Skip to content

Commit

Permalink
Auto-Update: 2024-12-11T15:00:46.621510+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 11, 2024
1 parent 7642689 commit e32be85
Show file tree
Hide file tree
Showing 20 changed files with 1,559 additions and 159 deletions.
114 changes: 103 additions & 11 deletions CVE-2021/CVE-2021-469xx/CVE-2021-46958.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2021-46958",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T19:04:06.813",
"lastModified": "2024-11-21T06:35:01.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-11T14:43:21.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
Expand All @@ -15,39 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige la ejecuci\u00f3n entre transacciones abortadas y fsyncs que conducen a use-after-free. Hay una carrera entre una tarea que aborta una transacci\u00f3n durante un commit, una tarea que realiza una fsync y la transacci\u00f3n. kthread, lo que conduce a un use-after-free del \u00e1rbol ra\u00edz del registro. Cuando esto sucede, se genera un seguimiento de pila como el siguiente: Informaci\u00f3n BTRFS (dispositivo dm-0): solo lectura forzada Advertencia BTRFS (dispositivo dm-0): omitir confirmaci\u00f3n de transacci\u00f3n abortada. BTRFS: error (dispositivo dm-0) en cleanup_transaction:1958: errno=-5 falla de IO Advertencia de BTRFS (dispositivo dm-0): escritura de p\u00e1gina perdida debido a un error de IO en /dev/mapper/error-test (-5) BTRFS Advertencia (dispositivo dm-0): omitir confirmaci\u00f3n de transacci\u00f3n abortada. Advertencia BTRFS (dispositivo dm-0): IO directa fall\u00f3 en 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 Error BTRFS (dispositivo dm-0): error al escribir el superbloque primario en el dispositivo 1 Advertencia BTRFS (dispositivo dm-0) : error de IO directo ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 advertencia BTRFS (dispositivo dm-0): error de IO directo ino 261 rw 0,0 sector 0x12e008 len 4096 error no 10 advertencia BTRFS (dispositivo dm-0) : error de IO directo ino 261 rw 0,0 sector 0x12e010 len 4096 error no 10 BTRFS: error (dispositivo dm-0) en write_all_supers:4110: errno=-5 error de IO (1 error al escribir supers) BTRFS: error (dispositivo dm -0) en btrfs_sync_log:3308: errno=-5 Fallo de E/S Fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0- rc5-btrfs-next-84 #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 01/04/2014 RIP: 0010:__mutex_lock+ 0x139/0xa40 C\u00f3digo: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 00000000000000002 RD X: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 00000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b 80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2 b4003 CR4 : 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000fffe0ff0 DR7: 000000 0000000400 Rastreo de llamadas: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs]? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+ 0x33/0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 C\u00f3digo : 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c 3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000001 R09: 00007fff26278d5c R10: 0 000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 M\u00f3dulos vinculados en: btrfs dm_zero dm_snapshot dm _thin_pool (...) ---[ end trace ee2f1b19327d791d ]--- Los pasos que conducen a este bloqueo son los siguientes: 1) Estamos en la transacci\u00f3n N; 2) Tenemos dos tareas con un identificador de transacci\u00f3n adjunto a la transacci\u00f3n N. Tarea A y Tarea B. La tarea B est\u00e1 realizando una sincronizaci\u00f3n f; 3) La tarea B est\u00e1 en btrfs_sync_log() y ha guardado fs_info->log_root_tree en una variable local llamada 'log_root_tree' en la parte superior de btrfs_sync_log().---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.10.36",
"matchCriteriaId": "C6E35DB7-8D08-44A4-88FE-9B73324500C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.20",
"matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.3",
"matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}
165 changes: 148 additions & 17 deletions CVE-2021/CVE-2021-469xx/CVE-2021-46960.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2021-46960",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T19:04:06.860",
"lastModified": "2024-11-21T06:35:02.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-11T14:47:28.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
Expand All @@ -15,63 +15,194 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: devuelve el c\u00f3digo de error correcto de smb2_get_enc_key Evite una advertencia si el error se repite: [440700.376476] CIFS VFS: \\\\otters.example.com crypt_message: no se pudo obtener la clave de cifrado [440700.386947] ------------[ cortar aqu\u00ed ]------------ [440700.386948] err = 1 [440700.386977] ADVERTENCIA: CPU: 11 PID: 2733 en / build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm: tar Contaminado: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu... [440700.397334] Seguimiento de llamadas: [440700.397346] __filemap_set_wb_err+0x1a/0x70 [440700.397419] cifs_writepages+0x9c7/0xb30 [cifs ] [440700.397426] do_writepages+0x4b /0xe0 [440700.397444] __filemap_fdatawrite_range+0xcb/0x100 [440700.397455] filemap_write_and_wait+0x42/0xa0 [440700.397486] cifs_setattr+0x68b/0xf30 [cifs] [440700.39749 3] notify_change+0x358/0x4a0 [440700.397500] utimes_common+0xe9/0x1c0 [440700.397510] do_utimes+ 0xc5/0x150 [440700.397520] __x64_sys_utimensat+0x88/0xd0"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.11",
"versionEndExcluding": "4.14.233",
"matchCriteriaId": "3CEB4F43-643B-4BF2-BC3B-FB797EC75463"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.191",
"matchCriteriaId": "5B6E6817-19A8-4C0A-8807-71DA48CF9191"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.118",
"matchCriteriaId": "C83F5505-AF9D-4F2A-8D37-A8EB73ED772D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.36",
"matchCriteriaId": "003E22D0-CA29-4338-8B35-0754C740074F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.20",
"matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.3",
"matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468ab46b27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468ab46b27",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}
Loading

0 comments on commit e32be85

Please sign in to comment.