec net/socket.c:948 [inline]
+ sock_recvmsg net/socket.c:966 [inline]
+ __sys_recvfrom+0x795/0xa10 net/socket.c:2097
+ __do_sys_recvfrom net/socket.c:2115 [inline]
+ __se_sys_recvfrom net/socket.c:2111 [inline]
+ __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111
+ do_syscall_x64 arch/x86/entry/common.c:51 [inline]
+ do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Uninit was created at:
+ slab_post_alloc_hook mm/slab.h:737 [inline]
+ slab_alloc_node mm/slub.c:3247 [inline]
+ __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975
+ kmalloc_reserve net/core/skbuff.c:354 [inline]
+ __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
+ alloc_skb include/linux/skbuff.h:1158 [inline]
+ netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248
+ __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373
+ netlink_dump_start include/linux/netlink.h:254 [inline]
+ inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341
+ sock_diag_rcv_msg+0x24a/0x620
+ netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494
+ sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277
+ netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
+ netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343
+ netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919
+ sock_sendmsg_nosec net/socket.c:705 [inline]
+ sock_sendmsg net/socket.c:725 [inline]
+ sock_write_iter+0x594/0x690 net/socket.c:1061
+ do_iter_readv_writev+0xa7f/0xc70
+ do_iter_write+0x52c/0x1500 fs/read_write.c:851
+ vfs_writev fs/read_write.c:924 [inline]
+ do_writev+0x645/0xe00 fs/read_write.c:967
+ __do_sys_writev fs/read_write.c:1040 [inline]
+ __se_sys_writev fs/read_write.c:1037 [inline]
+ __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
+ do_syscall_x64 arch/x86/entry/common.c:51 [inline]
+ do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Bytes 68-71 of 2508 are uninitialized
+Memory access of size 2508 starts at ffff888114f9b000
+Data copied to user address 00007f7fe09ff2e0
+
+CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011(CVE-2022-48855)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
+
+The of_find_compatible_node() function returns a node pointer with
+refcount incremented, We should use of_node_put() on it when done
+Add the missing of_node_put() to release the refcount.(CVE-2022-48856)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: fix kernel panic when enabling bearer
+
+When enabling a bearer on a node, a kernel panic is observed:
+
+[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]
+...
+[ 4.520030] Call Trace:
+[ 4.520689] <IRQ>
+[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc]
+[ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc]
+[ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc]
+[ 4.525292] tipc_rcv+0x5da/0x730 [tipc]
+[ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0
+[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc]
+[ 4.528737] __netif_receive_skb_list_core+0x20b/0x260
+[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0
+[ 4.531450] ? dev_gro_receive+0x4c2/0x680
+[ 4.532512] napi_complete_done+0x6f/0x180
+[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]
+...
+
+The node in question is receiving activate messages in another
+thread after changing bearer status to allow message sending/
+receiving in current thread:
+
+ thread 1 | thread 2
+ -------- | --------
+ |
+tipc_enable_bearer() |
+ test_and_set_bit_lock() |
+ tipc_bearer_xmit_skb() |
+ | tipc_l2_rcv_msg()
+ | tipc_rcv()
+ | __tipc_node_link_up()
+ | tipc_link_build_state_msg()
+ | tipc_link_build_proto_msg()
+ | tipc_mon_prep()
+ | {
+ | ...
+ | // null-pointer dereference
+ | u16 gen = mon->dom_gen;
+ | ...
+ | }
+ // Not being executed yet |
+ tipc_mon_create() |
+ { |
+ ... |
+ // allocate |
+ mon = kzalloc(); |
+ ... |
+ } |
+
+Monitoring pointer in thread 2 is dereferenced before monitoring data
+is allocated in thread 1. This causes kernel panic.
+
+This commit fixes it by allocating the monitoring data before enabling
+the bearer to receive messages.(CVE-2022-48865)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---(CVE-2024-38589)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
+
+Using completion_done to determine whether the caller has gone
+away only works after a complete call. Furthermore it's still
+possible that the caller has not yet called wait_for_completion,
+resulting in another potential UAF.
+
+Fix this by making the caller use cancel_work_sync and then freeing
+the memory safely.(CVE-2024-39493)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.(CVE-2024-39494)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.(CVE-2024-39499)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().(CVE-2024-40904)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.(CVE-2024-40912)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.(CVE-2024-40932)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.(CVE-2024-40941)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.(CVE-2024-40943)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.(CVE-2024-40968)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.(CVE-2024-40974)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.(CVE-2024-40984)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.(CVE-2024-41007)
+ An update for kernel is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ kernel
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47612
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48775
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48788
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48838
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48855
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48856
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48865
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39493
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2021-47612
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48775
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48788
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48838
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48855
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48856
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48865
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38589
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39493
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39494
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39499
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40904
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40912
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40929
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40932
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40941
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40943
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40968
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40974
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40984
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40987
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41005
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41007
+
+
+
+
+ openEuler-20.03-LTS-SP4
+
+
+ bpftool-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+ python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.aarch64.rpm
+
+
+ bpftool-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ bpftool-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-debugsource-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-source-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-tools-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-tools-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ kernel-tools-devel-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ python2-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ python2-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ python3-perf-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+ python3-perf-debuginfo-4.19.90-2407.5.0.0287.oe2003sp4.x86_64.rpm
+
+
+ kernel-4.19.90-2407.5.0.0287.oe2003sp4.src.rpm
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nfc: fix segfault in nfc_genl_dump_devices_done
+
+When kmalloc in nfc_genl_dump_devices() fails then
+nfc_genl_dump_devices_done() segfaults as below
+
+KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
+CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014
+Workqueue: events netlink_sock_destruct_work
+RIP: 0010:klist_iter_exit+0x26/0x80
+Call Trace:
+<TASK>
+class_dev_iter_exit+0x15/0x20
+nfc_genl_dump_devices_done+0x3b/0x50
+genl_lock_done+0x84/0xd0
+netlink_sock_destruct+0x8f/0x270
+__sk_destruct+0x64/0x3b0
+sk_destruct+0xa8/0xd0
+__sk_free+0x2e8/0x3d0
+sk_free+0x51/0x90
+netlink_sock_destruct_work+0x1c/0x20
+process_one_work+0x411/0x710
+worker_thread+0x6fd/0xa80
+
+ 2024-07-26
+ CVE-2021-47612
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
+
+kobject_init_and_add() takes reference even when it fails.
+According to the doc of kobject_init_and_add()?
+
+ If this function returns an error, kobject_put() must be called to
+ properly clean up the memory associated with the object.
+
+Fix memory leak by calling kobject_put().
+
+ 2024-07-26
+ CVE-2022-48775
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nvme-rdma: fix possible use-after-free in transport error_recovery work
+
+While nvme_rdma_submit_async_event_work is checking the ctrl and queue
+state before preparing the AER command and scheduling io_work, in order
+to fully prevent a race where this check is not reliable the error
+recovery work must flush async_event_work before continuing to destroy
+the admin queue after setting the ctrl state to RESETTING such that
+there is no race .submit_async_event and the error recovery handler
+itself changing the ctrl state.
+
+ 2024-07-26
+ CVE-2022-48788
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.3
+ AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
+
+The syzbot fuzzer found a use-after-free bug:
+
+BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320
+Read of size 8 at addr ffff88802b934098 by task udevd/3689
+
+CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0
+Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
+Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
+ print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255
+ __kasan_report mm/kasan/report.c:442 [inline]
+ kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
+ dev_uevent+0x712/0x780 drivers/base/core.c:2320
+ uevent_show+0x1b8/0x380 drivers/base/core.c:2391
+ dev_attr_show+0x4b/0x90 drivers/base/core.c:2094
+
+Although the bug manifested in the driver core, the real cause was a
+race with the gadget core. dev_uevent() does:
+
+ if (dev->driver)
+ add_uevent_var(env, "DRIVER=%s", dev->driver->name);
+
+and between the test and the dereference of dev->driver, the gadget
+core sets dev->driver to NULL.
+
+The race wouldn't occur if the gadget core registered its devices on
+a real bus, using the standard synchronization techniques of the
+driver core. However, it's not necessary to make such a large change
+in order to fix this bug; all we need to do is make sure that
+udc->dev.driver is always NULL.
+
+In fact, there is no reason for udc->dev.driver ever to be set to
+anything, let alone to the value it currently gets: the address of the
+gadget's driver. After all, a gadget driver only knows how to manage
+a gadget, not how to manage a UDC.
+
+This patch simply removes the statements in the gadget core that touch
+udc->dev.driver.
+
+ 2024-07-26
+ CVE-2022-48838
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+sctp: fix kernel-infoleak for SCTP sockets
+
+syzbot reported a kernel infoleak [1] of 4 bytes.
+
+After analysis, it turned out r->idiag_expires is not initialized
+if inet_sctp_diag_fill() calls inet_diag_msg_common_fill()
+
+Make sure to clear idiag_timer/idiag_retrans/idiag_expires
+and let inet_diag_msg_sctpasoc_fill() fill them again if needed.
+
+[1]
+
+BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
+BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline]
+BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668
+ instrument_copy_to_user include/linux/instrumented.h:121 [inline]
+ copyout lib/iov_iter.c:154 [inline]
+ _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668
+ copy_to_iter include/linux/uio.h:162 [inline]
+ simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519
+ __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425
+ skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533
+ skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline]
+ netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977
+ sock_recvmsg_nosec net/socket.c:948 [inline]
+ sock_recvmsg net/socket.c:966 [inline]
+ __sys_recvfrom+0x795/0xa10 net/socket.c:2097
+ __do_sys_recvfrom net/socket.c:2115 [inline]
+ __se_sys_recvfrom net/socket.c:2111 [inline]
+ __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111
+ do_syscall_x64 arch/x86/entry/common.c:51 [inline]
+ do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Uninit was created at:
+ slab_post_alloc_hook mm/slab.h:737 [inline]
+ slab_alloc_node mm/slub.c:3247 [inline]
+ __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975
+ kmalloc_reserve net/core/skbuff.c:354 [inline]
+ __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
+ alloc_skb include/linux/skbuff.h:1158 [inline]
+ netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248
+ __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373
+ netlink_dump_start include/linux/netlink.h:254 [inline]
+ inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341
+ sock_diag_rcv_msg+0x24a/0x620
+ netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494
+ sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277
+ netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
+ netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343
+ netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919
+ sock_sendmsg_nosec net/socket.c:705 [inline]
+ sock_sendmsg net/socket.c:725 [inline]
+ sock_write_iter+0x594/0x690 net/socket.c:1061
+ do_iter_readv_writev+0xa7f/0xc70
+ do_iter_write+0x52c/0x1500 fs/read_write.c:851
+ vfs_writev fs/read_write.c:924 [inline]
+ do_writev+0x645/0xe00 fs/read_write.c:967
+ __do_sys_writev fs/read_write.c:1040 [inline]
+ __se_sys_writev fs/read_write.c:1037 [inline]
+ __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
+ do_syscall_x64 arch/x86/entry/common.c:51 [inline]
+ do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Bytes 68-71 of 2508 are uninitialized
+Memory access of size 2508 starts at ffff888114f9b000
+Data copied to user address 00007f7fe09ff2e0
+
+CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+
+ 2024-07-26
+ CVE-2022-48855
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 7.1
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:gianfar: ethtool: Fix refcount leak in gfar_get_ts_infoThe of_find_compatible_node() function returns a node pointer withrefcount incremented, We should use of_node_put() on it when doneAdd the missing of_node_put() to release the refcount.
+
+ 2024-07-26
+ CVE-2022-48856
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:tipc: fix kernel panic when enabling bearerWhen enabling a bearer on a node, a kernel panic is observed:[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]...[ 4.520030] Call Trace:[ 4.520689] <IRQ>[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc][ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc][ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc][ 4.525292] tipc_rcv+0x5da/0x730 [tipc][ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc][ 4.528737] __netif_receive_skb_list_core+0x20b/0x260[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0[ 4.531450] ? dev_gro_receive+0x4c2/0x680[ 4.532512] napi_complete_done+0x6f/0x180[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]...The node in question is receiving activate messages in anotherthread after changing bearer status to allow message sending/receiving in current thread: thread 1 | thread 2 -------- | -------- |tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc(); | ... | } |Monitoring pointer in thread 2 is dereferenced before monitoring datais allocated in thread 1. This causes kernel panic.This commit fixes it by allocating the monitoring data before enablingthe bearer to receive messages.
+
+ 2024-07-26
+ CVE-2022-48865
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---
+
+ 2024-07-26
+ CVE-2024-38589
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
+
+Using completion_done to determine whether the caller has gone
+away only works after a complete call. Furthermore it's still
+possible that the caller has not yet called wait_for_completion,
+resulting in another potential UAF.
+
+Fix this by making the caller use cancel_work_sync and then freeing
+the memory safely.
+
+ 2024-07-26
+ CVE-2024-39493
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ None
+
+
+
+
+ 6.1
+ AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.
+
+ 2024-07-26
+ CVE-2024-39494
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.
+
+ 2024-07-26
+ CVE-2024-39499
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().
+
+ 2024-07-26
+ CVE-2024-40904
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.
+
+ 2024-07-26
+ CVE-2024-40912
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.
+
+ 2024-07-26
+ CVE-2024-40929
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.
+
+ 2024-07-26
+ CVE-2024-40932
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.
+
+ 2024-07-26
+ CVE-2024-40941
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.
+
+ 2024-07-26
+ CVE-2024-40943
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.
+
+ 2024-07-26
+ CVE-2024-40968
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.
+
+ 2024-07-26
+ CVE-2024-40974
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.
+
+ 2024-07-26
+ CVE-2024-40984
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.
+
+ 2024-07-26
+ CVE-2024-40987
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.
+
+ 2024-07-26
+ CVE-2024-41005
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.
+
+ 2024-07-26
+ CVE-2024-41007
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1896.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1896.xml
new file mode 100644
index 0000000..a058aab
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1896.xml
@@ -0,0 +1,3106 @@
+
+
+ An update for kernel is now available for openEuler-22.03-LTS-SP1
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1896
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ kernel security update
+ An update for kernel is now available for openEuler-22.03-LTS-SP1
+ The Linux Kernel, the operating system core itself.
+
+Security Fix(es):
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+lib/generic-radix-tree.c: Don't overflow in peek()
+
+When we started spreading new inode numbers throughout most of the 64
+bit inode space, that triggered some corner case bugs, in particular
+some integer overflows related to the radix tree code. Oops.(CVE-2021-47432)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: ufs: Fix a deadlock in the error handler
+
+The following deadlock has been observed on a test setup:
+
+ - All tags allocated
+
+ - The SCSI error handler calls ufshcd_eh_host_reset_handler()
+
+ - ufshcd_eh_host_reset_handler() queues work that calls
+ ufshcd_err_handler()
+
+ - ufshcd_err_handler() locks up as follows:
+
+Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt
+Call trace:
+ __switch_to+0x298/0x5d8
+ __schedule+0x6cc/0xa94
+ schedule+0x12c/0x298
+ blk_mq_get_tag+0x210/0x480
+ __blk_mq_alloc_request+0x1c8/0x284
+ blk_get_request+0x74/0x134
+ ufshcd_exec_dev_cmd+0x68/0x640
+ ufshcd_verify_dev_init+0x68/0x35c
+ ufshcd_probe_hba+0x12c/0x1cb8
+ ufshcd_host_reset_and_restore+0x88/0x254
+ ufshcd_reset_and_restore+0xd0/0x354
+ ufshcd_err_handler+0x408/0xc58
+ process_one_work+0x24c/0x66c
+ worker_thread+0x3e8/0xa4c
+ kthread+0x150/0x1b4
+ ret_from_fork+0x10/0x30
+
+Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved
+request.(CVE-2021-47622)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+net: dsa: seville: register the mdiobus under devres
+
+As explained in commits:
+74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
+5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
+
+mdiobus_free() will panic when called from devm_mdiobus_free() <-
+devres_release_all() <- __device_release_driver(), and that mdiobus was
+not previously unregistered.
+
+The Seville VSC9959 switch is a platform device, so the initial set of
+constraints that I thought would cause this (I2C or SPI buses which call
+->remove on ->shutdown) do not apply. But there is one more which
+applies here.
+
+If the DSA master itself is on a bus that calls ->remove from ->shutdown
+(like dpaa2-eth, which is on the fsl-mc bus), there is a device link
+between the switch and the DSA master, and device_links_unbind_consumers()
+will unbind the seville switch driver on shutdown.
+
+So the same treatment must be applied to all DSA switch drivers, which
+is: either use devres for both the mdiobus allocation and registration,
+or don't use devres at all.
+
+The seville driver has a code structure that could accommodate both the
+mdiobus_unregister and mdiobus_free calls, but it has an external
+dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls
+devm_mdiobus_alloc_size() on its behalf. So rather than restructuring
+that, and exporting yet one more symbol mscc_miim_teardown(), let's work
+with devres and replace of_mdiobus_register with the devres variant.
+When we use all-devres, we can ensure that devres doesn't free a
+still-registered bus (it either runs both callbacks, or none).(CVE-2022-48814)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+SUNRPC: lock against ->sock changing during sysfs read
+
+->sock can be set to NULL asynchronously unless ->recv_mutex is held.
+So it is important to hold that mutex. Otherwise a sysfs read can
+trigger an oops.
+Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before
+handling sysfs reads") appears to attempt to fix this problem, but it
+only narrows the race window.(CVE-2022-48816)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+Bluetooth: hci_core: Fix leaking sent_cmd skb
+
+sent_cmd memory is not freed before freeing hci_dev causing it to leak
+it contents.(CVE-2022-48844)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+smb: client: fix potential deadlock when releasing mids
+
+All release_mid() callers seem to hold a reference of @mid so there is
+no need to call kref_put(&mid->refcount, __release_mid) under
+@server->mid_lock spinlock. If they don't, then an use-after-free bug
+would have occurred anyways.
+
+By getting rid of such spinlock also fixes a potential deadlock as
+shown below
+
+CPU 0 CPU 1
+------------------------------------------------------------------
+cifs_demultiplex_thread() cifs_debug_data_proc_show()
+ release_mid()
+ spin_lock(&server->mid_lock);
+ spin_lock(&cifs_tcp_ses_lock)
+ spin_lock(&server->mid_lock)
+ __release_mid()
+ smb2_find_smb_tcon()
+ spin_lock(&cifs_tcp_ses_lock) *deadlock*(CVE-2023-52757)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
+
+The BOS descriptor defines a root descriptor and is the base descriptor for
+accessing a family of related descriptors.
+
+Function 'usb_get_bos_descriptor()' encounters an iteration issue when
+skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
+the same descriptor being read repeatedly.
+
+To address this issue, a 'goto' statement is introduced to ensure that the
+pointer and the amount read is updated correctly. This ensures that the
+function iterates to the next descriptor instead of reading the same
+descriptor repeatedly.(CVE-2023-52781)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>(CVE-2024-36939)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: qedf: Ensure the copied buf is NUL terminated
+
+Currently, we allocate a count-sized kernel buffer and copy count from
+userspace to that buffer. Later, we use kstrtouint on this buffer but we
+don't ensure that the string is terminated inside the buffer, this can
+lead to OOB read when using kstrtouint. Fix this issue by using
+memdup_user_nul instead of memdup_user.(CVE-2024-38559)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
+
+The perf tool allows users to create event groups through following
+cmd [1], but the driver does not check whether the array index is out
+of bounds when writing data to the event_group array. If the number of
+events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the
+memory write overflow of event_group array occurs.
+
+Add array index check to fix the possible array out of bounds violation,
+and return directly when write new events are written to array bounds.
+
+There are 9 different events in an event_group.
+[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}(CVE-2024-38568)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ecryptfs: Fix buffer size for tag 66 packet
+
+The 'TAG 66 Packet Format' description is missing the cipher code and
+checksum fields that are packed into the message packet. As a result,
+the buffer allocated for the packet is 3 bytes too small and
+write_tag_66_packet() will write up to 3 bytes past the end of the
+buffer.
+
+Fix this by increasing the size of the allocation so the whole packet
+will always fit in the buffer.
