From 740f7e1e45b5c0b58ee1a5c7bcb2b4dcf5c2227e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 7 Dec 2024 09:03:32 +0000 Subject: [PATCH] Auto-Update: 2024-12-07T09:00:19.918550+00:00 --- CVE-2024/CVE-2024-531xx/CVE-2024-53143.json | 29 +++++++++++++++++++++ README.md | 8 +++--- _state.csv | 3 ++- 3 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-531xx/CVE-2024-53143.json diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53143.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53143.json new file mode 100644 index 00000000000..c25e47d6ffa --- /dev/null +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53143.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-53143", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-12-07T07:15:03.780", + "lastModified": "2024-12-07T07:15:03.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: Fix ordering of iput() and watched_objects decrement\n\nEnsure the superblock is kept alive until we're done with iput().\nHolding a reference to an inode is not allowed unless we ensure the\nsuperblock stays alive, which fsnotify does by keeping the\nwatched_objects count elevated, so iput() must happen before the\nwatched_objects decrement.\nThis can lead to a UAF of something like sb->s_fs_info in tmpfs, but the\nUAF is hard to hit because race orderings that oops are more likely, thanks\nto the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().\n\nAlso, ensure that fsnotify_put_sb_watched_objects() doesn't call\nfsnotify_sb_watched_objects() on a superblock that may have already been\nfreed, which would cause a UAF read of sb->s_fsnotify_info." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/21d1b618b6b9da46c5116c640ac4b1cc8d40d63a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/45a8f8232a495221ed058191629f5c628f21601a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 40bc83d9dd9..bbc66c64e2b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-07T07:00:19.319460+00:00 +2024-12-07T09:00:19.918550+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-07T06:15:17.760000+00:00 +2024-12-07T07:15:03.780000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -272467 +272468 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-11183](CVE-2024/CVE-2024-111xx/CVE-2024-11183.json) (`2024-12-07T06:15:17.760`) +- [CVE-2024-53143](CVE-2024/CVE-2024-531xx/CVE-2024-53143.json) (`2024-12-07T07:15:03.780`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index bff7cd8edaa..b802f1fd597 100644 --- a/_state.csv +++ b/_state.csv @@ -243589,7 +243589,7 @@ CVE-2024-11178,0,0,88fd37ec83f58799851dee6171e6aa96459a237aab617357fda7452771f05 CVE-2024-11179,0,0,38e54346776befead02bb0d90bed5d6fc177bf14c23bd48810b55bacf50173db,2024-11-22T16:55:03.947000 CVE-2024-1118,0,0,6c399aaded9e96cfac900ecbd30e202d5a6a42d5625667c3de9725b65dc62fc3,2024-02-10T04:13:01.030000 CVE-2024-11182,0,0,550276b9543adbab2608aeeaeb156b493c7ea7fcd794d8e2722b73a2104ac612,2024-11-19T19:08:15.657000 -CVE-2024-11183,1,1,187fbdbb4171509d71ccef34c529fe0d8935deb2251a1314959bc55e2e7386cc,2024-12-07T06:15:17.760000 +CVE-2024-11183,0,0,187fbdbb4171509d71ccef34c529fe0d8935deb2251a1314959bc55e2e7386cc,2024-12-07T06:15:17.760000 CVE-2024-11188,0,0,3d2e4d2dec7cd3cc94060cc2808eb6bec0162c5aa4b5fe4b6246065e84f2f8e8,2024-11-23T06:15:17.570000 CVE-2024-1119,0,0,5426bc48e63724893c52e881a8535fb7954cf4e6383fc287bdb9896410f7d3a0,2024-03-20T13:00:16.367000 CVE-2024-11192,0,0,6459d53f4b13b67cafe19770c37c9f2208043c5b0b1fa605bd9e7fc206926de6,2024-11-26T09:15:05.563000 @@ -268268,6 +268268,7 @@ CVE-2024-5314,0,0,a7cdac28c15b59d972bbd1ad7f63aae58232f4c63fcf8544d4cfc91c709ee3 CVE-2024-53140,0,0,1e305e6de8211be0acb862b44bf00edd966f43bd03f0e8788aef5f08b97bf852,2024-12-05T12:15:19.703000 CVE-2024-53141,0,0,8dcf63cfdc9cf4d0527b568647b1a6489fcae499da26312159d8d87ad0e79349,2024-12-06T10:15:06.050000 CVE-2024-53142,0,0,50b6b64348c1d5bb40e5d9bac14bede9a65147157b83dfb4254c83dd923b1b4a,2024-12-06T10:15:06.203000 +CVE-2024-53143,1,1,58aea596a92f51ecb8e396a2e6f1085ce03cd820c5355e9f3433d5e31dfbde48,2024-12-07T07:15:03.780000 CVE-2024-5315,0,0,8579169b825e98cf3238daa1adb0a4d2ea9e4baf40a7a9906b16d52fd8bd309a,2024-05-24T13:03:05.093000 CVE-2024-5317,0,0,ca9413f34c0b442e0ebe516eaf4713c47241a346ee54ab90be673b58c28dbb75,2024-06-11T17:22:08.007000 CVE-2024-5318,0,0,837e96b053ddf8bba826c345247317ae9421322227a87d1660e3de27e2bfd29a,2024-10-03T07:15:31.463000