Auto-Update: 2024-12-11T17:00:38.499974+00:00

fkie-cad · Dec 11, 2024 · c186c29 · c186c29
1 parent e32be85
commit c186c29
Show file tree

Hide file tree

Showing 131 changed files with 11,939 additions and 857 deletions.
diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json
@@ -2,7 +2,7 @@
   "id": "CVE-2018-9412",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-19T22:15:18.813",
-  "lastModified": "2024-12-05T21:15:06.513",
+  "lastModified": "2024-12-11T15:15:06.777",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -49,16 +49,6 @@
           "value": "NVD-CWE-noinfo"
         }
       ]
-    },
-    {
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-      "type": "Secondary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-770"
-        }
-      ]
     }
   ],
   "configurations": [

diff --git a/CVE-2020/CVE-2020-207xx/CVE-2020-20726.json b/CVE-2020/CVE-2020-207xx/CVE-2020-20726.json
@@ -2,7 +2,7 @@
   "id": "CVE-2020-20726",
   "sourceIdentifier": "[email protected]",
   "published": "2023-06-20T15:15:10.720",
-  "lastModified": "2024-11-21T05:12:15.260",
+  "lastModified": "2024-12-11T15:15:06.953",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 2.8,
         "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
       }
     ]
   },
@@ -45,6 +65,16 @@
           "value": "CWE-352"
         }
       ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
     }
   ],
   "configurations": [

diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36787.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36787.json
@@ -2,8 +2,8 @@
   "id": "CVE-2020-36787",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-02-28T09:15:37.030",
-  "lastModified": "2024-11-21T05:30:18.467",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-12-11T16:42:29.080",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -15,47 +15,152 @@
       "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: aspeed: corrige la l\u00f3gica de manejo del reloj El motor de video usa eclk y vclk para sus fuentes de reloj y su control de reinicio est\u00e1 acoplado con eclk para que la secuencia de habilitaci\u00f3n del reloj actual funcione como se muestra a continuaci\u00f3n. Habilitar eclk De-assert Video Engine restablece un retraso de 10 ms Habilitar vclk Introduce un reinicio incorrecto en el hardware de Video Engine y eventualmente el hardware genera transferencias de memoria DMA inesperadas que pueden da\u00f1ar la regi\u00f3n de la memoria en patrones aleatorios y espor\u00e1dicos. Este problema se observa muy raramente en algunos SoC AST2500 espec\u00edficos, pero provoca un p\u00e1nico cr\u00edtico en el kernel al crear varias formas de firma, por lo que es extremadamente dif\u00edcil de depurar. Adem\u00e1s, el problema se observa incluso cuando el motor de v\u00eddeo no se utiliza activamente porque udevd enciende el hardware del motor de v\u00eddeo durante un breve periodo de tiempo para realizar una consulta en cada arranque. Para solucionar este problema, esta confirmaci\u00f3n cambia la l\u00f3gica de manejo del reloj para activar la anulaci\u00f3n de reinicio despu\u00e9s de habilitar tanto eclk como vclk. Adem\u00e1s, agrega la llamada clk_unprepare para un caso en el que falla la sonda. clk: ast2600: corrige la configuraci\u00f3n de restablecimiento para eclk y vclk La configuraci\u00f3n de restablecimiento del motor de video debe combinarse con eclk para que coincida con la configuraci\u00f3n de los SoC Aspeed anteriores que se define en clk-aspeed.c, ya que todos los SoC Aspeed comparten un \u00fanico controlador de motor de video. Adem\u00e1s, el bit de reinicio 6 se define como reinicio del 'Motor de video' en la hoja de datos, por lo que debe desactivarse cuando eclk est\u00e1 habilitado. Este commit corrige la configuraci\u00f3n."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "NVD-CWE-noinfo"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.0",
+              "versionEndExcluding": "5.4.119",
+              "matchCriteriaId": "9CE89AEF-FBDF-4C15-B17B-1A7C321B30AF"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.5",
+              "versionEndExcluding": "5.10.37",
+              "matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.11",
+              "versionEndExcluding": "5.11.21",
+              "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.12",
+              "versionEndExcluding": "5.12.4",
+              "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://git.kernel.org/stable/c/1dc1d30ac101bb8335d9852de2107af60c2580e7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/2964c37563e86cfdc439f217eb3c5a69adfdba6a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/3536169f8531c2c5b153921dc7d1ac9fd570cda7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/75321dc8aebe3f30eff226028fe6da340fe0bf02",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/a59d01384c80a8a4392665802df57c3df20055f5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/1dc1d30ac101bb8335d9852de2107af60c2580e7",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/2964c37563e86cfdc439f217eb3c5a69adfdba6a",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/3536169f8531c2c5b153921dc7d1ac9fd570cda7",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/75321dc8aebe3f30eff226028fe6da340fe0bf02",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/a59d01384c80a8a4392665802df57c3df20055f5",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
     }
   ]
 }