+
+This fixes the below kasan slab-out-of-bounds bug:
+
+ BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ Write of size 1 at addr ffff88800afbb2a5 by task touch/181
+
+ CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x4c/0x70
+ print_report+0xc5/0x610
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? kasan_complete_mode_report_info+0x44/0x210
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ kasan_report+0xc2/0x110
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ __asan_store1+0x62/0x80
+ ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
+ ? __alloc_pages+0x2e2/0x540
+ ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
+ ? dentry_open+0x8f/0xd0
+ ecryptfs_write_metadata+0x30a/0x550
+ ? __pfx_ecryptfs_write_metadata+0x10/0x10
+ ? ecryptfs_get_lower_file+0x6b/0x190
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ ? __pfx_path_openat+0x10/0x10
+ do_filp_open+0x15e/0x290
+ ? __pfx_do_filp_open+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? _raw_spin_lock+0x86/0xf0
+ ? __pfx__raw_spin_lock+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? alloc_fd+0xf4/0x330
+ do_sys_openat2+0x122/0x160
+ ? __pfx_do_sys_openat2+0x10/0x10
+ __x64_sys_openat+0xef/0x170
+ ? __pfx___x64_sys_openat+0x10/0x10
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+ RIP: 0033:0x7f00a703fd67
+ Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
+ RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+ RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
+ RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
+ RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
+ R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
+ R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
+ </TASK>
+
+ Allocated by task 181:
+ kasan_save_stack+0x2f/0x60
+ kasan_set_track+0x29/0x40
+ kasan_save_alloc_info+0x25/0x40
+ __kasan_kmalloc+0xc5/0xd0
+ __kmalloc+0x66/0x160
+ ecryptfs_generate_key_packet_set+0x6d2/0xde0
+ ecryptfs_write_metadata+0x30a/0x550
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ do_filp_open+0x15e/0x290
+ do_sys_openat2+0x122/0x160
+ __x64_sys_openat+0xef/0x170
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2024-38578)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---(CVE-2024-38589)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ALSA: timer: Set lower bound of start tick time
+
+Currently ALSA timer doesn't have the lower limit of the start tick
+time, and it allows a very small size, e.g. 1 tick with 1ns resolution
+for hrtimer. Such a situation may lead to an unexpected RCU stall,
+where the callback repeatedly queuing the expire update, as reported
+by fuzzer.
+
+This patch introduces a sanity check of the timer start tick time, so
+that the system returns an error when a too small start size is set.
+As of this patch, the lower limit is hard-coded to 100us, which is
+small enough but can still work somehow.(CVE-2024-38618)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+usb-storage: alauda: Check whether the media is initialized
+
+The member "uzonesize" of struct alauda_info will remain 0
+if alauda_init_media() fails, potentially causing divide errors
+in alauda_read_data() and alauda_write_lba().
+- Add a member "media_initialized" to struct alauda_info.
+- Change a condition in alauda_check_media() to ensure the
+ first initialization.
+- Add an error check for the return value of alauda_init_media().(CVE-2024-38619)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
+
+The error handling in nilfs_empty_dir() when a directory folio/page read
+fails is incorrect, as in the old ext2 implementation, and if the
+folio/page cannot be read or nilfs_check_folio() fails, it will falsely
+determine the directory as empty and corrupt the file system.
+
+In addition, since nilfs_empty_dir() does not immediately return on a
+failed folio/page read, but continues to loop, this can cause a long loop
+with I/O if i_size of the directory's inode is also corrupted, causing the
+log writer thread to wait and hang, as reported by syzbot.
+
+Fix these issues by making nilfs_empty_dir() immediately return a false
+value (0) if it fails to get a directory folio/page.(CVE-2024-39469)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+xfs: fix log recovery buffer allocation for the legacy h_size fixup
+
+Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by
+mkfs") added a fixup for incorrect h_size values used for the initial
+umount record in old xfsprogs versions. Later commit 0c771b99d6c9
+("xfs: clean up calculation of LR header blocks") cleaned up the log
+reover buffer calculation, but stoped using the fixed up h_size value
+to size the log recovery buffer, which can lead to an out of bounds
+access when the incorrect h_size does not come from the old mkfs
+tool, but a fuzzer.
+
+Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
+into account for this calculation.(CVE-2024-39472)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.(CVE-2024-39494)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.(CVE-2024-39499)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/komeda: check for error-valued pointer
+
+komeda_pipeline_get_state() may return an error-valued pointer, thus
+check the pointer for negative or null value before dereferencing.(CVE-2024-39505)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().(CVE-2024-40904)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ipv6: fix possible race in __fib6_drop_pcpu_from()
+
+syzbot found a race in __fib6_drop_pcpu_from() [1]
+
+If compiler reads more than once (*ppcpu_rt),
+second read could read NULL, if another cpu clears
+the value in rt6_get_pcpu_route().
+
+Add a READ_ONCE() to prevent this race.
+
+Also add rcu_read_lock()/rcu_read_unlock() because
+we rely on RCU protection while dereferencing pcpu_rt.
+
+[1]
+
+Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
+KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
+CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+Workqueue: netns cleanup_net
+ RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
+Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
+RSP: 0018:ffffc900040df070 EFLAGS: 00010206
+RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
+RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
+RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
+R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
+R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
+FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
+ fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
+ fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
+ fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
+ fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
+ fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
+ fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
+ fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
+ fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
+ __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
+ rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
+ rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
+ addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
+ addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
+ notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
+ call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
+ call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
+ call_netdevice_notifiers net/core/dev.c:2044 [inline]
+ dev_close_many+0x333/0x6a0 net/core/dev.c:1585
+ unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
+ unregister_netdevice_many net/core/dev.c:11276 [inline]
+ default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
+ ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
+ cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
+ process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
+ process_scheduled_works kernel/workqueue.c:3312 [inline]
+ worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
+ kthread+0x2c1/0x3a0 kernel/kthread.c:389
+ ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.(CVE-2024-40912)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.(CVE-2024-40932)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.(CVE-2024-40941)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.(CVE-2024-40943)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.(CVE-2024-40968)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.(CVE-2024-40974)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: force a dst refcount before doing decryption
+
+As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
+entering the xfrm type handlers"):
+
+"Crypto requests might return asynchronous. In this case we leave the
+ rcu protected region, so force a refcount on the skb's destination
+ entry before we enter the xfrm type input/output handlers."
+
+On TIPC decryption path it has the same problem, and skb_dst_force()
+should be called before doing decryption to avoid a possible crash.
+
+Shuang reported this issue when this warning is triggered:
+
+ [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
+ [] Workqueue: crypto cryptd_queue_worker
+ [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Call Trace:
+ [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
+ [] tipc_rcv+0xcf5/0x1060 [tipc]
+ [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
+ [] cryptd_aead_crypt+0xdb/0x190
+ [] cryptd_queue_worker+0xed/0x190
+ [] process_one_work+0x93d/0x17e0(CVE-2024-40983)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.(CVE-2024-40984)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tracing: Build event generation tests only as modules
+
+The kprobes and synth event generation test modules add events and lock
+(get a reference) those event file reference in module init function,
+and unlock and delete it in module exit function. This is because those
+are designed for playing as modules.
+
+If we make those modules as built-in, those events are left locked in the
+kernel, and never be removed. This causes kprobe event self-test failure
+as below.
+
+[ 97.349708] ------------[ cut here ]------------
+[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.357106] Modules linked in:
+[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14
+[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90
+[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286
+[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000
+[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68
+[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000
+[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000
+[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000
+[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0
+[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 97.391196] Call Trace:
+[ 97.391967] <TASK>
+[ 97.392647] ? __warn+0xcc/0x180
+[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.395181] ? report_bug+0xbd/0x150
+[ 97.396234] ? handle_bug+0x3e/0x60
+[ 97.397311] ? exc_invalid_op+0x1a/0x50
+[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20
+[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20
+[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90
+[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.403773] ? init_kprobe_trace+0x50/0x50
+[ 97.404972] do_one_initcall+0x112/0x240
+[ 97.406113] do_initcall_level+0x95/0xb0
+[ 97.407286] ? kernel_init+0x1a/0x1a0
+[ 97.408401] do_initcalls+0x3f/0x70
+[ 97.409452] kernel_init_freeable+0x16f/0x1e0
+[ 97.410662] ? rest_init+0x1f0/0x1f0
+[ 97.411738] kernel_init+0x1a/0x1a0
+[ 97.412788] ret_from_fork+0x39/0x50
+[ 97.413817] ? rest_init+0x1f0/0x1f0
+[ 97.414844] ret_from_fork_asm+0x11/0x20
+[ 97.416285] </TASK>
+[ 97.417134] irq event stamp: 13437323
+[ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150
+[ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150
+[ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0
+[ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0
+[ 97.428850] ---[ end trace 0000000000000000 ]---
+
+And also, since we can not cleanup dynamic_event file, ftracetest are
+failed too.
+
+To avoid these issues, build these tests only as modules.(CVE-2024-41004)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.(CVE-2024-41007)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+bpf: Fix overrunning reservations in ringbuf
+
+The BPF ring buffer internally is implemented as a power-of-2 sized circular
+buffer, with two logical and ever-increasing counters: consumer_pos is the
+consumer counter to show which logical position the consumer consumed the
+data, and producer_pos which is the producer counter denoting the amount of
+data reserved by all producers.
+
+Each time a record is reserved, the producer that "owns" the record will
+successfully advance producer counter. In user space each time a record is
+read, the consumer of the data advanced the consumer counter once it finished
+processing. Both counters are stored in separate pages so that from user
+space, the producer counter is read-only and the consumer counter is read-write.
+
+One aspect that simplifies and thus speeds up the implementation of both
+producers and consumers is how the data area is mapped twice contiguously
+back-to-back in the virtual memory, allowing to not take any special measures
+for samples that have to wrap around at the end of the circular buffer data
+area, because the next page after the last data page would be first data page
+again, and thus the sample will still appear completely contiguous in virtual
+memory.
+
+Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
+book-keeping the length and offset, and is inaccessible to the BPF program.
+Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
+for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
+possible to make a second allocated memory chunk overlapping with the first
+chunk and as a result, the BPF program is now able to edit first chunk's
+header.
+
+For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
+of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
+bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
+[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
+allocate a chunk B with size 0x3000. This will succeed because consumer_pos
+was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
+check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
+to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
+earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
+pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
+bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
+locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
+B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
+page and could cause a crash.
+
+Fix it by calculating the oldest pending_pos and check whether the range
+from the oldest outstanding record to the newest would span beyond the ring
+buffer size. If that is the case, then reject the request. We've tested with
+the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
+before/after the fix and while it seems a bit slower on some benchmarks, it
+is still not significantly enough to matter.(CVE-2024-41009)
+ An update for kernel is now available for openEuler-22.03-LTS-SP1.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ kernel
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47432
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-47622
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48814
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48816
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48844
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52757
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52781
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38559
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38568
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38578
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38618
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38619
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39469
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39472
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39505
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40983
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41004
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41009
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2021-47432
+ https://nvd.nist.gov/vuln/detail/CVE-2021-47622
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48814
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48816
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48844
+ https://nvd.nist.gov/vuln/detail/CVE-2023-52757
+ https://nvd.nist.gov/vuln/detail/CVE-2023-52781
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36939
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38559
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38568
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38578
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38589
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38618
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38619
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39469
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39472
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39494
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39499
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39505
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40904
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40905
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40912
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40929
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40932
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40941
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40943
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40968
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40974
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40983
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40984
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40987
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41004
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41005
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41007
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41009
+
+
+
+
+ openEuler-22.03-LTS-SP1
+
+
+ kernel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-headers-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-source-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-tools-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ python3-perf-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+ python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.aarch64.rpm
+
+
+ kernel-5.10.0-136.86.0.167.oe2203sp1.src.rpm
+
+
+ kernel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-debugsource-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-headers-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-source-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-tools-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-tools-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ kernel-tools-devel-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ python3-perf-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+ python3-perf-debuginfo-5.10.0-136.86.0.167.oe2203sp1.x86_64.rpm
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+lib/generic-radix-tree.c: Don't overflow in peek()
+
+When we started spreading new inode numbers throughout most of the 64
+bit inode space, that triggered some corner case bugs, in particular
+some integer overflows related to the radix tree code. Oops.
+
+ 2024-07-26
+ CVE-2021-47432
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: ufs: Fix a deadlock in the error handler
+
+The following deadlock has been observed on a test setup:
+
+ - All tags allocated
+
+ - The SCSI error handler calls ufshcd_eh_host_reset_handler()
+
+ - ufshcd_eh_host_reset_handler() queues work that calls
+ ufshcd_err_handler()
+
+ - ufshcd_err_handler() locks up as follows:
+
+Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt
+Call trace:
+ __switch_to+0x298/0x5d8
+ __schedule+0x6cc/0xa94
+ schedule+0x12c/0x298
+ blk_mq_get_tag+0x210/0x480
+ __blk_mq_alloc_request+0x1c8/0x284
+ blk_get_request+0x74/0x134
+ ufshcd_exec_dev_cmd+0x68/0x640
+ ufshcd_verify_dev_init+0x68/0x35c
+ ufshcd_probe_hba+0x12c/0x1cb8
+ ufshcd_host_reset_and_restore+0x88/0x254
+ ufshcd_reset_and_restore+0xd0/0x354
+ ufshcd_err_handler+0x408/0xc58
+ process_one_work+0x24c/0x66c
+ worker_thread+0x3e8/0xa4c
+ kthread+0x150/0x1b4
+ ret_from_fork+0x10/0x30
+
+Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved
+request.
+
+ 2024-07-26
+ CVE-2021-47622
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+net: dsa: seville: register the mdiobus under devres
+
+As explained in commits:
+74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
+5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
+
+mdiobus_free() will panic when called from devm_mdiobus_free() <-
+devres_release_all() <- __device_release_driver(), and that mdiobus was
+not previously unregistered.
+
+The Seville VSC9959 switch is a platform device, so the initial set of
+constraints that I thought would cause this (I2C or SPI buses which call
+->remove on ->shutdown) do not apply. But there is one more which
+applies here.
+
+If the DSA master itself is on a bus that calls ->remove from ->shutdown
+(like dpaa2-eth, which is on the fsl-mc bus), there is a device link
+between the switch and the DSA master, and device_links_unbind_consumers()
+will unbind the seville switch driver on shutdown.
+
+So the same treatment must be applied to all DSA switch drivers, which
+is: either use devres for both the mdiobus allocation and registration,
+or don't use devres at all.
+
+The seville driver has a code structure that could accommodate both the
+mdiobus_unregister and mdiobus_free calls, but it has an external
+dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls
+devm_mdiobus_alloc_size() on its behalf. So rather than restructuring
+that, and exporting yet one more symbol mscc_miim_teardown(), let's work
+with devres and replace of_mdiobus_register with the devres variant.
+When we use all-devres, we can ensure that devres doesn't free a
+still-registered bus (it either runs both callbacks, or none).
+
+ 2024-07-26
+ CVE-2022-48814
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+SUNRPC: lock against ->sock changing during sysfs read
+
+->sock can be set to NULL asynchronously unless ->recv_mutex is held.
+So it is important to hold that mutex. Otherwise a sysfs read can
+trigger an oops.
+Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before
+handling sysfs reads") appears to attempt to fix this problem, but it
+only narrows the race window.
+
+ 2024-07-26
+ CVE-2022-48816
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+Bluetooth: hci_core: Fix leaking sent_cmd skb
+
+sent_cmd memory is not freed before freeing hci_dev causing it to leak
+it contents.
+
+ 2024-07-26
+ CVE-2022-48844
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+smb: client: fix potential deadlock when releasing mids
+
+All release_mid() callers seem to hold a reference of @mid so there is
+no need to call kref_put(&mid->refcount, __release_mid) under
+@server->mid_lock spinlock. If they don't, then an use-after-free bug
+would have occurred anyways.
+
+By getting rid of such spinlock also fixes a potential deadlock as
+shown below
+
+CPU 0 CPU 1
+------------------------------------------------------------------
+cifs_demultiplex_thread() cifs_debug_data_proc_show()
+ release_mid()
+ spin_lock(&server->mid_lock);
+ spin_lock(&cifs_tcp_ses_lock)
+ spin_lock(&server->mid_lock)
+ __release_mid()
+ smb2_find_smb_tcon()
+ spin_lock(&cifs_tcp_ses_lock) *deadlock*
+
+ 2024-07-26
+ CVE-2023-52757
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
+
+The BOS descriptor defines a root descriptor and is the base descriptor for
+accessing a family of related descriptors.
+
+Function 'usb_get_bos_descriptor()' encounters an iteration issue when
+skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
+the same descriptor being read repeatedly.
+
+To address this issue, a 'goto' statement is introduced to ensure that the
+pointer and the amount read is updated correctly. This ensures that the
+function iterates to the next descriptor instead of reading the same
+descriptor repeatedly.
+
+ 2024-07-26
+ CVE-2023-52781
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.3
+ AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>
+
+ 2024-07-26
+ CVE-2024-36939
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.6
+ AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: qedf: Ensure the copied buf is NUL terminated
+
+Currently, we allocate a count-sized kernel buffer and copy count from
+userspace to that buffer. Later, we use kstrtouint on this buffer but we
+don't ensure that the string is terminated inside the buffer, this can
+lead to OOB read when using kstrtouint. Fix this issue by using
+memdup_user_nul instead of memdup_user.
+
+ 2024-07-26
+ CVE-2024-38559
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
+
+The perf tool allows users to create event groups through following
+cmd [1], but the driver does not check whether the array index is out
+of bounds when writing data to the event_group array. If the number of
+events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the
+memory write overflow of event_group array occurs.
+
+Add array index check to fix the possible array out of bounds violation,
+and return directly when write new events are written to array bounds.
+
+There are 9 different events in an event_group.
+[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}
+
+ 2024-07-26
+ CVE-2024-38568
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 6.1
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ecryptfs: Fix buffer size for tag 66 packet
+
+The 'TAG 66 Packet Format' description is missing the cipher code and
+checksum fields that are packed into the message packet. As a result,
+the buffer allocated for the packet is 3 bytes too small and
+write_tag_66_packet() will write up to 3 bytes past the end of the
+buffer.
+
+Fix this by increasing the size of the allocation so the whole packet
+will always fit in the buffer.
+
+This fixes the below kasan slab-out-of-bounds bug:
+
+ BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ Write of size 1 at addr ffff88800afbb2a5 by task touch/181
+
+ CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x4c/0x70
+ print_report+0xc5/0x610
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? kasan_complete_mode_report_info+0x44/0x210
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ kasan_report+0xc2/0x110
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ __asan_store1+0x62/0x80
+ ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
+ ? __alloc_pages+0x2e2/0x540
+ ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
+ ? dentry_open+0x8f/0xd0
+ ecryptfs_write_metadata+0x30a/0x550
+ ? __pfx_ecryptfs_write_metadata+0x10/0x10
+ ? ecryptfs_get_lower_file+0x6b/0x190
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ ? __pfx_path_openat+0x10/0x10
+ do_filp_open+0x15e/0x290
+ ? __pfx_do_filp_open+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? _raw_spin_lock+0x86/0xf0
+ ? __pfx__raw_spin_lock+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? alloc_fd+0xf4/0x330
+ do_sys_openat2+0x122/0x160
+ ? __pfx_do_sys_openat2+0x10/0x10
+ __x64_sys_openat+0xef/0x170
+ ? __pfx___x64_sys_openat+0x10/0x10
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+ RIP: 0033:0x7f00a703fd67
+ Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
+ RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+ RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
+ RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
+ RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
+ R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
+ R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
+ </TASK>
+
+ Allocated by task 181:
+ kasan_save_stack+0x2f/0x60
+ kasan_set_track+0x29/0x40
+ kasan_save_alloc_info+0x25/0x40
+ __kasan_kmalloc+0xc5/0xd0
+ __kmalloc+0x66/0x160
+ ecryptfs_generate_key_packet_set+0x6d2/0xde0
+ ecryptfs_write_metadata+0x30a/0x550
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ do_filp_open+0x15e/0x290
+ do_sys_openat2+0x122/0x160
+ __x64_sys_openat+0xef/0x170
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+
+ 2024-07-26
+ CVE-2024-38578
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---
+
+ 2024-07-26
+ CVE-2024-38589
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ALSA: timer: Set lower bound of start tick time
+
+Currently ALSA timer doesn't have the lower limit of the start tick
+time, and it allows a very small size, e.g. 1 tick with 1ns resolution
+for hrtimer. Such a situation may lead to an unexpected RCU stall,
+where the callback repeatedly queuing the expire update, as reported
+by fuzzer.
+
+This patch introduces a sanity check of the timer start tick time, so
+that the system returns an error when a too small start size is set.
+As of this patch, the lower limit is hard-coded to 100us, which is
+small enough but can still work somehow.
+
+ 2024-07-26
+ CVE-2024-38618
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+usb-storage: alauda: Check whether the media is initialized
+
+The member "uzonesize" of struct alauda_info will remain 0
+if alauda_init_media() fails, potentially causing divide errors
+in alauda_read_data() and alauda_write_lba().
+- Add a member "media_initialized" to struct alauda_info.
+- Change a condition in alauda_check_media() to ensure the
+ first initialization.
+- Add an error check for the return value of alauda_init_media().
+
+ 2024-07-26
+ CVE-2024-38619
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
+
+The error handling in nilfs_empty_dir() when a directory folio/page read
+fails is incorrect, as in the old ext2 implementation, and if the
+folio/page cannot be read or nilfs_check_folio() fails, it will falsely
+determine the directory as empty and corrupt the file system.
+
+In addition, since nilfs_empty_dir() does not immediately return on a
+failed folio/page read, but continues to loop, this can cause a long loop
+with I/O if i_size of the directory's inode is also corrupted, causing the
+log writer thread to wait and hang, as reported by syzbot.
+
+Fix these issues by making nilfs_empty_dir() immediately return a false
+value (0) if it fails to get a directory folio/page.
+
+ 2024-07-26
+ CVE-2024-39469
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ( xfs: detect and handle invalid iclog size set bymkfs ) added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9( xfs: clean up calculation of LR header blocks ) cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.
+
+ 2024-07-26
+ CVE-2024-39472
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.
+
+ 2024-07-26
+ CVE-2024-39494
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.
+
+ 2024-07-26
+ CVE-2024-39499
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/komeda: check for error-valued pointer
+
+komeda_pipeline_get_state() may return an error-valued pointer, thus
+check the pointer for negative or null value before dereferencing.
+
+ 2024-07-26
+ CVE-2024-39505
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().
+
+ 2024-07-26
+ CVE-2024-40904
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ipv6: fix possible race in __fib6_drop_pcpu_from()
+
+syzbot found a race in __fib6_drop_pcpu_from() [1]
+
+If compiler reads more than once (*ppcpu_rt),
+second read could read NULL, if another cpu clears
+the value in rt6_get_pcpu_route().
+
+Add a READ_ONCE() to prevent this race.
+
+Also add rcu_read_lock()/rcu_read_unlock() because
+we rely on RCU protection while dereferencing pcpu_rt.
+
+[1]
+
+Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
+KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
+CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+Workqueue: netns cleanup_net
+ RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
+Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
+RSP: 0018:ffffc900040df070 EFLAGS: 00010206
+RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
+RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
+RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
+R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
+R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
+FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
+ fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
+ fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
+ fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
+ fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
+ fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
+ fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
+ fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
+ fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
+ __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
+ rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
+ rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
+ addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
+ addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
+ notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
+ call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
+ call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
+ call_netdevice_notifiers net/core/dev.c:2044 [inline]
+ dev_close_many+0x333/0x6a0 net/core/dev.c:1585
+ unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
+ unregister_netdevice_many net/core/dev.c:11276 [inline]
+ default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
+ ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
+ cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
+ process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
+ process_scheduled_works kernel/workqueue.c:3312 [inline]
+ worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
+ kthread+0x2c1/0x3a0 kernel/kthread.c:389
+ ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+
+ 2024-07-26
+ CVE-2024-40905
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ None
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.
+
+ 2024-07-26
+ CVE-2024-40912
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.
+
+ 2024-07-26
+ CVE-2024-40929
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.
+
+ 2024-07-26
+ CVE-2024-40932
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.
+
+ 2024-07-26
+ CVE-2024-40941
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.
+
+ 2024-07-26
+ CVE-2024-40943
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.
+
+ 2024-07-26
+ CVE-2024-40968
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.
+
+ 2024-07-26
+ CVE-2024-40974
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: force a dst refcount before doing decryption
+
+As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
+entering the xfrm type handlers"):
+
+"Crypto requests might return asynchronous. In this case we leave the
+ rcu protected region, so force a refcount on the skb's destination
+ entry before we enter the xfrm type input/output handlers."
+
+On TIPC decryption path it has the same problem, and skb_dst_force()
+should be called before doing decryption to avoid a possible crash.
+
+Shuang reported this issue when this warning is triggered:
+
+ [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
+ [] Workqueue: crypto cryptd_queue_worker
+ [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Call Trace:
+ [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
+ [] tipc_rcv+0xcf5/0x1060 [tipc]
+ [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
+ [] cryptd_aead_crypt+0xdb/0x190
+ [] cryptd_queue_worker+0xed/0x190
+ [] process_one_work+0x93d/0x17e0
+
+ 2024-07-26
+ CVE-2024-40983
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.
+
+ 2024-07-26
+ CVE-2024-40984
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.
+
+ 2024-07-26
+ CVE-2024-40987
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tracing: Build event generation tests only as modules
+
+The kprobes and synth event generation test modules add events and lock
+(get a reference) those event file reference in module init function,
+and unlock and delete it in module exit function. This is because those
+are designed for playing as modules.
+
+If we make those modules as built-in, those events are left locked in the
+kernel, and never be removed. This causes kprobe event self-test failure
+as below.
+
+[ 97.349708] ------------[ cut here ]------------
+[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.357106] Modules linked in:
+[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14
+[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90
+[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286
+[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000
+[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68
+[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000
+[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000
+[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000
+[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0
+[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 97.391196] Call Trace:
+[ 97.391967] <TASK>
+[ 97.392647] ? __warn+0xcc/0x180
+[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.395181] ? report_bug+0xbd/0x150
+[ 97.396234] ? handle_bug+0x3e/0x60
+[ 97.397311] ? exc_invalid_op+0x1a/0x50
+[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20
+[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20
+[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90
+[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.403773] ? init_kprobe_trace+0x50/0x50
+[ 97.404972] do_one_initcall+0x112/0x240
+[ 97.406113] do_initcall_level+0x95/0xb0
+[ 97.407286] ? kernel_init+0x1a/0x1a0
+[ 97.408401] do_initcalls+0x3f/0x70
+[ 97.409452] kernel_init_freeable+0x16f/0x1e0
+[ 97.410662] ? rest_init+0x1f0/0x1f0
+[ 97.411738] kernel_init+0x1a/0x1a0
+[ 97.412788] ret_from_fork+0x39/0x50
+[ 97.413817] ? rest_init+0x1f0/0x1f0
+[ 97.414844] ret_from_fork_asm+0x11/0x20
+[ 97.416285] </TASK>
+[ 97.417134] irq event stamp: 13437323
+[ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150
+[ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150
+[ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0
+[ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0
+[ 97.428850] ---[ end trace 0000000000000000 ]---
+
+And also, since we can not cleanup dynamic_event file, ftracetest are
+failed too.
+
+To avoid these issues, build these tests only as modules.
+
+ 2024-07-26
+ CVE-2024-41004
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.
+
+ 2024-07-26
+ CVE-2024-41005
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.
+
+ 2024-07-26
+ CVE-2024-41007
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that owns the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A s header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header s pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A s header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We ve tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.
+
+ 2024-07-26
+ CVE-2024-41009
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1897.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1897.xml
new file mode 100644
index 0000000..76270db
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1897.xml
@@ -0,0 +1,3897 @@
+
+
+ An update for kernel is now available for openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1897
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ kernel security update
+ An update for kernel is now available for openEuler-24.03-LTS
+ The Linux Kernel, the operating system core itself.
+
+Security Fix(es):
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+PCI: of_property: Return error for int_map allocation failure
+
+Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a
+NULL pointer dereference in this case.
+
+[bhelgaas: commit log](CVE-2024-34030)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/arm/malidp: fix a possible null pointer dereference
+
+In malidp_mw_connector_reset, new memory is allocated with kzalloc, but
+no check is performed. In order to prevent null pointer dereferencing,
+ensure that mw_state is checked before calling
+__drm_atomic_helper_connector_reset.(CVE-2024-36014)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
+
+Assuming the following:
+- side A configures the n_gsm in basic option mode
+- side B sends the header of a basic option mode frame with data length 1
+- side A switches to advanced option mode
+- side B sends 2 data bytes which exceeds gsm->len
+ Reason: gsm->len is not used in advanced option mode.
+- side A switches to basic option mode
+- side B keeps sending until gsm0_receive() writes past gsm->buf
+ Reason: Neither gsm->state nor gsm->len have been reset after
+ reconfiguration.
+
+Fix this by changing gsm->count to gsm->len comparison from equal to less
+than. Also add upper limit checks against the constant MAX_MRU in
+gsm0_receive() and gsm1_receive() to harden against memory corruption of
+gsm->len and gsm->mru.
+
+All other checks remain as we still need to limit the data according to the
+user configuration and actual payload size.(CVE-2024-36016)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+keys: Fix overwrite of key expiration on instantiation
+
+The expiry time of a key is unconditionally overwritten during
+instantiation, defaulting to turn it permanent. This causes a problem
+for DNS resolution as the expiration set by user-space is overwritten to
+TIME64_MAX, disabling further DNS updates. Fix this by restoring the
+condition that key_set_expiry is only called when the pre-parser sets a
+specific expiry.(CVE-2024-36031)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+mm/userfaultfd: reset ptes when close() for wr-protected ones
+
+Userfaultfd unregister includes a step to remove wr-protect bits from all
+the relevant pgtable entries, but that only covered an explicit
+UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover
+that too. This fixes a WARN trace.
+
+The only user visible side effect is the user can observe leftover
+wr-protect bits even if the user close()ed on an userfaultfd when
+releasing the last reference of it. However hopefully that should be
+harmless, and nothing bad should happen even if so.
+
+This change is now more important after the recent page-table-check
+patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check:
+support userfault wr-protect entries")), as we'll do sanity check on
+uffd-wp bits without vma context. So it's better if we can 100%
+guarantee no uffd-wp bit leftovers, to make sure each report will be
+valid.(CVE-2024-36881)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>(CVE-2024-36939)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+net: bridge: mst: fix vlan use-after-free
+
+syzbot reported a suspicious rcu usage[1] in bridge's mst code. While
+fixing it I noticed that nothing prevents a vlan to be freed while
+walking the list from the same path (br forward delay timer). Fix the rcu
+usage and also make sure we are not accessing freed memory by making
+br_mst_vlan_set_state use rcu read lock.
+
+[1]
+ WARNING: suspicious RCU usage
+ 6.9.0-rc6-syzkaller #0 Not tainted
+ -----------------------------
+ net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!
+ ...
+ stack backtrace:
+ CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0
+ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
+ Call Trace:
+ <IRQ>
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
+ lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
+ nbp_vlan_group net/bridge/br_private.h:1599 [inline]
+ br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105
+ br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47
+ br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88
+ call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
+ expire_timers kernel/time/timer.c:1844 [inline]
+ __run_timers kernel/time/timer.c:2418 [inline]
+ __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429
+ run_timer_base kernel/time/timer.c:2438 [inline]
+ run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448
+ __do_softirq+0x2c6/0x980 kernel/softirq.c:554
+ invoke_softirq kernel/softirq.c:428 [inline]
+ __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
+ irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
+ instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
+ sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
+ </IRQ>
+ <TASK>
+ asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
+ RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
+ Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
+ RSP: 0018:ffffc90013657100 EFLAGS: 00000206
+ RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001
+ RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60
+ RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0
+ R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28
+ R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246(CVE-2024-36979)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: qedf: Ensure the copied buf is NUL terminated
+
+Currently, we allocate a count-sized kernel buffer and copy count from
+userspace to that buffer. Later, we use kstrtouint on this buffer but we
+don't ensure that the string is terminated inside the buffer, this can
+lead to OOB read when using kstrtouint. Fix this issue by using
+memdup_user_nul instead of memdup_user.(CVE-2024-38559)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ecryptfs: Fix buffer size for tag 66 packet
+
+The 'TAG 66 Packet Format' description is missing the cipher code and
+checksum fields that are packed into the message packet. As a result,
+the buffer allocated for the packet is 3 bytes too small and
+write_tag_66_packet() will write up to 3 bytes past the end of the
+buffer.
+
+Fix this by increasing the size of the allocation so the whole packet
+will always fit in the buffer.
+
+This fixes the below kasan slab-out-of-bounds bug:
+
+ BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ Write of size 1 at addr ffff88800afbb2a5 by task touch/181
+
+ CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x4c/0x70
+ print_report+0xc5/0x610
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? kasan_complete_mode_report_info+0x44/0x210
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ kasan_report+0xc2/0x110
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ __asan_store1+0x62/0x80
+ ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
+ ? __alloc_pages+0x2e2/0x540
+ ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
+ ? dentry_open+0x8f/0xd0
+ ecryptfs_write_metadata+0x30a/0x550
+ ? __pfx_ecryptfs_write_metadata+0x10/0x10
+ ? ecryptfs_get_lower_file+0x6b/0x190
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ ? __pfx_path_openat+0x10/0x10
+ do_filp_open+0x15e/0x290
+ ? __pfx_do_filp_open+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? _raw_spin_lock+0x86/0xf0
+ ? __pfx__raw_spin_lock+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? alloc_fd+0xf4/0x330
+ do_sys_openat2+0x122/0x160
+ ? __pfx_do_sys_openat2+0x10/0x10
+ __x64_sys_openat+0xef/0x170
+ ? __pfx___x64_sys_openat+0x10/0x10
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+ RIP: 0033:0x7f00a703fd67
+ Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
+ RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+ RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
+ RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
+ RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
+ R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
+ R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
+ </TASK>
+
+ Allocated by task 181:
+ kasan_save_stack+0x2f/0x60
+ kasan_set_track+0x29/0x40
+ kasan_save_alloc_info+0x25/0x40
+ __kasan_kmalloc+0xc5/0xd0
+ __kmalloc+0x66/0x160
+ ecryptfs_generate_key_packet_set+0x6d2/0xde0
+ ecryptfs_write_metadata+0x30a/0x550
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ do_filp_open+0x15e/0x290
+ do_sys_openat2+0x122/0x160
+ __x64_sys_openat+0xef/0x170
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8(CVE-2024-38578)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---(CVE-2024-38589)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ALSA: timer: Set lower bound of start tick time
+
+Currently ALSA timer doesn't have the lower limit of the start tick
+time, and it allows a very small size, e.g. 1 tick with 1ns resolution
+for hrtimer. Such a situation may lead to an unexpected RCU stall,
+where the callback repeatedly queuing the expire update, as reported
+by fuzzer.
+
+This patch introduces a sanity check of the timer start tick time, so
+that the system returns an error when a too small start size is set.
+As of this patch, the lower limit is hard-coded to 100us, which is
+small enough but can still work somehow.(CVE-2024-38618)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+usb-storage: alauda: Check whether the media is initialized
+
+The member "uzonesize" of struct alauda_info will remain 0
+if alauda_init_media() fails, potentially causing divide errors
+in alauda_read_data() and alauda_write_lba().
+- Add a member "media_initialized" to struct alauda_info.
+- Change a condition in alauda_check_media() to ensure the
+ first initialization.
+- Add an error check for the return value of alauda_init_media().(CVE-2024-38619)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+9p: add missing locking around taking dentry fid list
+
+Fix a use-after-free on dentry's d_fsdata fid list when a thread
+looks up a fid through dentry while another thread unlinks it:
+
+UAF thread:
+refcount_t: addition on 0; use-after-free.
+ p9_fid_get linux/./include/net/9p/client.h:262
+ v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129
+ v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181
+ v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314
+ v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400
+ vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248
+
+Freed by:
+ p9_fid_destroy (inlined)
+ p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456
+ p9_fid_put linux/./include/net/9p/client.h:278
+ v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55
+ v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518
+ vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335
+
+The problem is that d_fsdata was not accessed under d_lock, because
+d_release() normally is only called once the dentry is otherwise no
+longer accessible but since we also call it explicitly in v9fs_remove
+that lock is required:
+move the hlist out of the dentry under lock then unref its fids once
+they are no longer accessible.(CVE-2024-39463)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
+
+The error handling in nilfs_empty_dir() when a directory folio/page read
+fails is incorrect, as in the old ext2 implementation, and if the
+folio/page cannot be read or nilfs_check_folio() fails, it will falsely
+determine the directory as empty and corrupt the file system.
+
+In addition, since nilfs_empty_dir() does not immediately return on a
+failed folio/page read, but continues to loop, this can cause a long loop
+with I/O if i_size of the directory's inode is also corrupted, causing the
+log writer thread to wait and hang, as reported by syzbot.
+
+Fix these issues by making nilfs_empty_dir() immediately return a false
+value (0) if it fails to get a directory folio/page.(CVE-2024-39469)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+xfs: fix log recovery buffer allocation for the legacy h_size fixup
+
+Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by
+mkfs") added a fixup for incorrect h_size values used for the initial
+umount record in old xfsprogs versions. Later commit 0c771b99d6c9
+("xfs: clean up calculation of LR header blocks") cleaned up the log
+reover buffer calculation, but stoped using the fixed up h_size value
+to size the log recovery buffer, which can lead to an out of bounds
+access when the incorrect h_size does not come from the old mkfs
+tool, but a fuzzer.
+
+Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
+into account for this calculation.(CVE-2024-39472)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+media: v4l: async: Properly re-initialise notifier entry in unregister
+
+The notifier_entry of a notifier is not re-initialised after unregistering
+the notifier. This leads to dangling pointers being left there so use
+list_del_init() to return the notifier_entry an empty list.(CVE-2024-39485)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.(CVE-2024-39494)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.(CVE-2024-39499)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/komeda: check for error-valued pointer
+
+komeda_pipeline_get_state() may return an error-valued pointer, thus
+check the pointer for negative or null value before dereferencing.(CVE-2024-39505)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.(CVE-2024-40912)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
+
+When reading EDID fails and driver reports no modes available, the DRM
+core adds an artificial 1024x786 mode to the connector. Unfortunately
+some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not
+able to drive such mode, so report a safe 640x480 mode instead of nothing
+in case of the EDID reading failure.
+
+This fixes the following issue observed on Trats2 board since commit
+13d5b040363c ("drm/exynos: do not return negative values from .get_modes()"):
+
+[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations
+exynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)
+exynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)
+exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)
+exynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)
+exynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)
+[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1
+exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state
+panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c
+exynos-mixer 12c10000.mixer: timeout waiting for VSYNC
+------------[ cut here ]------------
+WARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8
+[CRTC:70:crtc-1] vblank wait timed out
+Modules linked in:
+CPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913
+Hardware name: Samsung Exynos (Flattened Device Tree)
+Workqueue: events_unbound deferred_probe_work_func
+Call trace:
+ unwind_backtrace from show_stack+0x10/0x14
+ show_stack from dump_stack_lvl+0x68/0x88
+ dump_stack_lvl from __warn+0x7c/0x1c4
+ __warn from warn_slowpath_fmt+0x11c/0x1a8
+ warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8
+ drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c
+ drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184
+ commit_tail from drm_atomic_helper_commit+0x168/0x190
+ drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0
+ drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c
+ drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc
+ drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40
+ drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4
+ __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c
+ drm_fb_helper_set_par from fbcon_init+0x3d8/0x550
+ fbcon_init from visual_init+0xc0/0x108
+ visual_init from do_bind_con_driver+0x1b8/0x3a4
+ do_bind_con_driver from do_take_over_console+0x140/0x1ec
+ do_take_over_console from do_fbcon_takeover+0x70/0xd0
+ do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac
+ fbcon_fb_registered from register_framebuffer+0x190/0x21c
+ register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574
+ __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0
+ exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94
+ drm_client_register from exynos_drm_bind+0x160/0x190
+ exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8
+ try_to_bring_up_aggregate_device from __component_add+0xb0/0x170
+ __component_add from mixer_probe+0x74/0xcc
+ mixer_probe from platform_probe+0x5c/0xb8
+ platform_probe from really_probe+0xe0/0x3d8
+ really_probe from __driver_probe_device+0x9c/0x1e4
+ __driver_probe_device from driver_probe_device+0x30/0xc0
+ driver_probe_device from __device_attach_driver+0xa8/0x120
+ __device_attach_driver from bus_for_each_drv+0x80/0xcc
+ bus_for_each_drv from __device_attach+0xac/0x1fc
+ __device_attach from bus_probe_device+0x8c/0x90
+ bus_probe_device from deferred_probe_work_func+0
+---truncated---(CVE-2024-40916)
+
+In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more stable. Systems with PA8800 and PA8900 processors have a large L2 cache which needs per page flushing for decent performance when a large range is flushed. The combined cache in these systems is also more sensitive to non-equivalent aliases than the caches in earlier systems. The majority of random segmentation faults that I have looked at appear to be memory corruption in memory allocated using mmap and malloc. My first attempt at fixing the random faults didn't work. On reviewing the cache code, I realized that there were two issues which the existing code didn't handle correctly. Both relate to cache move-in. Another issue is that the present bit in PTEs is racy. 1) PA-RISC caches have a mind of their own and they can speculatively load data and instructions for a page as long as there is a entry in the TLB for the page which allows move-in. TLBs are local to each CPU. Thus, the TLB entry for a page must be purged before flushing the page. This is particularly important on SMP systems. In some of the flush routines, the flush routine would be called and then the TLB entry would be purged. This was because the flush routine needed the TLB entry to do the flush. 2) My initial approach to trying the fix the random faults was to try and use flush_cache_page_if_present for all flush operations. This actually made things worse and led to a couple of hardware lockups. It finally dawned on me that some lines weren't being flushed because the pte check code was racy. This resulted in random inequivalent mappings to physical pages. The __flush_cache_page tmpalias flush sets up its own TLB entry and it doesn't need the existing TLB entry. As long as we can find the pte pointer for the vm page, we can get the pfn and physical address of the page. We can also purge the TLB entry for the page before doing the flush. Further, __flush_cache_page uses a special TLB entry that inhibits cache move-in. When switching page mappings, we need to ensure that lines are removed from the cache. It is not sufficient to just flush the lines to memory as they may come back. This made it clear that we needed to implement all the required flush operations using tmpalias routines. This includes flushes for user and kernel pages. After modifying the code to use tmpalias flushes, it became clear that the random segmentation faults were not fully resolved. The frequency of faults was worse on systems with a 64 MB L2 (PA8900) and systems with more CPUs (rp4440). The warning that I added to flush_cache_page_if_present to detect pages that couldn't be flushed triggered frequently on some systems. Helge and I looked at the pages that couldn't be flushed and found that the PTE was either cleared or for a swap page. Ignoring pages that were swapped out seemed okay but pages with cleared PTEs seemed problematic. I looked at routines related to pte_clear and noticed ptep_clear_flush. The default implementation just flushes the TLB entry. However, it was obvious that on parisc we need to flush the cache page as well. If we don't flush the cache page, stale lines will be left in the cache and cause random corruption. Once a PTE is cleared, there is no way to find the physical address associated with the PTE and flush the associated page at a later time. I implemented an updated change with a parisc specific version of ptep_clear_flush. It fixed the random data corruption on Helge's rp4440 and rp3440, as well as on my c8000. At this point, I realized that I could restore the code where we only flush in flush_cache_page_if_present if the page has been accessed. However, for this, we also need to flush the cache when the accessed bit is cleared in ---truncated---(CVE-2024-40918)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+vmxnet3: disable rx data ring on dma allocation failure
+
+When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,
+the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset
+rq->data_ring.desc_size for the data ring that failed, which presumably
+causes the hypervisor to reference it on packet reception.
+
+To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell
+the hypervisor to disable this feature.
+
+[ 95.436876] kernel BUG at net/core/skbuff.c:207!
+[ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
+[ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1
+[ 95.441558] Hardware name: VMware, Inc. VMware Virtual
+Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
+[ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f
+[ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50
+ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9
+ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24
+[ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246
+[ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f
+[ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f
+[ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60
+[ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000
+[ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0
+[ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000
+[ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0
+[ 95.459791] Call Trace:
+[ 95.460515] <IRQ>
+[ 95.461180] ? __die_body.cold+0x19/0x27
+[ 95.462150] ? die+0x2e/0x50
+[ 95.462976] ? do_trap+0xca/0x110
+[ 95.463973] ? do_error_trap+0x6a/0x90
+[ 95.464966] ? skb_panic+0x4d/0x4f
+[ 95.465901] ? exc_invalid_op+0x50/0x70
+[ 95.466849] ? skb_panic+0x4d/0x4f
+[ 95.467718] ? asm_exc_invalid_op+0x1a/0x20
+[ 95.468758] ? skb_panic+0x4d/0x4f
+[ 95.469655] skb_put.cold+0x10/0x10
+[ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]
+[ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]
+[ 95.473185] __napi_poll+0x2b/0x160
+[ 95.474145] net_rx_action+0x2c6/0x3b0
+[ 95.475115] handle_softirqs+0xe7/0x2a0
+[ 95.476122] __irq_exit_rcu+0x97/0xb0
+[ 95.477109] common_interrupt+0x85/0xa0
+[ 95.478102] </IRQ>
+[ 95.478846] <TASK>
+[ 95.479603] asm_common_interrupt+0x26/0x40
+[ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20
+[ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
+[ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246
+[ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000
+[ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001
+[ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3
+[ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260
+[ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000
+[ 95.495035] acpi_safe_halt+0x14/0x20
+[ 95.496127] acpi_idle_do_entry+0x2f/0x50
+[ 95.497221] acpi_idle_enter+0x7f/0xd0
+[ 95.498272] cpuidle_enter_state+0x81/0x420
+[ 95.499375] cpuidle_enter+0x2d/0x40
+[ 95.500400] do_idle+0x1e5/0x240
+[ 95.501385] cpu_startup_entry+0x29/0x30
+[ 95.502422] start_secondary+0x11c/0x140
+[ 95.503454] common_startup_64+0x13e/0x141
+[ 95.504466] </TASK>
+[ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4
+nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6
+nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip
+---truncated---(CVE-2024-40923)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.(CVE-2024-40929)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.(CVE-2024-40932)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+cxl/region: Fix memregion leaks in devm_cxl_add_region()
+
+Move the mode verification to __create_region() before allocating the
+memregion to avoid the memregion leaks.(CVE-2024-40936)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.(CVE-2024-40941)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.(CVE-2024-40943)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()
+
+bdev->bd_super has been removed and commit 8887b94d9322 change the usage
+from bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set
+bh->b_assoc_map, it will trigger NULL pointer dereference when calling
+into ocfs2_abort_trigger().
+
+Actually this was pointed out in history, see commit 74e364ad1b13. But
+I've made a mistake when reviewing commit 8887b94d9322 and then
+re-introduce this regression.
+
+Since we cannot revive bdev in buffer head, so fix this issue by
+initializing all types of ocfs2 triggers when fill super, and then get the
+specific ocfs2 trigger from ocfs2_caching_info when access journal.
+
+[joseph.qi@linux.alibaba.com: v2]
+ Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.com(CVE-2024-40951)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()
+
+bdev->bd_super has been removed and commit 8887b94d9322 change the usage
+from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the
+following NULL pointer dereference in ocfs2_journal_dirty() since
+b_assoc_map is still not initialized. This can be easily reproduced by
+running xfstests generic/186, which simulate no more credits.
+
+[ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000
+...
+[ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]
+...
+[ 134.365071] Call Trace:
+[ 134.365312] <TASK>
+[ 134.365524] ? __die_body+0x1e/0x60
+[ 134.365868] ? page_fault_oops+0x13d/0x4f0
+[ 134.366265] ? __pfx_bit_wait_io+0x10/0x10
+[ 134.366659] ? schedule+0x27/0xb0
+[ 134.366981] ? exc_page_fault+0x6a/0x140
+[ 134.367356] ? asm_exc_page_fault+0x26/0x30
+[ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]
+[ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]
+[ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]
+[ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2]
+[ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]
+[ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2]
+[ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2]
+[ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]
+[ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]
+[ 134.372994] ? inode_update_timestamps+0x4a/0x120
+[ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]
+[ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]
+[ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]
+[ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2]
+[ 134.376971] ? security_file_permission+0x29/0x50
+[ 134.377644] vfs_clone_file_range+0xfe/0x320
+[ 134.378268] ioctl_file_clone+0x45/0xa0
+[ 134.378853] do_vfs_ioctl+0x457/0x990
+[ 134.379422] __x64_sys_ioctl+0x6e/0xd0
+[ 134.379987] do_syscall_64+0x5d/0x170
+[ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[ 134.381231] RIP: 0033:0x7fa4926397cb
+[ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48
+[ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+[ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb
+[ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003
+[ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000
+[ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
+[ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000
+[ 134.389207] </TASK>
+
+Fix it by only aborting transaction and journal in ocfs2_journal_dirty()
+now, and leave ocfs2_abort() later when detecting an aborted handle,
+e.g. start next transaction. Also log the handle details in this case.(CVE-2024-40952)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
+
+input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for
+PREROUTING hook, in PREROUTING hook, we should passing a valid indev,
+and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer
+dereference, as below:
+
+ [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090
+ [74830.655633] #PF: supervisor read access in kernel mode
+ [74830.657888] #PF: error_code(0x0000) - not-present page
+ [74830.659500] PGD 0 P4D 0
+ [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI
+ ...
+ [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
+ [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]
+ ...
+ [74830.689725] Call Trace:
+ [74830.690402] <IRQ>
+ [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df
+ [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df
+ [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables]
+ [74830.694275] ? __die_body.cold+0x8/0xd
+ [74830.695205] ? page_fault_oops+0xac/0x140
+ [74830.696244] ? exc_page_fault+0x62/0x150
+ [74830.697225] ? asm_exc_page_fault+0x22/0x30
+ [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]
+ [74830.699540] ipt_do_table+0x286/0x710 [ip_tables]
+ [74830.700758] ? ip6_route_input+0x19d/0x240
+ [74830.701752] nf_hook_slow+0x3f/0xb0
+ [74830.702678] input_action_end_dx4+0x19b/0x1e0
+ [74830.703735] ? input_action_end_t+0xe0/0xe0
+ [74830.704734] seg6_local_input_core+0x2d/0x60
+ [74830.705782] lwtunnel_input+0x5b/0xb0
+ [74830.706690] __netif_receive_skb_one_core+0x63/0xa0
+ [74830.707825] process_backlog+0x99/0x140
+ [74830.709538] __napi_poll+0x2c/0x160
+ [74830.710673] net_rx_action+0x296/0x350
+ [74830.711860] __do_softirq+0xcb/0x2ac
+ [74830.713049] do_softirq+0x63/0x90
+
+input_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally
+trigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback():
+
+ static bool
+ rpfilter_is_loopback(const struct sk_buff *skb,
+ const struct net_device *in)
+ {
+ // in is NULL
+ return skb->pkt_type == PACKET_LOOPBACK ||
+ in->flags & IFF_LOOPBACK;
+ }(CVE-2024-40957)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.(CVE-2024-40968)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.(CVE-2024-40974)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+platform/x86: x86-android-tablets: Unregister devices in reverse order
+
+Not all subsystems support a device getting removed while there are
+still consumers of the device with a reference to the device.
+
+One example of this is the regulator subsystem. If a regulator gets
+unregistered while there are still drivers holding a reference
+a WARN() at drivers/regulator/core.c:5829 triggers, e.g.:
+
+ WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister
+ Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015
+ RIP: 0010:regulator_unregister
+ Call Trace:
+ <TASK>
+ regulator_unregister
+ devres_release_group
+ i2c_device_remove
+ device_release_driver_internal
+ bus_remove_device
+ device_del
+ device_unregister
+ x86_android_tablet_remove
+
+On the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides
+a 5V boost converter output for powering USB devices connected to the micro
+USB port, the bq24190-charger driver exports this as a Vbus regulator.
+
+On the 830 (8") and 1050 ("10") models this regulator is controlled by
+a platform_device and x86_android_tablet_remove() removes platform_device-s
+before i2c_clients so the consumer gets removed first.
+
+But on the 1380 (13") model there is a lc824206xa micro-USB switch
+connected over I2C and the extcon driver for that controls the regulator.
+The bq24190 i2c-client *must* be registered first, because that creates
+the regulator with the lc824206xa listed as its consumer. If the regulator
+has not been registered yet the lc824206xa driver will end up getting
+a dummy regulator.
+
+Since in this case both the regulator provider and consumer are I2C
+devices, the only way to ensure that the consumer is unregistered first
+is to unregister the I2C devices in reverse order of in which they were
+created.
+
+For consistency and to avoid similar problems in the future change
+x86_android_tablet_remove() to unregister all device types in reverse
+order.(CVE-2024-40975)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
+
+During chip recovery (e.g. chip reset), there is a possible situation that
+kernel worker reset_work is holding the lock and waiting for kernel thread
+stat_worker to be parked, while stat_worker is waiting for the release of
+the same lock.
+It causes a deadlock resulting in the dumping of hung tasks messages and
+possible rebooting of the device.
+
+This patch prevents the execution of stat_worker during the chip recovery.(CVE-2024-40977)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: force a dst refcount before doing decryption
+
+As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
+entering the xfrm type handlers"):
+
+"Crypto requests might return asynchronous. In this case we leave the
+ rcu protected region, so force a refcount on the skb's destination
+ entry before we enter the xfrm type input/output handlers."
+
+On TIPC decryption path it has the same problem, and skb_dst_force()
+should be called before doing decryption to avoid a possible crash.
+
+Shuang reported this issue when this warning is triggered:
+
+ [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
+ [] Workqueue: crypto cryptd_queue_worker
+ [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Call Trace:
+ [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
+ [] tipc_rcv+0xcf5/0x1060 [tipc]
+ [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
+ [] cryptd_aead_crypt+0xdb/0x190
+ [] cryptd_queue_worker+0xed/0x190
+ [] process_one_work+0x93d/0x17e0(CVE-2024-40983)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.(CVE-2024-40984)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.(CVE-2024-40987)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tracing: Build event generation tests only as modules
+
+The kprobes and synth event generation test modules add events and lock
+(get a reference) those event file reference in module init function,
+and unlock and delete it in module exit function. This is because those
+are designed for playing as modules.
+
+If we make those modules as built-in, those events are left locked in the
+kernel, and never be removed. This causes kprobe event self-test failure
+as below.
+
+[ 97.349708] ------------[ cut here ]------------
+[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.357106] Modules linked in:
+[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14
+[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90
+[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286
+[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000
+[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68
+[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000
+[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000
+[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000
+[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0
+[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 97.391196] Call Trace:
+[ 97.391967] <TASK>
+[ 97.392647] ? __warn+0xcc/0x180
+[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.395181] ? report_bug+0xbd/0x150
+[ 97.396234] ? handle_bug+0x3e/0x60
+[ 97.397311] ? exc_invalid_op+0x1a/0x50
+[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20
+[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20
+[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90
+[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.403773] ? init_kprobe_trace+0x50/0x50
+[ 97.404972] do_one_initcall+0x112/0x240
+[ 97.406113] do_initcall_level+0x95/0xb0
+[ 97.407286] ? kernel_init+0x1a/0x1a0
+[ 97.408401] do_initcalls+0x3f/0x70
+[ 97.409452] kernel_init_freeable+0x16f/0x1e0
+[ 97.410662] ? rest_init+0x1f0/0x1f0
+[ 97.411738] kernel_init+0x1a/0x1a0
+[ 97.412788] ret_from_fork+0x39/0x50
+[ 97.413817] ? rest_init+0x1f0/0x1f0
+[ 97.414844] ret_from_fork_asm+0x11/0x20
+[ 97.416285] </TASK>
+[ 97.417134] irq event stamp: 13437323
+[ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150
+[ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150
+[ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0
+[ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0
+[ 97.428850] ---[ end trace 0000000000000000 ]---
+
+And also, since we can not cleanup dynamic_event file, ftracetest are
+failed too.
+
+To avoid these issues, build these tests only as modules.(CVE-2024-41004)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.(CVE-2024-41005)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.(CVE-2024-41007)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+bpf: Fix overrunning reservations in ringbuf
+
+The BPF ring buffer internally is implemented as a power-of-2 sized circular
+buffer, with two logical and ever-increasing counters: consumer_pos is the
+consumer counter to show which logical position the consumer consumed the
+data, and producer_pos which is the producer counter denoting the amount of
+data reserved by all producers.
+
+Each time a record is reserved, the producer that "owns" the record will
+successfully advance producer counter. In user space each time a record is
+read, the consumer of the data advanced the consumer counter once it finished
+processing. Both counters are stored in separate pages so that from user
+space, the producer counter is read-only and the consumer counter is read-write.
+
+One aspect that simplifies and thus speeds up the implementation of both
+producers and consumers is how the data area is mapped twice contiguously
+back-to-back in the virtual memory, allowing to not take any special measures
+for samples that have to wrap around at the end of the circular buffer data
+area, because the next page after the last data page would be first data page
+again, and thus the sample will still appear completely contiguous in virtual
+memory.
+
+Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
+book-keeping the length and offset, and is inaccessible to the BPF program.
+Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
+for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
+possible to make a second allocated memory chunk overlapping with the first
+chunk and as a result, the BPF program is now able to edit first chunk's
+header.
+
+For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
+of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
+bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
+[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
+allocate a chunk B with size 0x3000. This will succeed because consumer_pos
+was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
+check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
+to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
+earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
+pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
+bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
+locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
+B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
+page and could cause a crash.
+
+Fix it by calculating the oldest pending_pos and check whether the range
+from the oldest outstanding record to the newest would span beyond the ring
+buffer size. If that is the case, then reject the request. We've tested with
+the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
+before/after the fix and while it seems a bit slower on some benchmarks, it
+is still not significantly enough to matter.(CVE-2024-41009)
+ An update for kernel is now available for openEuler-24.03-LTS.
+
+openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Critical
+ kernel
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-34030
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36014
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36016
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36031
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36881
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36979
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38559
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38578
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38589
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38618
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38619
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39463
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39469
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39472
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39485
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39494
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39499
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39505
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40912
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40916
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40918
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40923
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40929
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40932
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40936
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40941
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40943
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40951
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40952
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40957
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40968
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40974
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40975
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40977
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40983
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40984
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40987
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41004
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41005
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41007
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41009
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-34030
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36014
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36016
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36031
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36881
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36939
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36979
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38559
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38578
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38589
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38618
+ https://nvd.nist.gov/vuln/detail/CVE-2024-38619
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39463
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39469
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39472
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39485
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39494
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39499
+ https://nvd.nist.gov/vuln/detail/CVE-2024-39505
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40912
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40916
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40918
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40923
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40929
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40932
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40936
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40941
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40943
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40951
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40952
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40957
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40968
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40974
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40975
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40977
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40983
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40984
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40987
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41004
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41005
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41007
+ https://nvd.nist.gov/vuln/detail/CVE-2024-41009
+
+
+
+
+ openEuler-24.03-LTS
+
+
+ bpftool-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-debugsource-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-headers-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-source-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-tools-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ kernel-tools-devel-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ python3-perf-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+ python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.x86_64.rpm
+
+
+ kernel-6.6.0-35.0.0.43.oe2403.src.rpm
+
+
+ bpftool-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ bpftool-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-debugsource-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-headers-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-source-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-tools-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-tools-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ kernel-tools-devel-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ python3-perf-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+ python3-perf-debuginfo-6.6.0-35.0.0.43.oe2403.aarch64.rpm
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+PCI: of_property: Return error for int_map allocation failure
+
+Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a
+NULL pointer dereference in this case.
+
+[bhelgaas: commit log]
+
+ 2024-07-26
+ CVE-2024-34030
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/arm/malidp: fix a possible null pointer dereference
+
+In malidp_mw_connector_reset, new memory is allocated with kzalloc, but
+no check is performed. In order to prevent null pointer dereferencing,
+ensure that mw_state is checked before calling
+__drm_atomic_helper_connector_reset.
+
+ 2024-07-26
+ CVE-2024-36014
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
+
+Assuming the following:
+- side A configures the n_gsm in basic option mode
+- side B sends the header of a basic option mode frame with data length 1
+- side A switches to advanced option mode
+- side B sends 2 data bytes which exceeds gsm->len
+ Reason: gsm->len is not used in advanced option mode.
+- side A switches to basic option mode
+- side B keeps sending until gsm0_receive() writes past gsm->buf
+ Reason: Neither gsm->state nor gsm->len have been reset after
+ reconfiguration.
+
+Fix this by changing gsm->count to gsm->len comparison from equal to less
+than. Also add upper limit checks against the constant MAX_MRU in
+gsm0_receive() and gsm1_receive() to harden against memory corruption of
+gsm->len and gsm->mru.
+
+All other checks remain as we still need to limit the data according to the
+user configuration and actual payload size.
+
+ 2024-07-26
+ CVE-2024-36016
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 6.7
+ AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:keys: Fix overwrite of key expiration on instantiationThe expiry time of a key is unconditionally overwritten duringinstantiation, defaulting to turn it permanent. This causes a problemfor DNS resolution as the expiration set by user-space is overwritten toTIME64_MAX, disabling further DNS updates. Fix this by restoring thecondition that key_set_expiry is only called when the pre-parser sets aspecific expiry.
+
+ 2024-07-26
+ CVE-2024-36031
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Critical
+
+
+
+
+ 9.8
+ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+mm/userfaultfd: reset ptes when close() for wr-protected ones
+
+Userfaultfd unregister includes a step to remove wr-protect bits from all
+the relevant pgtable entries, but that only covered an explicit
+UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover
+that too. This fixes a WARN trace.
+
+The only user visible side effect is the user can observe leftover
+wr-protect bits even if the user close()ed on an userfaultfd when
+releasing the last reference of it. However hopefully that should be
+harmless, and nothing bad should happen even if so.
+
+This change is now more important after the recent page-table-check
+patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check:
+support userfault wr-protect entries")), as we'll do sanity check on
+uffd-wp bits without vma context. So it's better if we can 100%
+guarantee no uffd-wp bit leftovers, to make sure each report will be
+valid.
+
+ 2024-07-26
+ CVE-2024-36881
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>
+
+ 2024-07-26
+ CVE-2024-36939
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 4.6
+ AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+net: bridge: mst: fix vlan use-after-free
+
+syzbot reported a suspicious rcu usage[1] in bridge's mst code. While
+fixing it I noticed that nothing prevents a vlan to be freed while
+walking the list from the same path (br forward delay timer). Fix the rcu
+usage and also make sure we are not accessing freed memory by making
+br_mst_vlan_set_state use rcu read lock.
+
+[1]
+ WARNING: suspicious RCU usage
+ 6.9.0-rc6-syzkaller #0 Not tainted
+ -----------------------------
+ net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!
+ ...
+ stack backtrace:
+ CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0
+ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
+ Call Trace:
+ <IRQ>
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
+ lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
+ nbp_vlan_group net/bridge/br_private.h:1599 [inline]
+ br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105
+ br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47
+ br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88
+ call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
+ expire_timers kernel/time/timer.c:1844 [inline]
+ __run_timers kernel/time/timer.c:2418 [inline]
+ __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429
+ run_timer_base kernel/time/timer.c:2438 [inline]
+ run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448
+ __do_softirq+0x2c6/0x980 kernel/softirq.c:554
+ invoke_softirq kernel/softirq.c:428 [inline]
+ __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
+ irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
+ instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
+ sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
+ </IRQ>
+ <TASK>
+ asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
+ RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
+ Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
+ RSP: 0018:ffffc90013657100 EFLAGS: 00000206
+ RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001
+ RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60
+ RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0
+ R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28
+ R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246
+
+ 2024-07-26
+ CVE-2024-36979
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ High
+
+
+
+
+ 7.0
+ AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+scsi: qedf: Ensure the copied buf is NUL terminated
+
+Currently, we allocate a count-sized kernel buffer and copy count from
+userspace to that buffer. Later, we use kstrtouint on this buffer but we
+don't ensure that the string is terminated inside the buffer, this can
+lead to OOB read when using kstrtouint. Fix this issue by using
+memdup_user_nul instead of memdup_user.
+
+ 2024-07-26
+ CVE-2024-38559
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ecryptfs: Fix buffer size for tag 66 packet
+
+The 'TAG 66 Packet Format' description is missing the cipher code and
+checksum fields that are packed into the message packet. As a result,
+the buffer allocated for the packet is 3 bytes too small and
+write_tag_66_packet() will write up to 3 bytes past the end of the
+buffer.
+
+Fix this by increasing the size of the allocation so the whole packet
+will always fit in the buffer.
+
+This fixes the below kasan slab-out-of-bounds bug:
+
+ BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ Write of size 1 at addr ffff88800afbb2a5 by task touch/181
+
+ CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
+ Call Trace:
+ <TASK>
+ dump_stack_lvl+0x4c/0x70
+ print_report+0xc5/0x610
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? kasan_complete_mode_report_info+0x44/0x210
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ kasan_report+0xc2/0x110
+ ? ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ __asan_store1+0x62/0x80
+ ecryptfs_generate_key_packet_set+0x7d6/0xde0
+ ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
+ ? __alloc_pages+0x2e2/0x540
+ ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
+ ? dentry_open+0x8f/0xd0
+ ecryptfs_write_metadata+0x30a/0x550
+ ? __pfx_ecryptfs_write_metadata+0x10/0x10
+ ? ecryptfs_get_lower_file+0x6b/0x190
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ ? __pfx_path_openat+0x10/0x10
+ do_filp_open+0x15e/0x290
+ ? __pfx_do_filp_open+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? _raw_spin_lock+0x86/0xf0
+ ? __pfx__raw_spin_lock+0x10/0x10
+ ? __kasan_check_write+0x18/0x30
+ ? alloc_fd+0xf4/0x330
+ do_sys_openat2+0x122/0x160
+ ? __pfx_do_sys_openat2+0x10/0x10
+ __x64_sys_openat+0xef/0x170
+ ? __pfx___x64_sys_openat+0x10/0x10
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+ RIP: 0033:0x7f00a703fd67
+ Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
+ RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+ RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
+ RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
+ RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
+ R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
+ R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
+ </TASK>
+
+ Allocated by task 181:
+ kasan_save_stack+0x2f/0x60
+ kasan_set_track+0x29/0x40
+ kasan_save_alloc_info+0x25/0x40
+ __kasan_kmalloc+0xc5/0xd0
+ __kmalloc+0x66/0x160
+ ecryptfs_generate_key_packet_set+0x6d2/0xde0
+ ecryptfs_write_metadata+0x30a/0x550
+ ecryptfs_initialize_file+0x77/0x150
+ ecryptfs_create+0x1c2/0x2f0
+ path_openat+0x17cf/0x1ba0
+ do_filp_open+0x15e/0x290
+ do_sys_openat2+0x122/0x160
+ __x64_sys_openat+0xef/0x170
+ do_syscall_64+0x60/0xd0
+ entry_SYSCALL_64_after_hwframe+0x6e/0xd8
+
+ 2024-07-26
+ CVE-2024-38578
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netrom: fix possible dead-lock in nr_rt_ioctl()
+
+syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
+
+Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
+
+[1]
+WARNING: possible circular locking dependency detected
+6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
+------------------------------------------------------
+syz-executor350/5129 is trying to acquire lock:
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+
+but task is already holding lock:
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (nr_node_list_lock){+...}-{2:2}:
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_remove_node net/netrom/nr_route.c:299 [inline]
+ nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
+ nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+-> #0 (&nr_node->node_lock){+...}-{2:2}:
+ check_prev_add kernel/locking/lockdep.c:3134 [inline]
+ check_prevs_add kernel/locking/lockdep.c:3253 [inline]
+ validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
+ __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
+ _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
+ spin_lock_bh include/linux/spinlock.h:356 [inline]
+ nr_node_lock include/net/netrom.h:152 [inline]
+ nr_dec_obs net/netrom/nr_route.c:464 [inline]
+ nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
+ sock_do_ioctl+0x158/0x460 net/socket.c:1222
+ sock_ioctl+0x629/0x8e0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:904 [inline]
+ __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+ lock(nr_node_list_lock);
+ lock(&nr_node->node_lock);
+
+ *** DEADLOCK ***
+
+1 lock held by syz-executor350/5129:
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
+ #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
+ #0: ffffffff8f70
+---truncated---
+
+ 2024-07-26
+ CVE-2024-38589
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ALSA: timer: Set lower bound of start tick time
+
+Currently ALSA timer doesn't have the lower limit of the start tick
+time, and it allows a very small size, e.g. 1 tick with 1ns resolution
+for hrtimer. Such a situation may lead to an unexpected RCU stall,
+where the callback repeatedly queuing the expire update, as reported
+by fuzzer.
+
+This patch introduces a sanity check of the timer start tick time, so
+that the system returns an error when a too small start size is set.
+As of this patch, the lower limit is hard-coded to 100us, which is
+small enough but can still work somehow.
+
+ 2024-07-26
+ CVE-2024-38618
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+usb-storage: alauda: Check whether the media is initialized
+
+The member "uzonesize" of struct alauda_info will remain 0
+if alauda_init_media() fails, potentially causing divide errors
+in alauda_read_data() and alauda_write_lba().
+- Add a member "media_initialized" to struct alauda_info.
+- Change a condition in alauda_check_media() to ensure the
+ first initialization.
+- Add an error check for the return value of alauda_init_media().
+
+ 2024-07-26
+ CVE-2024-38619
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+9p: add missing locking around taking dentry fid list
+
+Fix a use-after-free on dentry's d_fsdata fid list when a thread
+looks up a fid through dentry while another thread unlinks it:
+
+UAF thread:
+refcount_t: addition on 0; use-after-free.
+ p9_fid_get linux/./include/net/9p/client.h:262
+ v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129
+ v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181
+ v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314
+ v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400
+ vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248
+
+Freed by:
+ p9_fid_destroy (inlined)
+ p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456
+ p9_fid_put linux/./include/net/9p/client.h:278
+ v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55
+ v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518
+ vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335
+
+The problem is that d_fsdata was not accessed under d_lock, because
+d_release() normally is only called once the dentry is otherwise no
+longer accessible but since we also call it explicitly in v9fs_remove
+that lock is required:
+move the hlist out of the dentry under lock then unref its fids once
+they are no longer accessible.
+
+ 2024-07-26
+ CVE-2024-39463
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
+
+The error handling in nilfs_empty_dir() when a directory folio/page read
+fails is incorrect, as in the old ext2 implementation, and if the
+folio/page cannot be read or nilfs_check_folio() fails, it will falsely
+determine the directory as empty and corrupt the file system.
+
+In addition, since nilfs_empty_dir() does not immediately return on a
+failed folio/page read, but continues to loop, this can cause a long loop
+with I/O if i_size of the directory's inode is also corrupted, causing the
+log writer thread to wait and hang, as reported by syzbot.
+
+Fix these issues by making nilfs_empty_dir() immediately return a false
+value (0) if it fails to get a directory folio/page.
+
+ 2024-07-26
+ CVE-2024-39469
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 4.7
+ AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ( xfs: detect and handle invalid iclog size set bymkfs ) added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9( xfs: clean up calculation of LR header blocks ) cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.
+
+ 2024-07-26
+ CVE-2024-39472
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+media: v4l: async: Properly re-initialise notifier entry in unregister
+
+The notifier_entry of a notifier is not re-initialised after unregistering
+the notifier. This leads to dangling pointers being left there so use
+list_del_init() to return the notifier_entry an empty list.
+
+ 2024-07-26
+ CVE-2024-39485
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ima: Fix use-after-free on a dentry's dname.name
+
+->d_name.name can change on rename and the earlier value can be freed;
+there are conditions sufficient to stabilize it (->d_lock on dentry,
+->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
+rename_lock), but none of those are met at any of the sites. Take a stable
+snapshot of the name instead.
+
+ 2024-07-26
+ CVE-2024-39494
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+vmci: prevent speculation leaks by sanitizing event in event_deliver()
+
+Coverity spotted that event_msg is controlled by user-space,
+event_msg->event_data.event is passed to event_deliver() and used
+as an index without sanitization.
+
+This change ensures that the event index is sanitized to mitigate any
+possibility of speculative information leaks.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Only compile tested, no access to HW.
+
+ 2024-07-26
+ CVE-2024-39499
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/komeda: check for error-valued pointer
+
+komeda_pipeline_get_state() may return an error-valued pointer, thus
+check the pointer for negative or null value before dereferencing.
+
+ 2024-07-26
+ CVE-2024-39505
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
+
+The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to
+synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from
+softirq context. However using only spin_lock() to get sta->ps_lock in
+ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute
+on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to
+take this same lock ending in deadlock. Below is an example of rcu stall
+that arises in such situation.
+
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996
+ rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)
+ CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742
+ Hardware name: RPT (r1) (DT)
+ pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : queued_spin_lock_slowpath+0x58/0x2d0
+ lr : invoke_tx_handlers_early+0x5b4/0x5c0
+ sp : ffff00001ef64660
+ x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8
+ x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000
+ x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000
+ x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000
+ x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80
+ x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da
+ x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440
+ x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880
+ x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000
+ x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8
+ Call trace:
+ queued_spin_lock_slowpath+0x58/0x2d0
+ ieee80211_tx+0x80/0x12c
+ ieee80211_tx_pending+0x110/0x278
+ tasklet_action_common.constprop.0+0x10c/0x144
+ tasklet_action+0x20/0x28
+ _stext+0x11c/0x284
+ ____do_softirq+0xc/0x14
+ call_on_irq_stack+0x24/0x34
+ do_softirq_own_stack+0x18/0x20
+ do_softirq+0x74/0x7c
+ __local_bh_enable_ip+0xa0/0xa4
+ _ieee80211_wake_txqs+0x3b0/0x4b8
+ __ieee80211_wake_queue+0x12c/0x168
+ ieee80211_add_pending_skbs+0xec/0x138
+ ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480
+ ieee80211_mps_sta_status_update.part.0+0xd8/0x11c
+ ieee80211_mps_sta_status_update+0x18/0x24
+ sta_apply_parameters+0x3bc/0x4c0
+ ieee80211_change_station+0x1b8/0x2dc
+ nl80211_set_station+0x444/0x49c
+ genl_family_rcv_msg_doit.isra.0+0xa4/0xfc
+ genl_rcv_msg+0x1b0/0x244
+ netlink_rcv_skb+0x38/0x10c
+ genl_rcv+0x34/0x48
+ netlink_unicast+0x254/0x2bc
+ netlink_sendmsg+0x190/0x3b4
+ ____sys_sendmsg+0x1e8/0x218
+ ___sys_sendmsg+0x68/0x8c
+ __sys_sendmsg+0x44/0x84
+ __arm64_sys_sendmsg+0x20/0x28
+ do_el0_svc+0x6c/0xe8
+ el0_svc+0x14/0x48
+ el0t_64_sync_handler+0xb0/0xb4
+ el0t_64_sync+0x14c/0x150
+
+Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise
+on the same CPU that is holding the lock.
+
+ 2024-07-26
+ CVE-2024-40912
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
+
+When reading EDID fails and driver reports no modes available, the DRM
+core adds an artificial 1024x786 mode to the connector. Unfortunately
+some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not
+able to drive such mode, so report a safe 640x480 mode instead of nothing
+in case of the EDID reading failure.
+
+This fixes the following issue observed on Trats2 board since commit
+13d5b040363c ("drm/exynos: do not return negative values from .get_modes()"):
+
+[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations
+exynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)
+exynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)
+exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)
+exynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)
+exynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)
+[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1
+exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state
+panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c
+exynos-mixer 12c10000.mixer: timeout waiting for VSYNC
+------------[ cut here ]------------
+WARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8
+[CRTC:70:crtc-1] vblank wait timed out
+Modules linked in:
+CPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913
+Hardware name: Samsung Exynos (Flattened Device Tree)
+Workqueue: events_unbound deferred_probe_work_func
+Call trace:
+ unwind_backtrace from show_stack+0x10/0x14
+ show_stack from dump_stack_lvl+0x68/0x88
+ dump_stack_lvl from __warn+0x7c/0x1c4
+ __warn from warn_slowpath_fmt+0x11c/0x1a8
+ warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8
+ drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c
+ drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184
+ commit_tail from drm_atomic_helper_commit+0x168/0x190
+ drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0
+ drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c
+ drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc
+ drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40
+ drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4
+ __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c
+ drm_fb_helper_set_par from fbcon_init+0x3d8/0x550
+ fbcon_init from visual_init+0xc0/0x108
+ visual_init from do_bind_con_driver+0x1b8/0x3a4
+ do_bind_con_driver from do_take_over_console+0x140/0x1ec
+ do_take_over_console from do_fbcon_takeover+0x70/0xd0
+ do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac
+ fbcon_fb_registered from register_framebuffer+0x190/0x21c
+ register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574
+ __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0
+ exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94
+ drm_client_register from exynos_drm_bind+0x160/0x190
+ exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8
+ try_to_bring_up_aggregate_device from __component_add+0xb0/0x170
+ __component_add from mixer_probe+0x74/0xcc
+ mixer_probe from platform_probe+0x5c/0xb8
+ platform_probe from really_probe+0xe0/0x3d8
+ really_probe from __driver_probe_device+0x9c/0x1e4
+ __driver_probe_device from driver_probe_device+0x30/0xc0
+ driver_probe_device from __device_attach_driver+0xa8/0x120
+ __device_attach_driver from bus_for_each_drv+0x80/0xcc
+ bus_for_each_drv from __device_attach+0xac/0x1fc
+ __device_attach from bus_probe_device+0x8c/0x90
+ bus_probe_device from deferred_probe_work_func+0
+---truncated---
+
+ 2024-07-26
+ CVE-2024-40916
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+parisc: Try to fix random segmentation faults in package builds
+
+PA-RISC systems with PA8800 and PA8900 processors have had problems
+with random segmentation faults for many years. Systems with earlier
+processors are much more stable.
+
+Systems with PA8800 and PA8900 processors have a large L2 cache which
+needs per page flushing for decent performance when a large range is
+flushed. The combined cache in these systems is also more sensitive to
+non-equivalent aliases than the caches in earlier systems.
+
+The majority of random segmentation faults that I have looked at
+appear to be memory corruption in memory allocated using mmap and
+malloc.
+
+My first attempt at fixing the random faults didn't work. On
+reviewing the cache code, I realized that there were two issues
+which the existing code didn't handle correctly. Both relate
+to cache move-in. Another issue is that the present bit in PTEs
+is racy.
+
+1) PA-RISC caches have a mind of their own and they can speculatively
+load data and instructions for a page as long as there is a entry in
+the TLB for the page which allows move-in. TLBs are local to each
+CPU. Thus, the TLB entry for a page must be purged before flushing
+the page. This is particularly important on SMP systems.
+
+In some of the flush routines, the flush routine would be called
+and then the TLB entry would be purged. This was because the flush
+routine needed the TLB entry to do the flush.
+
+2) My initial approach to trying the fix the random faults was to
+try and use flush_cache_page_if_present for all flush operations.
+This actually made things worse and led to a couple of hardware
+lockups. It finally dawned on me that some lines weren't being
+flushed because the pte check code was racy. This resulted in
+random inequivalent mappings to physical pages.
+
+The __flush_cache_page tmpalias flush sets up its own TLB entry
+and it doesn't need the existing TLB entry. As long as we can find
+the pte pointer for the vm page, we can get the pfn and physical
+address of the page. We can also purge the TLB entry for the page
+before doing the flush. Further, __flush_cache_page uses a special
+TLB entry that inhibits cache move-in.
+
+When switching page mappings, we need to ensure that lines are
+removed from the cache. It is not sufficient to just flush the
+lines to memory as they may come back.
+
+This made it clear that we needed to implement all the required
+flush operations using tmpalias routines. This includes flushes
+for user and kernel pages.
+
+After modifying the code to use tmpalias flushes, it became clear
+that the random segmentation faults were not fully resolved. The
+frequency of faults was worse on systems with a 64 MB L2 (PA8900)
+and systems with more CPUs (rp4440).
+
+The warning that I added to flush_cache_page_if_present to detect
+pages that couldn't be flushed triggered frequently on some systems.
+
+Helge and I looked at the pages that couldn't be flushed and found
+that the PTE was either cleared or for a swap page. Ignoring pages
+that were swapped out seemed okay but pages with cleared PTEs seemed
+problematic.
+
+I looked at routines related to pte_clear and noticed ptep_clear_flush.
+The default implementation just flushes the TLB entry. However, it was
+obvious that on parisc we need to flush the cache page as well. If
+we don't flush the cache page, stale lines will be left in the cache
+and cause random corruption. Once a PTE is cleared, there is no way
+to find the physical address associated with the PTE and flush the
+associated page at a later time.
+
+I implemented an updated change with a parisc specific version of
+ptep_clear_flush. It fixed the random data corruption on Helge's rp4440
+and rp3440, as well as on my c8000.
+
+At this point, I realized that I could restore the code where we only
+flush in flush_cache_page_if_present if the page has been accessed.
+However, for this, we also need to flush the cache when the accessed
+bit is cleared in
+---truncated---
+
+ 2024-07-26
+ CVE-2024-40918
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+vmxnet3: disable rx data ring on dma allocation failure
+
+When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,
+the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset
+rq->data_ring.desc_size for the data ring that failed, which presumably
+causes the hypervisor to reference it on packet reception.
+
+To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell
+the hypervisor to disable this feature.
+
+[ 95.436876] kernel BUG at net/core/skbuff.c:207!
+[ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
+[ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1
+[ 95.441558] Hardware name: VMware, Inc. VMware Virtual
+Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
+[ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f
+[ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50
+ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9
+ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24
+[ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246
+[ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f
+[ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f
+[ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60
+[ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000
+[ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0
+[ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000
+[ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0
+[ 95.459791] Call Trace:
+[ 95.460515] <IRQ>
+[ 95.461180] ? __die_body.cold+0x19/0x27
+[ 95.462150] ? die+0x2e/0x50
+[ 95.462976] ? do_trap+0xca/0x110
+[ 95.463973] ? do_error_trap+0x6a/0x90
+[ 95.464966] ? skb_panic+0x4d/0x4f
+[ 95.465901] ? exc_invalid_op+0x50/0x70
+[ 95.466849] ? skb_panic+0x4d/0x4f
+[ 95.467718] ? asm_exc_invalid_op+0x1a/0x20
+[ 95.468758] ? skb_panic+0x4d/0x4f
+[ 95.469655] skb_put.cold+0x10/0x10
+[ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]
+[ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]
+[ 95.473185] __napi_poll+0x2b/0x160
+[ 95.474145] net_rx_action+0x2c6/0x3b0
+[ 95.475115] handle_softirqs+0xe7/0x2a0
+[ 95.476122] __irq_exit_rcu+0x97/0xb0
+[ 95.477109] common_interrupt+0x85/0xa0
+[ 95.478102] </IRQ>
+[ 95.478846] <TASK>
+[ 95.479603] asm_common_interrupt+0x26/0x40
+[ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20
+[ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
+[ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246
+[ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000
+[ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001
+[ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3
+[ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260
+[ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000
+[ 95.495035] acpi_safe_halt+0x14/0x20
+[ 95.496127] acpi_idle_do_entry+0x2f/0x50
+[ 95.497221] acpi_idle_enter+0x7f/0xd0
+[ 95.498272] cpuidle_enter_state+0x81/0x420
+[ 95.499375] cpuidle_enter+0x2d/0x40
+[ 95.500400] do_idle+0x1e5/0x240
+[ 95.501385] cpu_startup_entry+0x29/0x30
+[ 95.502422] start_secondary+0x11c/0x140
+[ 95.503454] common_startup_64+0x13e/0x141
+[ 95.504466] </TASK>
+[ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4
+nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6
+nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip
+---truncated---
+
+ 2024-07-26
+ CVE-2024-40923
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
+
+In some versions of cfg80211, the ssids poinet might be a valid one even
+though n_ssids is 0. Accessing the pointer in this case will cuase an
+out-of-bound access. Fix this by checking n_ssids first.
+
+ 2024-07-26
+ CVE-2024-40929
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/exynos/vidi: fix memory leak in .get_modes()
+
+The duplicated EDID is never freed. Fix it.
+
+ 2024-07-26
+ CVE-2024-40932
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+cxl/region: Fix memregion leaks in devm_cxl_add_region()
+
+Move the mode verification to __create_region() before allocating the
+memregion to avoid the memregion leaks.
+
+ 2024-07-26
+ CVE-2024-40936
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: iwlwifi: mvm: don't read past the mfuart notifcation
+
+In case the firmware sends a notification that claims it has more data
+than it has, we will read past that was allocated for the notification.
+Remove the print of the buffer, we won't see it by default. If needed,
+we can see the content with tracing.
+
+This was reported by KFENCE.
+
+ 2024-07-26
+ CVE-2024-40941
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix races between hole punching and AIO+DIO
+
+After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
+fstests/generic/300 become from always failed to sometimes failed:
+
+========================================================================
+[ 473.293420 ] run fstests generic/300
+
+[ 475.296983 ] JBD2: Ignoring recovery information on journal
+[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
+[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
+[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
+[ 494.292018 ] OCFS2: File system is now read-only.
+[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
+[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
+fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
+=========================================================================
+
+In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
+extents to a list. extents are also inserted into extent tree in
+ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
+hole at one of the unwritten extent. The extent at cpos was removed by
+ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
+found there is no such extent at the cpos.
+
+ T1 T2 T3
+ inode lock
+ ...
+ insert extents
+ ...
+ inode unlock
+ocfs2_fallocate
+ __ocfs2_change_file_space
+ inode lock
+ lock ip_alloc_sem
+ ocfs2_remove_inode_range inode
+ ocfs2_remove_btree_range
+ ocfs2_remove_extent
+ ^---remove the extent at cpos 78723
+ ...
+ unlock ip_alloc_sem
+ inode unlock
+ ocfs2_dio_end_io
+ ocfs2_dio_end_io_write
+ lock ip_alloc_sem
+ ocfs2_mark_extent_written
+ ocfs2_change_extent_flag
+ ocfs2_search_extent_list
+ ^---failed to find extent
+ ...
+ unlock ip_alloc_sem
+
+In most filesystems, fallocate is not compatible with racing with AIO+DIO,
+so fix it by adding to wait for all dio before fallocate/punch_hole like
+ext4.
+
+ 2024-07-26
+ CVE-2024-40943
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()
+
+bdev->bd_super has been removed and commit 8887b94d9322 change the usage
+from bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set
+bh->b_assoc_map, it will trigger NULL pointer dereference when calling
+into ocfs2_abort_trigger().
+
+Actually this was pointed out in history, see commit 74e364ad1b13. But
+I've made a mistake when reviewing commit 8887b94d9322 and then
+re-introduce this regression.
+
+Since we cannot revive bdev in buffer head, so fix this issue by
+initializing all types of ocfs2 triggers when fill super, and then get the
+specific ocfs2 trigger from ocfs2_caching_info when access journal.
+
+[joseph.qi@linux.alibaba.com: v2]
+ Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.com
+
+ 2024-07-26
+ CVE-2024-40951
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.9
+ AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()
+
+bdev->bd_super has been removed and commit 8887b94d9322 change the usage
+from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the
+following NULL pointer dereference in ocfs2_journal_dirty() since
+b_assoc_map is still not initialized. This can be easily reproduced by
+running xfstests generic/186, which simulate no more credits.
+
+[ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000
+...
+[ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]
+...
+[ 134.365071] Call Trace:
+[ 134.365312] <TASK>
+[ 134.365524] ? __die_body+0x1e/0x60
+[ 134.365868] ? page_fault_oops+0x13d/0x4f0
+[ 134.366265] ? __pfx_bit_wait_io+0x10/0x10
+[ 134.366659] ? schedule+0x27/0xb0
+[ 134.366981] ? exc_page_fault+0x6a/0x140
+[ 134.367356] ? asm_exc_page_fault+0x26/0x30
+[ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]
+[ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]
+[ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]
+[ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2]
+[ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]
+[ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2]
+[ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2]
+[ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]
+[ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]
+[ 134.372994] ? inode_update_timestamps+0x4a/0x120
+[ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]
+[ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]
+[ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]
+[ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2]
+[ 134.376971] ? security_file_permission+0x29/0x50
+[ 134.377644] vfs_clone_file_range+0xfe/0x320
+[ 134.378268] ioctl_file_clone+0x45/0xa0
+[ 134.378853] do_vfs_ioctl+0x457/0x990
+[ 134.379422] __x64_sys_ioctl+0x6e/0xd0
+[ 134.379987] do_syscall_64+0x5d/0x170
+[ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[ 134.381231] RIP: 0033:0x7fa4926397cb
+[ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48
+[ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+[ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb
+[ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003
+[ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000
+[ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
+[ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000
+[ 134.389207] </TASK>
+
+Fix it by only aborting transaction and journal in ocfs2_journal_dirty()
+now, and leave ocfs2_abort() later when detecting an aborted handle,
+e.g. start next transaction. Also log the handle details in this case.
+
+ 2024-07-26
+ CVE-2024-40952
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
+
+input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for
+PREROUTING hook, in PREROUTING hook, we should passing a valid indev,
+and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer
+dereference, as below:
+
+ [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090
+ [74830.655633] #PF: supervisor read access in kernel mode
+ [74830.657888] #PF: error_code(0x0000) - not-present page
+ [74830.659500] PGD 0 P4D 0
+ [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI
+ ...
+ [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
+ [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]
+ ...
+ [74830.689725] Call Trace:
+ [74830.690402] <IRQ>
+ [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df
+ [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df
+ [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables]
+ [74830.694275] ? __die_body.cold+0x8/0xd
+ [74830.695205] ? page_fault_oops+0xac/0x140
+ [74830.696244] ? exc_page_fault+0x62/0x150
+ [74830.697225] ? asm_exc_page_fault+0x22/0x30
+ [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]
+ [74830.699540] ipt_do_table+0x286/0x710 [ip_tables]
+ [74830.700758] ? ip6_route_input+0x19d/0x240
+ [74830.701752] nf_hook_slow+0x3f/0xb0
+ [74830.702678] input_action_end_dx4+0x19b/0x1e0
+ [74830.703735] ? input_action_end_t+0xe0/0xe0
+ [74830.704734] seg6_local_input_core+0x2d/0x60
+ [74830.705782] lwtunnel_input+0x5b/0xb0
+ [74830.706690] __netif_receive_skb_one_core+0x63/0xa0
+ [74830.707825] process_backlog+0x99/0x140
+ [74830.709538] __napi_poll+0x2c/0x160
+ [74830.710673] net_rx_action+0x296/0x350
+ [74830.711860] __do_softirq+0xcb/0x2ac
+ [74830.713049] do_softirq+0x63/0x90
+
+input_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally
+trigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback():
+
+ static bool
+ rpfilter_is_loopback(const struct sk_buff *skb,
+ const struct net_device *in)
+ {
+ // in is NULL
+ return skb->pkt_type == PACKET_LOOPBACK ||
+ in->flags & IFF_LOOPBACK;
+ }
+
+ 2024-07-26
+ CVE-2024-40957
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+MIPS: Octeon: Add PCIe link status check
+
+The standard PCIe configuration read-write interface is used to
+access the configuration space of the peripheral PCIe devices
+of the mips processor after the PCIe link surprise down, it can
+generate kernel panic caused by "Data bus error". So it is
+necessary to add PCIe link status check for system protection.
+When the PCIe link is down or in training, assigning a value
+of 0 to the configuration address can prevent read-write behavior
+to the configuration space of peripheral PCIe devices, thereby
+preventing kernel panic.
+
+ 2024-07-26
+ CVE-2024-40968
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+powerpc/pseries: Enforce hcall result buffer validity and size
+
+plpar_hcall(), plpar_hcall9(), and related functions expect callers to
+provide valid result buffers of certain minimum size. Currently this
+is communicated only through comments in the code and the compiler has
+no idea.
+
+For example, if I write a bug like this:
+
+ long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE
+ plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);
+
+This compiles with no diagnostics emitted, but likely results in stack
+corruption at runtime when plpar_hcall9() stores results past the end
+of the array. (To be clear this is a contrived example and I have not
+found a real instance yet.)
+
+To make this class of error less likely, we can use explicitly-sized
+array parameters instead of pointers in the declarations for the hcall
+APIs. When compiled with -Warray-bounds[1], the code above now
+provokes a diagnostic like this:
+
+error: array argument is too small;
+is of size 32, callee requires at least 72 [-Werror,-Warray-bounds]
+ 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,
+ | ^ ~~~~~~
+
+[1] Enabled for LLVM builds but not GCC for now. See commit
+ 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and
+ related changes.
+
+ 2024-07-26
+ CVE-2024-40974
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+platform/x86: x86-android-tablets: Unregister devices in reverse order
+
+Not all subsystems support a device getting removed while there are
+still consumers of the device with a reference to the device.
+
+One example of this is the regulator subsystem. If a regulator gets
+unregistered while there are still drivers holding a reference
+a WARN() at drivers/regulator/core.c:5829 triggers, e.g.:
+
+ WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister
+ Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015
+ RIP: 0010:regulator_unregister
+ Call Trace:
+ <TASK>
+ regulator_unregister
+ devres_release_group
+ i2c_device_remove
+ device_release_driver_internal
+ bus_remove_device
+ device_del
+ device_unregister
+ x86_android_tablet_remove
+
+On the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides
+a 5V boost converter output for powering USB devices connected to the micro
+USB port, the bq24190-charger driver exports this as a Vbus regulator.
+
+On the 830 (8") and 1050 ("10") models this regulator is controlled by
+a platform_device and x86_android_tablet_remove() removes platform_device-s
+before i2c_clients so the consumer gets removed first.
+
+But on the 1380 (13") model there is a lc824206xa micro-USB switch
+connected over I2C and the extcon driver for that controls the regulator.
+The bq24190 i2c-client *must* be registered first, because that creates
+the regulator with the lc824206xa listed as its consumer. If the regulator
+has not been registered yet the lc824206xa driver will end up getting
+a dummy regulator.
+
+Since in this case both the regulator provider and consumer are I2C
+devices, the only way to ensure that the consumer is unregistered first
+is to unregister the I2C devices in reverse order of in which they were
+created.
+
+For consistency and to avoid similar problems in the future change
+x86_android_tablet_remove() to unregister all device types in reverse
+order.
+
+ 2024-07-26
+ CVE-2024-40975
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 2.1
+ AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
+
+During chip recovery (e.g. chip reset), there is a possible situation that
+kernel worker reset_work is holding the lock and waiting for kernel thread
+stat_worker to be parked, while stat_worker is waiting for the release of
+the same lock.
+It causes a deadlock resulting in the dumping of hung tasks messages and
+possible rebooting of the device.
+
+This patch prevents the execution of stat_worker during the chip recovery.
+
+ 2024-07-26
+ CVE-2024-40977
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tipc: force a dst refcount before doing decryption
+
+As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
+entering the xfrm type handlers"):
+
+"Crypto requests might return asynchronous. In this case we leave the
+ rcu protected region, so force a refcount on the skb's destination
+ entry before we enter the xfrm type input/output handlers."
+
+On TIPC decryption path it has the same problem, and skb_dst_force()
+should be called before doing decryption to avoid a possible crash.
+
+Shuang reported this issue when this warning is triggered:
+
+ [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
+ [] Workqueue: crypto cryptd_queue_worker
+ [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
+ [] Call Trace:
+ [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
+ [] tipc_rcv+0xcf5/0x1060 [tipc]
+ [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
+ [] cryptd_aead_crypt+0xdb/0x190
+ [] cryptd_queue_worker+0xed/0x190
+ [] process_one_work+0x93d/0x17e0
+
+ 2024-07-26
+ CVE-2024-40983
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
+
+Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
+"Info: mapping multiple BARs. Your kernel is fine.""). The initial
+purpose of this commit was to stop memory mappings for operation
+regions from overlapping page boundaries, as it can trigger warnings
+if different page attributes are present.
+
+However, it was found that when this situation arises, mapping
+continues until the boundary's end, but there is still an attempt to
+read/write the entire length of the map, leading to a NULL pointer
+deference. For example, if a four-byte mapping request is made but
+only one byte is mapped because it hits the current page boundary's
+end, a four-byte read/write attempt is still made, resulting in a NULL
+pointer deference.
+
+Instead, map the entire length, as the ACPI specification does not
+mandate that it must be within the same page boundary. It is
+permissible for it to be mapped across different regions.
+
+ 2024-07-26
+ CVE-2024-40984
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+drm/amdgpu: fix UBSAN warning in kv_dpm.c
+
+Adds bounds check for sumo_vid_mapping_entry.
+
+ 2024-07-26
+ CVE-2024-40987
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tracing: Build event generation tests only as modules
+
+The kprobes and synth event generation test modules add events and lock
+(get a reference) those event file reference in module init function,
+and unlock and delete it in module exit function. This is because those
+are designed for playing as modules.
+
+If we make those modules as built-in, those events are left locked in the
+kernel, and never be removed. This causes kprobe event self-test failure
+as below.
+
+[ 97.349708] ------------[ cut here ]------------
+[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.357106] Modules linked in:
+[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14
+[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90
+[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286
+[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000
+[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68
+[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000
+[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000
+[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000
+[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0
+[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 97.391196] Call Trace:
+[ 97.391967] <TASK>
+[ 97.392647] ? __warn+0xcc/0x180
+[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.395181] ? report_bug+0xbd/0x150
+[ 97.396234] ? handle_bug+0x3e/0x60
+[ 97.397311] ? exc_invalid_op+0x1a/0x50
+[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20
+[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20
+[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90
+[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480
+[ 97.403773] ? init_kprobe_trace+0x50/0x50
+[ 97.404972] do_one_initcall+0x112/0x240
+[ 97.406113] do_initcall_level+0x95/0xb0
+[ 97.407286] ? kernel_init+0x1a/0x1a0
+[ 97.408401] do_initcalls+0x3f/0x70
+[ 97.409452] kernel_init_freeable+0x16f/0x1e0
+[ 97.410662] ? rest_init+0x1f0/0x1f0
+[ 97.411738] kernel_init+0x1a/0x1a0
+[ 97.412788] ret_from_fork+0x39/0x50
+[ 97.413817] ? rest_init+0x1f0/0x1f0
+[ 97.414844] ret_from_fork_asm+0x11/0x20
+[ 97.416285] </TASK>
+[ 97.417134] irq event stamp: 13437323
+[ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150
+[ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150
+[ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0
+[ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0
+[ 97.428850] ---[ end trace 0000000000000000 ]---
+
+And also, since we can not cleanup dynamic_event file, ftracetest are
+failed too.
+
+To avoid these issues, build these tests only as modules.
+
+ 2024-07-26
+ CVE-2024-41004
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+netpoll: Fix race condition in netpoll_owner_active
+
+KCSAN detected a race condition in netpoll:
+
+ BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb
+ write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:
+ net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)
+<snip>
+ read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:
+ netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)
+ netpoll_send_udp (net/core/netpoll.c:?)
+<snip>
+ value changed: 0x0000000a -> 0xffffffff
+
+This happens because netpoll_owner_active() needs to check if the
+current CPU is the owner of the lock, touching napi->poll_owner
+non atomically. The ->poll_owner field contains the current CPU holding
+the lock.
+
+Use an atomic read to check if the poll owner is the current CPU.
+
+ 2024-07-26
+ CVE-2024-41005
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+tcp: avoid too many retransmit packets
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.
+
+ 2024-07-26
+ CVE-2024-41007
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Low
+
+
+
+
+ 3.3
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that owns the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A s header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header s pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A s header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We ve tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.
+
+ 2024-07-26
+ CVE-2024-41009
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1898.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1898.xml
new file mode 100644
index 0000000..94ef198
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1898.xml
@@ -0,0 +1,634 @@
+
+
+ An update for kernel is now available for openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1898
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ kernel security update
+ An update for kernel is now available for openEuler-22.03-LTS-SP4
+ The Linux Kernel, the operating system core itself.
+
+Security Fix(es):
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+net: dsa: seville: register the mdiobus under devres
+
+As explained in commits:
+74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
+5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
+
+mdiobus_free() will panic when called from devm_mdiobus_free() <-
+devres_release_all() <- __device_release_driver(), and that mdiobus was
+not previously unregistered.
+
+The Seville VSC9959 switch is a platform device, so the initial set of
+constraints that I thought would cause this (I2C or SPI buses which call
+->remove on ->shutdown) do not apply. But there is one more which
+applies here.
+
+If the DSA master itself is on a bus that calls ->remove from ->shutdown
+(like dpaa2-eth, which is on the fsl-mc bus), there is a device link
+between the switch and the DSA master, and device_links_unbind_consumers()
+will unbind the seville switch driver on shutdown.
+
+So the same treatment must be applied to all DSA switch drivers, which
+is: either use devres for both the mdiobus allocation and registration,
+or don't use devres at all.
+
+The seville driver has a code structure that could accommodate both the
+mdiobus_unregister and mdiobus_free calls, but it has an external
+dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls
+devm_mdiobus_alloc_size() on its behalf. So rather than restructuring
+that, and exporting yet one more symbol mscc_miim_teardown(), let's work
+with devres and replace of_mdiobus_register with the devres variant.
+When we use all-devres, we can ensure that devres doesn't free a
+still-registered bus (it either runs both callbacks, or none).(CVE-2022-48814)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>(CVE-2024-36939)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().(CVE-2024-40904)
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+ipv6: fix possible race in __fib6_drop_pcpu_from()
+
+syzbot found a race in __fib6_drop_pcpu_from() [1]
+
+If compiler reads more than once (*ppcpu_rt),
+second read could read NULL, if another cpu clears
+the value in rt6_get_pcpu_route().
+
+Add a READ_ONCE() to prevent this race.
+
+Also add rcu_read_lock()/rcu_read_unlock() because
+we rely on RCU protection while dereferencing pcpu_rt.
+
+[1]
+
+Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
+KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
+CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+Workqueue: netns cleanup_net
+ RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
+Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
+RSP: 0018:ffffc900040df070 EFLAGS: 00010206
+RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
+RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
+RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
+R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
+R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
+FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
+ fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
+ fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
+ fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
+ fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
+ fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
+ fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
+ fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
+ fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
+ __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
+ rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
+ rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
+ addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
+ addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
+ notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
+ call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
+ call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
+ call_netdevice_notifiers net/core/dev.c:2044 [inline]
+ dev_close_many+0x333/0x6a0 net/core/dev.c:1585
+ unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
+ unregister_netdevice_many net/core/dev.c:11276 [inline]
+ default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
+ ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
+ cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
+ process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
+ process_scheduled_works kernel/workqueue.c:3312 [inline]
+ worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
+ kthread+0x2c1/0x3a0 kernel/kthread.c:389
+ ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244(CVE-2024-40905)
+ An update for kernel is now available for openEuler-22.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ kernel
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48814
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36939
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40904
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40905
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2022-48814
+ https://nvd.nist.gov/vuln/detail/CVE-2024-36939
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40904
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40905
+
+
+
+
+ openEuler-22.03-LTS-SP4
+
+
+ bpftool-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-headers-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-source-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-tools-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ python3-perf-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+ python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.aarch64.rpm
+
+
+ bpftool-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ bpftool-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-debugsource-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-headers-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-source-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-tools-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-tools-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ kernel-tools-devel-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ python3-perf-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+ python3-perf-debuginfo-5.10.0-220.0.0.119.oe2203sp4.x86_64.rpm
+
+
+ kernel-5.10.0-220.0.0.119.oe2203sp4.src.rpm
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+net: dsa: seville: register the mdiobus under devres
+
+As explained in commits:
+74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
+5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
+
+mdiobus_free() will panic when called from devm_mdiobus_free() <-
+devres_release_all() <- __device_release_driver(), and that mdiobus was
+not previously unregistered.
+
+The Seville VSC9959 switch is a platform device, so the initial set of
+constraints that I thought would cause this (I2C or SPI buses which call
+->remove on ->shutdown) do not apply. But there is one more which
+applies here.
+
+If the DSA master itself is on a bus that calls ->remove from ->shutdown
+(like dpaa2-eth, which is on the fsl-mc bus), there is a device link
+between the switch and the DSA master, and device_links_unbind_consumers()
+will unbind the seville switch driver on shutdown.
+
+So the same treatment must be applied to all DSA switch drivers, which
+is: either use devres for both the mdiobus allocation and registration,
+or don't use devres at all.
+
+The seville driver has a code structure that could accommodate both the
+mdiobus_unregister and mdiobus_free calls, but it has an external
+dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls
+devm_mdiobus_alloc_size() on its behalf. So rather than restructuring
+that, and exporting yet one more symbol mscc_miim_teardown(), let's work
+with devres and replace of_mdiobus_register with the devres variant.
+When we use all-devres, we can ensure that devres doesn't free a
+still-registered bus (it either runs both callbacks, or none).
+
+ 2024-07-26
+ CVE-2022-48814
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+nfs: Handle error of rpc_proc_register() in nfs_net_init().
+
+syzkaller reported a warning [0] triggered while destroying immature
+netns.
+
+rpc_proc_register() was called in init_nfs_fs(), but its error
+has been ignored since at least the initial commit 1da177e4c3f4
+("Linux-2.6.12-rc2").
+
+Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
+in net namespaces") converted the procfs to per-netns and made
+the problem more visible.
+
+Even when rpc_proc_register() fails, nfs_net_init() could succeed,
+and thus nfs_net_exit() will be called while destroying the netns.
+
+Then, remove_proc_entry() will be called for non-existing proc
+directory and trigger the warning below.
+
+Let's handle the error of rpc_proc_register() properly in nfs_net_init().
+
+[0]:
+name 'nfs'
+WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Modules linked in:
+CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
+RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
+Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
+RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
+RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
+RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
+RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
+R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
+FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <TASK>
+ rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
+ nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
+ ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
+ setup_net+0x46c/0x660 net/core/net_namespace.c:372
+ copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
+ create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
+ ksys_unshare+0x342/0x760 kernel/fork.c:3322
+ __do_sys_unshare kernel/fork.c:3393 [inline]
+ __se_sys_unshare kernel/fork.c:3391 [inline]
+ __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x46/0x4e
+RIP: 0033:0x7f30d0febe5d
+Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
+RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
+RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
+R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
+ </TASK>
+
+ 2024-07-26
+ CVE-2024-36939
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.6
+ AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+ #1: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #2: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #3: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #4: 98% system, 0% softirq, 3% hardirq, 0% idle
+ #5: 98% system, 1% softirq, 3% hardirq, 0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls. Therefore we replace them with
+dev_err_ratelimited().
+
+ 2024-07-26
+ CVE-2024-40904
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898
+
+
+
+
+
+ In the Linux kernel, the following vulnerability has been resolved:
+
+ipv6: fix possible race in __fib6_drop_pcpu_from()
+
+syzbot found a race in __fib6_drop_pcpu_from() [1]
+
+If compiler reads more than once (*ppcpu_rt),
+second read could read NULL, if another cpu clears
+the value in rt6_get_pcpu_route().
+
+Add a READ_ONCE() to prevent this race.
+
+Also add rcu_read_lock()/rcu_read_unlock() because
+we rely on RCU protection while dereferencing pcpu_rt.
+
+[1]
+
+Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
+KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
+CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+Workqueue: netns cleanup_net
+ RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
+Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
+RSP: 0018:ffffc900040df070 EFLAGS: 00010206
+RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
+RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
+RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
+R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
+R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
+FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
+ fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
+ fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
+ fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
+ fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
+ fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
+ fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
+ fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
+ fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
+ __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
+ rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
+ rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
+ addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
+ addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
+ notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
+ call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
+ call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
+ call_netdevice_notifiers net/core/dev.c:2044 [inline]
+ dev_close_many+0x333/0x6a0 net/core/dev.c:1585
+ unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
+ unregister_netdevice_many net/core/dev.c:11276 [inline]
+ default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
+ ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
+ cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
+ process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
+ process_scheduled_works kernel/workqueue.c:3312 [inline]
+ worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
+ kthread+0x2c1/0x3a0 kernel/kthread.c:389
+ ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+
+ 2024-07-26
+ CVE-2024-40905
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ None
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+
+
+
+
+ kernel security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1898
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1899.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1899.xml
new file mode 100644
index 0000000..5cbf6fc
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1899.xml
@@ -0,0 +1,96 @@
+
+
+ An update for dnsjava is now available for openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1899
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ dnsjava security update
+ An update for dnsjava is now available for openEuler-24.03-LTS
+ dnsjava is an implementation of DNS in Java. It supports all of the common record types and the DNSSEC types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0. dnsjava provides functionality above and beyond that of the InetAddress class. Since it is written in pure Java, dnsjava is fully threadable, and in many cases is faster than using InetAddress. dnsjava provides both high and low level access to DNS. The high level functions perform queries for records of a given name, type, and class, and return an array of records. There is also a clone of InetAddress, which is even simpler. A cache is used to reduce the number of DNS queries sent. The low level functions allow direct manipulation of dns messages and records, as well as allowing additional resolver properties to be set. A 'dig' clone and a dynamic update program are included, as well as a primary-only server.
+
+Security Fix(es):
+
+dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.(CVE-2024-25638)
+ An update for dnsjava is now available for openEuler-24.03-LTS.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ dnsjava
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1899
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-25638
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-25638
+
+
+
+
+ openEuler-24.03-LTS
+
+
+ dnsjava-3.5.3-2.oe2403.noarch.rpm
+ dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm
+
+
+ dnsjava-3.5.3-2.oe2403.src.rpm
+
+
+
+
+ dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
+
+ 2024-07-26
+ CVE-2024-25638
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ High
+
+
+
+
+ 8.9
+ AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
+
+
+
+
+ dnsjava security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1899
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1900.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1900.xml
new file mode 100644
index 0000000..4dfb54e
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1900.xml
@@ -0,0 +1,106 @@
+
+
+ An update for busybox is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1900
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ busybox security update
+ An update for busybox is now available for openEuler-22.03-LTS-SP3
+ BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.
+
+Security Fix(es):
+
+A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363)
+ An update for busybox is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ busybox
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1900
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-42363
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2023-42363
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ busybox-1.34.1-21.oe2203sp3.aarch64.rpm
+ busybox-debuginfo-1.34.1-21.oe2203sp3.aarch64.rpm
+ busybox-debugsource-1.34.1-21.oe2203sp3.aarch64.rpm
+ busybox-help-1.34.1-21.oe2203sp3.aarch64.rpm
+ busybox-petitboot-1.34.1-21.oe2203sp3.aarch64.rpm
+
+
+ busybox-1.34.1-21.oe2203sp3.src.rpm
+
+
+ busybox-1.34.1-21.oe2203sp3.x86_64.rpm
+ busybox-debuginfo-1.34.1-21.oe2203sp3.x86_64.rpm
+ busybox-debugsource-1.34.1-21.oe2203sp3.x86_64.rpm
+ busybox-help-1.34.1-21.oe2203sp3.x86_64.rpm
+ busybox-petitboot-1.34.1-21.oe2203sp3.x86_64.rpm
+
+
+
+
+ A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
+
+ 2024-07-26
+ CVE-2023-42363
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+
+
+
+
+ busybox security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1900
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1901.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1901.xml
new file mode 100644
index 0000000..e71b9a7
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1901.xml
@@ -0,0 +1,106 @@
+
+
+ An update for busybox is now available for openEuler-20.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1901
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ busybox security update
+ An update for busybox is now available for openEuler-20.03-LTS-SP4
+ BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.
+
+Security Fix(es):
+
+A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363)
+ An update for busybox is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ busybox
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1901
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-42363
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2023-42363
+
+
+
+
+ openEuler-20.03-LTS-SP4
+
+
+ busybox-1.31.1-22.oe2003sp4.aarch64.rpm
+ busybox-debuginfo-1.31.1-22.oe2003sp4.aarch64.rpm
+ busybox-debugsource-1.31.1-22.oe2003sp4.aarch64.rpm
+ busybox-help-1.31.1-22.oe2003sp4.aarch64.rpm
+ busybox-petitboot-1.31.1-22.oe2003sp4.aarch64.rpm
+
+
+ busybox-1.31.1-22.oe2003sp4.src.rpm
+
+
+ busybox-1.31.1-22.oe2003sp4.x86_64.rpm
+ busybox-debuginfo-1.31.1-22.oe2003sp4.x86_64.rpm
+ busybox-debugsource-1.31.1-22.oe2003sp4.x86_64.rpm
+ busybox-help-1.31.1-22.oe2003sp4.x86_64.rpm
+ busybox-petitboot-1.31.1-22.oe2003sp4.x86_64.rpm
+
+
+
+
+ A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
+
+ 2024-07-26
+ CVE-2023-42363
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+
+
+
+
+ busybox security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1901
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1902.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1902.xml
new file mode 100644
index 0000000..143fff3
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1902.xml
@@ -0,0 +1,106 @@
+
+
+ An update for busybox is now available for openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1902
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ busybox security update
+ An update for busybox is now available for openEuler-24.03-LTS
+ BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.
+
+Security Fix(es):
+
+A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363)
+ An update for busybox is now available for openEuler-24.03-LTS.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ busybox
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1902
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-42363
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2023-42363
+
+
+
+
+ openEuler-24.03-LTS
+
+
+ busybox-1.36.1-6.oe2403.x86_64.rpm
+ busybox-debuginfo-1.36.1-6.oe2403.x86_64.rpm
+ busybox-debugsource-1.36.1-6.oe2403.x86_64.rpm
+ busybox-help-1.36.1-6.oe2403.x86_64.rpm
+ busybox-petitboot-1.36.1-6.oe2403.x86_64.rpm
+
+
+ busybox-1.36.1-6.oe2403.aarch64.rpm
+ busybox-debuginfo-1.36.1-6.oe2403.aarch64.rpm
+ busybox-debugsource-1.36.1-6.oe2403.aarch64.rpm
+ busybox-help-1.36.1-6.oe2403.aarch64.rpm
+ busybox-petitboot-1.36.1-6.oe2403.aarch64.rpm
+
+
+ busybox-1.36.1-6.oe2403.src.rpm
+
+
+
+
+ A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
+
+ 2024-07-26
+ CVE-2023-42363
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ Medium
+
+
+
+
+ 5.5
+ AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+
+
+
+
+ busybox security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1902
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1903.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1903.xml
new file mode 100644
index 0000000..ebb739f
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1903.xml
@@ -0,0 +1,104 @@
+
+
+ An update for dnsmasq is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1903
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ dnsmasq security update
+ An update for dnsmasq is now available for openEuler-22.03-LTS-SP3
+ Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.
+
+Security Fix(es):
+
+dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.(CVE-2023-49441)
+ An update for dnsmasq is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ dnsmasq
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1903
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49441
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2023-49441
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ dnsmasq-2.86-8.oe2203sp3.aarch64.rpm
+ dnsmasq-debuginfo-2.86-8.oe2203sp3.aarch64.rpm
+ dnsmasq-debugsource-2.86-8.oe2203sp3.aarch64.rpm
+ dnsmasq-help-2.86-8.oe2203sp3.aarch64.rpm
+
+
+ dnsmasq-2.86-8.oe2203sp3.src.rpm
+
+
+ dnsmasq-2.86-8.oe2203sp3.x86_64.rpm
+ dnsmasq-debuginfo-2.86-8.oe2203sp3.x86_64.rpm
+ dnsmasq-debugsource-2.86-8.oe2203sp3.x86_64.rpm
+ dnsmasq-help-2.86-8.oe2203sp3.x86_64.rpm
+
+
+
+
+ dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
+
+ 2024-07-26
+ CVE-2023-49441
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+
+
+
+
+ dnsmasq security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1903
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1904.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1904.xml
new file mode 100644
index 0000000..bb6c783
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1904.xml
@@ -0,0 +1,104 @@
+
+
+ An update for dnsmasq is now available for openEuler-20.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1904
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ dnsmasq security update
+ An update for dnsmasq is now available for openEuler-20.03-LTS-SP4
+ Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.
+
+Security Fix(es):
+
+dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.(CVE-2023-49441)
+ An update for dnsmasq is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ dnsmasq
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1904
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49441
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2023-49441
+
+
+
+
+ openEuler-20.03-LTS-SP4
+
+
+ dnsmasq-2.82-15.oe2003sp4.aarch64.rpm
+ dnsmasq-debuginfo-2.82-15.oe2003sp4.aarch64.rpm
+ dnsmasq-debugsource-2.82-15.oe2003sp4.aarch64.rpm
+ dnsmasq-help-2.82-15.oe2003sp4.aarch64.rpm
+
+
+ dnsmasq-2.82-15.oe2003sp4.src.rpm
+
+
+ dnsmasq-2.82-15.oe2003sp4.x86_64.rpm
+ dnsmasq-debuginfo-2.82-15.oe2003sp4.x86_64.rpm
+ dnsmasq-debugsource-2.82-15.oe2003sp4.x86_64.rpm
+ dnsmasq-help-2.82-15.oe2003sp4.x86_64.rpm
+
+
+
+
+ dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
+
+ 2024-07-26
+ CVE-2023-49441
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+
+
+
+
+ dnsmasq security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1904
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1905.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1905.xml
new file mode 100644
index 0000000..a1cd243
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1905.xml
@@ -0,0 +1,104 @@
+
+
+ An update for dnsmasq is now available for openEuler-22.03-LTS-SP1
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1905
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ dnsmasq security update
+ An update for dnsmasq is now available for openEuler-22.03-LTS-SP1
+ Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.
+
+Security Fix(es):
+
+dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.(CVE-2023-49441)
+ An update for dnsmasq is now available for openEuler-22.03-LTS-SP1.
+
+openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Medium
+ dnsmasq
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1905
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49441
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2023-49441
+
+
+
+
+ openEuler-22.03-LTS-SP1
+
+
+ dnsmasq-2.86-8.oe2203sp1.aarch64.rpm
+ dnsmasq-debuginfo-2.86-8.oe2203sp1.aarch64.rpm
+ dnsmasq-debugsource-2.86-8.oe2203sp1.aarch64.rpm
+ dnsmasq-help-2.86-8.oe2203sp1.aarch64.rpm
+
+
+ dnsmasq-2.86-8.oe2203sp1.src.rpm
+
+
+ dnsmasq-2.86-8.oe2203sp1.x86_64.rpm
+ dnsmasq-debuginfo-2.86-8.oe2203sp1.x86_64.rpm
+ dnsmasq-debugsource-2.86-8.oe2203sp1.x86_64.rpm
+ dnsmasq-help-2.86-8.oe2203sp1.x86_64.rpm
+
+
+
+
+ dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
+
+ 2024-07-26
+ CVE-2023-49441
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 6.5
+ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+
+
+
+
+ dnsmasq security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1905
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1906.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1906.xml
new file mode 100644
index 0000000..bca159b
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1906.xml
@@ -0,0 +1,298 @@
+
+
+ An update for openjdk-11 is now available for openEuler-20.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1906
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ openjdk-11 security update
+ An update for openjdk-11 is now available for openEuler-20.03-LTS-SP4
+ The OpenJDK runtime environment.
+
+Security Fix(es):
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)
+ An update for openjdk-11 is now available for openEuler-20.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ openjdk-11
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21131
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21138
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21140
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21144
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21145
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21147
+
+
+
+
+ openEuler-20.03-LTS-SP4
+
+
+ java-11-openjdk-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2003sp4.x86_64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.x86_64.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2003sp4.aarch64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2003sp4.aarch64.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2003sp4.src.rpm
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21131
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21138
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21140
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21144
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21145
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
+
+ 2024-07-26
+ CVE-2024-21147
+
+
+ openEuler-20.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 7.4
+ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1906
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1907.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1907.xml
new file mode 100644
index 0000000..eb15403
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1907.xml
@@ -0,0 +1,298 @@
+
+
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP1
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1907
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ openjdk-11 security update
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP1
+ The OpenJDK runtime environment.
+
+Security Fix(es):
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP1.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ openjdk-11
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21131
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21138
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21140
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21144
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21145
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21147
+
+
+
+
+ openEuler-22.03-LTS-SP1
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp1.src.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2203sp1.x86_64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.x86_64.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2203sp1.aarch64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp1.aarch64.rpm
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21131
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21138
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21140
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21144
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21145
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
+
+ 2024-07-26
+ CVE-2024-21147
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ High
+
+
+
+
+ 7.4
+ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1907
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1908.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1908.xml
new file mode 100644
index 0000000..3b5ed1f
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1908.xml
@@ -0,0 +1,298 @@
+
+
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1908
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ openjdk-11 security update
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP4
+ The OpenJDK runtime environment.
+
+Security Fix(es):
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ openjdk-11
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21131
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21138
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21140
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21144
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21145
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21147
+
+
+
+
+ openEuler-22.03-LTS-SP4
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp4.src.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2203sp4.x86_64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.x86_64.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2203sp4.aarch64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp4.aarch64.rpm
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21131
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21138
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21140
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21144
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21145
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
+
+ 2024-07-26
+ CVE-2024-21147
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 7.4
+ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1908
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1909.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1909.xml
new file mode 100644
index 0000000..faef418
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1909.xml
@@ -0,0 +1,298 @@
+
+
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1909
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ openjdk-11 security update
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP3
+ The OpenJDK runtime environment.
+
+Security Fix(es):
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145)
+
+Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147)
+ An update for openjdk-11 is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ openjdk-11
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21131
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21138
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21140
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21144
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21145
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-21147
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21131
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21138
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21140
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21144
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21145
+ https://nvd.nist.gov/vuln/detail/CVE-2024-21147
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2203sp3.aarch64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.aarch64.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp3.src.rpm
+
+
+ java-11-openjdk-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-debuginfo-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-debugsource-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-demo-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-demo-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-devel-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-devel-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-headless-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-headless-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-javadoc-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-javadoc-zip-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-jmods-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-jmods-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-src-11.0.24.8-0.oe2203sp3.x86_64.rpm
+ java-11-openjdk-src-slowdebug-11.0.24.8-0.oe2203sp3.x86_64.rpm
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21131
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21138
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21140
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
+
+ 2024-07-26
+ CVE-2024-21144
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Low
+
+
+
+
+ 3.7
+ AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
+
+ 2024-07-26
+ CVE-2024-21145
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ Medium
+
+
+
+
+ 4.8
+ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+
+
+
+ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
+
+ 2024-07-26
+ CVE-2024-21147
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ High
+
+
+
+
+ 7.4
+ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+
+
+
+
+ openjdk-11 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1909
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1910.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1910.xml
new file mode 100644
index 0000000..8b1e8bf
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1910.xml
@@ -0,0 +1,108 @@
+
+
+ An update for assimp is now available for openEuler-24.03-LTS
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1910
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ assimp security update
+ An update for assimp is now available for openEuler-24.03-LTS
+ Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.
+
+Security Fix(es):
+
+Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)
+ An update for assimp is now available for openEuler-24.03-LTS.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ assimp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1910
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40724
+
+
+
+
+ openEuler-24.03-LTS
+
+
+ assimp-5.3.1-3.oe2403.aarch64.rpm
+ assimp-debuginfo-5.3.1-3.oe2403.aarch64.rpm
+ assimp-debugsource-5.3.1-3.oe2403.aarch64.rpm
+ assimp-devel-5.3.1-3.oe2403.aarch64.rpm
+
+
+ assimp-5.3.1-3.oe2403.src.rpm
+
+
+ assimp-5.3.1-3.oe2403.x86_64.rpm
+ assimp-debuginfo-5.3.1-3.oe2403.x86_64.rpm
+ assimp-debugsource-5.3.1-3.oe2403.x86_64.rpm
+ assimp-devel-5.3.1-3.oe2403.x86_64.rpm
+
+
+ assimp-help-5.3.1-3.oe2403.noarch.rpm
+ python3-assimp-5.3.1-3.oe2403.noarch.rpm
+
+
+
+
+ Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
+
+ 2024-07-26
+ CVE-2024-40724
+
+
+ openEuler-24.03-LTS
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ assimp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1910
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1911.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1911.xml
new file mode 100644
index 0000000..a913e5e
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1911.xml
@@ -0,0 +1,108 @@
+
+
+ An update for assimp is now available for openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1911
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ assimp security update
+ An update for assimp is now available for openEuler-22.03-LTS-SP4
+ Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.
+
+Security Fix(es):
+
+Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)
+ An update for assimp is now available for openEuler-22.03-LTS-SP4.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ assimp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1911
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40724
+
+
+
+
+ openEuler-22.03-LTS-SP4
+
+
+ assimp-5.2.4-2.oe2203sp4.aarch64.rpm
+ assimp-debuginfo-5.2.4-2.oe2203sp4.aarch64.rpm
+ assimp-debugsource-5.2.4-2.oe2203sp4.aarch64.rpm
+ assimp-devel-5.2.4-2.oe2203sp4.aarch64.rpm
+
+
+ assimp-5.2.4-2.oe2203sp4.src.rpm
+
+
+ assimp-5.2.4-2.oe2203sp4.x86_64.rpm
+ assimp-debuginfo-5.2.4-2.oe2203sp4.x86_64.rpm
+ assimp-debugsource-5.2.4-2.oe2203sp4.x86_64.rpm
+ assimp-devel-5.2.4-2.oe2203sp4.x86_64.rpm
+
+
+ assimp-help-5.2.4-2.oe2203sp4.noarch.rpm
+ python3-assimp-5.2.4-2.oe2203sp4.noarch.rpm
+
+
+
+
+ Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
+
+ 2024-07-26
+ CVE-2024-40724
+
+
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ assimp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1911
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1912.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1912.xml
new file mode 100644
index 0000000..5899ddd
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1912.xml
@@ -0,0 +1,108 @@
+
+
+ An update for assimp is now available for openEuler-22.03-LTS-SP3
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1912
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ assimp security update
+ An update for assimp is now available for openEuler-22.03-LTS-SP3
+ Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.
+
+Security Fix(es):
+
+Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)
+ An update for assimp is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ assimp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1912
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40724
+
+
+
+
+ openEuler-22.03-LTS-SP3
+
+
+ assimp-5.2.4-2.oe2203sp3.aarch64.rpm
+ assimp-debuginfo-5.2.4-2.oe2203sp3.aarch64.rpm
+ assimp-debugsource-5.2.4-2.oe2203sp3.aarch64.rpm
+ assimp-devel-5.2.4-2.oe2203sp3.aarch64.rpm
+
+
+ assimp-5.2.4-2.oe2203sp3.src.rpm
+
+
+ assimp-5.2.4-2.oe2203sp3.x86_64.rpm
+ assimp-debuginfo-5.2.4-2.oe2203sp3.x86_64.rpm
+ assimp-debugsource-5.2.4-2.oe2203sp3.x86_64.rpm
+ assimp-devel-5.2.4-2.oe2203sp3.x86_64.rpm
+
+
+ assimp-help-5.2.4-2.oe2203sp3.noarch.rpm
+ python3-assimp-5.2.4-2.oe2203sp3.noarch.rpm
+
+
+
+
+ Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
+
+ 2024-07-26
+ CVE-2024-40724
+
+
+ openEuler-22.03-LTS-SP3
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ assimp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1912
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1913.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1913.xml
new file mode 100644
index 0000000..f59138a
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1913.xml
@@ -0,0 +1,108 @@
+
+
+ An update for assimp is now available for openEuler-22.03-LTS-SP1
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1913
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ assimp security update
+ An update for assimp is now available for openEuler-22.03-LTS-SP1
+ Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.
+
+Security Fix(es):
+
+Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.(CVE-2024-40724)
+ An update for assimp is now available for openEuler-22.03-LTS-SP1.
+
+openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ High
+ assimp
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1913
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40724
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-40724
+
+
+
+
+ openEuler-22.03-LTS-SP1
+
+
+ assimp-5.2.4-2.oe2203sp1.aarch64.rpm
+ assimp-debuginfo-5.2.4-2.oe2203sp1.aarch64.rpm
+ assimp-debugsource-5.2.4-2.oe2203sp1.aarch64.rpm
+ assimp-devel-5.2.4-2.oe2203sp1.aarch64.rpm
+
+
+ assimp-5.2.4-2.oe2203sp1.src.rpm
+
+
+ assimp-5.2.4-2.oe2203sp1.x86_64.rpm
+ assimp-debuginfo-5.2.4-2.oe2203sp1.x86_64.rpm
+ assimp-debugsource-5.2.4-2.oe2203sp1.x86_64.rpm
+ assimp-devel-5.2.4-2.oe2203sp1.x86_64.rpm
+
+
+ assimp-help-5.2.4-2.oe2203sp1.noarch.rpm
+ python3-assimp-5.2.4-2.oe2203sp1.noarch.rpm
+
+
+
+
+ Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
+
+ 2024-07-26
+ CVE-2024-40724
+
+
+ openEuler-22.03-LTS-SP1
+
+
+
+
+ High
+
+
+
+
+ 7.8
+ AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+
+
+
+
+ assimp security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1913
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/2024/cvrf-openEuler-SA-2024-1914.xml b/cvrf/2024/cvrf-openEuler-SA-2024-1914.xml
new file mode 100644
index 0000000..8639aed
--- /dev/null
+++ b/cvrf/2024/cvrf-openEuler-SA-2024-1914.xml
@@ -0,0 +1,221 @@
+
+
+ An update for edk2 is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4
+ Security Advisory
+
+ openeuler-security@openeuler.org
+ openEuler security committee
+
+
+
+ openEuler-SA-2024-1914
+
+ Final
+ 1.0
+
+
+ 1.0
+ 2024-07-26
+ Initial
+
+
+ 2024-07-26
+ 2024-07-26
+
+ openEuler SA Tool V1.0
+ 2024-07-26
+
+
+
+ edk2 security update
+ An update for edk2 is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4
+ EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.
+
+Security Fix(es):
+
+Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
+empty supported client protocols buffer may cause a crash or memory contents to
+be sent to the peer.
+
+Impact summary: A buffer overread can have a range of potential consequences
+such as unexpected application beahviour or a crash. In particular this issue
+could result in up to 255 bytes of arbitrary private data from memory being sent
+to the peer leading to a loss of confidentiality. However, only applications
+that directly call the SSL_select_next_proto function with a 0 length list of
+supported client protocols are affected by this issue. This would normally never
+be a valid scenario and is typically not under attacker control but may occur by
+accident in the case of a configuration or programming error in the calling
+application.
+
+The OpenSSL API function SSL_select_next_proto is typically used by TLS
+applications that support ALPN (Application Layer Protocol Negotiation) or NPN
+(Next Protocol Negotiation). NPN is older, was never standardised and
+is deprecated in favour of ALPN. We believe that ALPN is significantly more
+widely deployed than NPN. The SSL_select_next_proto function accepts a list of
+protocols from the server and a list of protocols from the client and returns
+the first protocol that appears in the server list that also appears in the
+client list. In the case of no overlap between the two lists it returns the
+first item in the client list. In either case it will signal whether an overlap
+between the two lists was found. In the case where SSL_select_next_proto is
+called with a zero length client list it fails to notice this condition and
+returns the memory immediately following the client list pointer (and reports
+that there was no overlap in the lists).
+
+This function is typically called from a server side application callback for
+ALPN or a client side application callback for NPN. In the case of ALPN the list
+of protocols supplied by the client is guaranteed by libssl to never be zero in
+length. The list of server protocols comes from the application and should never
+normally be expected to be of zero length. In this case if the
+SSL_select_next_proto function has been called as expected (with the list
+supplied by the client passed in the client/client_len parameters), then the
+application will not be vulnerable to this issue. If the application has
+accidentally been configured with a zero length server list, and has
+accidentally passed that zero length server list in the client/client_len
+parameters, and has additionally failed to correctly handle a "no overlap"
+response (which would normally result in a handshake failure in ALPN) then it
+will be vulnerable to this problem.
+
+In the case of NPN, the protocol permits the client to opportunistically select
+a protocol when there is no overlap. OpenSSL returns the first client protocol
+in the no overlap case in support of this. The list of client protocols comes
+from the application and should never normally be expected to be of zero length.
+However if the SSL_select_next_proto function is accidentally called with a
+client_len of 0 then an invalid memory pointer will be returned instead. If the
+application uses this output as the opportunistic protocol then the loss of
+confidentiality will occur.
+
+This issue has been assessed as Low severity because applications are most
+likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
+widely used. It also requires an application configuration or programming error.
+Finally, this issue would not typically be under attacker control making active
+exploitation unlikely.
+
+The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
+
+Due to the low severity of this issue we are not issuing new releases of
+OpenSSL at this time. The fix will be included in the next releases when they
+become available.(CVE-2024-5535)
+ An update for edk2 is now available for openEuler-22.03-LTS-SP3.
+
+openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
+ Critical
+ edk2
+
+
+
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1914
+
+
+ https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5535
+
+
+ https://nvd.nist.gov/vuln/detail/CVE-2024-5535
+
+
+
+
+ openEuler-22.03-LTS-SP3
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+
+
+ edk2-202011-19.oe2203sp3.src.rpm
+ edk2-202002-23.oe2003sp4.src.rpm
+ edk2-202011-19.oe2203sp1.src.rpm
+ edk2-202308-9.oe2403.src.rpm
+ edk2-202011-19.oe2203sp4.src.rpm
+
+
+ edk2-aarch64-202011-19.oe2203sp3.noarch.rpm
+ edk2-help-202011-19.oe2203sp3.noarch.rpm
+ edk2-ovmf-202011-19.oe2203sp3.noarch.rpm
+ python3-edk2-devel-202011-19.oe2203sp3.noarch.rpm
+ edk2-aarch64-202002-23.oe2003sp4.noarch.rpm
+ edk2-help-202002-23.oe2003sp4.noarch.rpm
+ edk2-ovmf-202002-23.oe2003sp4.noarch.rpm
+ python3-edk2-devel-202002-23.oe2003sp4.noarch.rpm
+ edk2-aarch64-202011-19.oe2203sp1.noarch.rpm
+ edk2-help-202011-19.oe2203sp1.noarch.rpm
+ edk2-ovmf-202011-19.oe2203sp1.noarch.rpm
+ python3-edk2-devel-202011-19.oe2203sp1.noarch.rpm
+ edk2-aarch64-202308-9.oe2403.noarch.rpm
+ edk2-help-202308-9.oe2403.noarch.rpm
+ edk2-ovmf-202308-9.oe2403.noarch.rpm
+ python3-edk2-devel-202308-9.oe2403.noarch.rpm
+ edk2-aarch64-202011-19.oe2203sp4.noarch.rpm
+ edk2-help-202011-19.oe2203sp4.noarch.rpm
+ edk2-ovmf-202011-19.oe2203sp4.noarch.rpm
+ python3-edk2-devel-202011-19.oe2203sp4.noarch.rpm
+
+
+ edk2-debuginfo-202011-19.oe2203sp3.aarch64.rpm
+ edk2-debugsource-202011-19.oe2203sp3.aarch64.rpm
+ edk2-devel-202011-19.oe2203sp3.aarch64.rpm
+ edk2-debuginfo-202002-23.oe2003sp4.aarch64.rpm
+ edk2-debugsource-202002-23.oe2003sp4.aarch64.rpm
+ edk2-devel-202002-23.oe2003sp4.aarch64.rpm
+ edk2-debuginfo-202011-19.oe2203sp1.aarch64.rpm
+ edk2-debugsource-202011-19.oe2203sp1.aarch64.rpm
+ edk2-devel-202011-19.oe2203sp1.aarch64.rpm
+ edk2-debuginfo-202308-9.oe2403.aarch64.rpm
+ edk2-debugsource-202308-9.oe2403.aarch64.rpm
+ edk2-devel-202308-9.oe2403.aarch64.rpm
+ edk2-debuginfo-202011-19.oe2203sp4.aarch64.rpm
+ edk2-debugsource-202011-19.oe2203sp4.aarch64.rpm
+ edk2-devel-202011-19.oe2203sp4.aarch64.rpm
+
+
+ edk2-debuginfo-202011-19.oe2203sp3.x86_64.rpm
+ edk2-debugsource-202011-19.oe2203sp3.x86_64.rpm
+ edk2-devel-202011-19.oe2203sp3.x86_64.rpm
+ edk2-debuginfo-202002-23.oe2003sp4.x86_64.rpm
+ edk2-debugsource-202002-23.oe2003sp4.x86_64.rpm
+ edk2-devel-202002-23.oe2003sp4.x86_64.rpm
+ edk2-debuginfo-202011-19.oe2203sp1.x86_64.rpm
+ edk2-debugsource-202011-19.oe2203sp1.x86_64.rpm
+ edk2-devel-202011-19.oe2203sp1.x86_64.rpm
+ edk2-debuginfo-202308-9.oe2403.x86_64.rpm
+ edk2-debugsource-202308-9.oe2403.x86_64.rpm
+ edk2-devel-202308-9.oe2403.x86_64.rpm
+ edk2-debuginfo-202011-19.oe2203sp4.x86_64.rpm
+ edk2-debugsource-202011-19.oe2203sp4.x86_64.rpm
+ edk2-devel-202011-19.oe2203sp4.x86_64.rpm
+
+
+
+
+ Issue summary: Calling the OpenSSL API function SSL_select_next_proto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer.Impact summary: A buffer overread can have a range of potential consequencessuch as unexpected application beahviour or a crash. In particular this issuecould result in up to 255 bytes of arbitrary private data from memory being sentto the peer leading to a loss of confidentiality. However, only applicationsthat directly call the SSL_select_next_proto function with a 0 length list ofsupported client protocols are affected by this issue. This would normally neverbe a valid scenario and is typically not under attacker control but may occur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) or NPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a list ofprotocols from the server and a list of protocols from the client and returnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether an overlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (and reportsthat there was no overlap in the lists).This function is typically called from a server side application callback forALPN or a client side application callback for NPN. In the case of ALPN the listof protocols supplied by the client is guaranteed by libssl to never be zero inlength. The list of server protocols comes from the application and should nevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), then theapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a no overlap response (which would normally result in a handshake failure in ALPN) then itwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunistically selecta protocol when there is no overlap. OpenSSL returns the first client protocolin the no overlap case in support of this. The list of client protocols comesfrom the application and should never normally be expected to be of zero length.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. If theapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is notwidely used. It also requires an application configuration or programming error.Finally, this issue would not typically be under attacker control making activeexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases when theybecome available.
+
+ 2024-07-26
+ CVE-2024-5535
+
+
+ openEuler-22.03-LTS-SP3
+ openEuler-20.03-LTS-SP4
+ openEuler-22.03-LTS-SP1
+ openEuler-24.03-LTS
+ openEuler-22.03-LTS-SP4
+
+
+
+
+ Critical
+
+
+
+
+ 9.1
+ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
+
+
+
+
+ edk2 security update
+ 2024-07-26
+ https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1914
+
+
+
+
\ No newline at end of file
diff --git a/cvrf/index.txt b/cvrf/index.txt
index 423b014..f7d2d93 100644
--- a/cvrf/index.txt
+++ b/cvrf/index.txt
@@ -3046,3 +3046,37 @@
2024/cvrf-openEuler-SA-2024-1878.xml
2024/cvrf-openEuler-SA-2024-1879.xml
2024/cvrf-openEuler-SA-2024-1880.xml
+2024/cvrf-openEuler-SA-2024-1881.xml
+2024/cvrf-openEuler-SA-2024-1882.xml
+2024/cvrf-openEuler-SA-2024-1883.xml
+2024/cvrf-openEuler-SA-2024-1884.xml
+2024/cvrf-openEuler-SA-2024-1885.xml
+2024/cvrf-openEuler-SA-2024-1886.xml
+2024/cvrf-openEuler-SA-2024-1887.xml
+2024/cvrf-openEuler-SA-2024-1888.xml
+2024/cvrf-openEuler-SA-2024-1889.xml
+2024/cvrf-openEuler-SA-2024-1890.xml
+2024/cvrf-openEuler-SA-2024-1891.xml
+2024/cvrf-openEuler-SA-2024-1892.xml
+2024/cvrf-openEuler-SA-2024-1893.xml
+2024/cvrf-openEuler-SA-2024-1894.xml
+2024/cvrf-openEuler-SA-2024-1895.xml
+2024/cvrf-openEuler-SA-2024-1896.xml
+2024/cvrf-openEuler-SA-2024-1897.xml
+2024/cvrf-openEuler-SA-2024-1898.xml
+2024/cvrf-openEuler-SA-2024-1899.xml
+2024/cvrf-openEuler-SA-2024-1900.xml
+2024/cvrf-openEuler-SA-2024-1901.xml
+2024/cvrf-openEuler-SA-2024-1902.xml
+2024/cvrf-openEuler-SA-2024-1903.xml
+2024/cvrf-openEuler-SA-2024-1904.xml
+2024/cvrf-openEuler-SA-2024-1905.xml
+2024/cvrf-openEuler-SA-2024-1906.xml
+2024/cvrf-openEuler-SA-2024-1907.xml
+2024/cvrf-openEuler-SA-2024-1908.xml
+2024/cvrf-openEuler-SA-2024-1909.xml
+2024/cvrf-openEuler-SA-2024-1910.xml
+2024/cvrf-openEuler-SA-2024-1911.xml
+2024/cvrf-openEuler-SA-2024-1912.xml
+2024/cvrf-openEuler-SA-2024-1913.xml
+2024/cvrf-openEuler-SA-2024-1914.xml
\ No newline at end of file
diff --git a/src/lib.rs b/src/lib.rs
index 24f9237..9029c8d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -263,7 +263,7 @@ fn _save_2_cusa_db(dbpath: &str, cvrf: &CVRF) -> Result<()> {
return Ok(());
}
*/
- db.push(_src.chars().next().unwrap().to_string());
+ db.push(_src.chars().next().unwrap().to_lowercase().to_string());
// 不理会此问题
// db: "cusas/l/log4j,mybatis,netty,springframework,wildfly-security-manager,wildfly-elytron,wildfly-build-tools,wildfly-common,wildfly-core,thrift,json-lib,datanucleus-core,jgroups,mx4j,jboss-logging,infinispan,datanucleus-rdbms,avalon-logkit,datanucleus-api-jdo,avalon-framework,HikariCP,metrics"
// Error: Os { code: 63, kind: InvalidFilename, message: "File name too long" }