* [PATCH] Add vulnerable commits for few CVEs
@ 2025-01-20 17:10 Harshit Mogalapalli
2025-01-21 10:56 ` Greg KH
0 siblings, 1 reply; 8+ messages in thread
From: Harshit Mogalapalli @ 2025-01-20 17:10 UTC (permalink / raw)
To: cve
Cc: linux-kernel, vegard.nossum, pkshih, ville.syrjala, ranjan.kumar,
himanshu.madhani, Harshit Mogalapalli
CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
("scsi: mpi3mr: Add framework to issue config requests") which added all
the allocations of the config pages and the CVE fix deals with fixing
corruption in config pages.
CVE-2024-56369: fixed by adding overflow happening with multiplication.
Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit
CVE-2024-48873: deals with checking return value in
ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
function.
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
cve/published/2024/CVE-2024-56369.vulnerable | 1 +
cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable
diff --git a/cve/published/2024/CVE-2024-48873.vulnerable b/cve/published/2024/CVE-2024-48873.vulnerable
index c88ccd4fedfc..07dea2b74e50 100644
--- a/cve/published/2024/CVE-2024-48873.vulnerable
+++ b/cve/published/2024/CVE-2024-48873.vulnerable
@@ -1 +1 @@
-e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd
+c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0
diff --git a/cve/published/2024/CVE-2024-56369.vulnerable b/cve/published/2024/CVE-2024-56369.vulnerable
new file mode 100644
index 000000000000..a3d0a9973c8a
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56369.vulnerable
@@ -0,0 +1 @@
+2f0e9d804935970a4ce0f58dd046b41881bfd8f3
diff --git a/cve/published/2024/CVE-2024-57804.vulnerable b/cve/published/2024/CVE-2024-57804.vulnerable
index 59edd912279d..edbba87bfc57 100644
--- a/cve/published/2024/CVE-2024-57804.vulnerable
+++ b/cve/published/2024/CVE-2024-57804.vulnerable
@@ -1 +1 @@
-c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df
+32d457d5a2af9bf5ddbe28297eabf1fc93451665
--
2.46.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] Add vulnerable commits for few CVEs
2025-01-20 17:10 [PATCH] Add vulnerable commits for few CVEs Harshit Mogalapalli
@ 2025-01-21 10:56 ` Greg KH
0 siblings, 0 replies; 8+ messages in thread
From: Greg KH @ 2025-01-21 10:56 UTC (permalink / raw)
To: Harshit Mogalapalli
Cc: cve, linux-kernel, vegard.nossum, pkshih, ville.syrjala,
ranjan.kumar, himanshu.madhani
On Mon, Jan 20, 2025 at 09:10:40AM -0800, Harshit Mogalapalli wrote:
> CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
> ("scsi: mpi3mr: Add framework to issue config requests") which added all
> the allocations of the config pages and the CVE fix deals with fixing
> corruption in config pages.
>
> CVE-2024-56369: fixed by adding overflow happening with multiplication.
> Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
> Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit
>
> CVE-2024-48873: deals with checking return value in
> ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
> add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
> function.
>
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> ---
> cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
> cve/published/2024/CVE-2024-56369.vulnerable | 1 +
> cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
> 3 files changed, 3 insertions(+), 2 deletions(-)
> create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable
Many thanks for these, all now applied and the updated CVE entries
pushed out.
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] Add vulnerable commits for few CVEs
@ 2025-03-10 6:23 Harshit Mogalapalli
2025-03-10 7:37 ` Greg KH
0 siblings, 1 reply; 8+ messages in thread
From: Harshit Mogalapalli @ 2025-03-10 6:23 UTC (permalink / raw)
To: cve
Cc: andypma, Jesse.Zhang, forst, adobriyan, vegard.nossum,
linux-kernel, Harshit Mogalapalli
CVE-2024-49994: block: fix integer overflow in BLKSECDISCARD
— Fixes: 44abff2c0b97 ("block: decouple REQ_OP_SECURE_ERASE from REQ_OP_DISCARD")
Reason: The overflowing addition in blk_ioctl_secure_erase() is added in
above mentioned broken commit.
CVE-2024-46861 kernel: usbnet: ipheth: do not stop RX on failing RX callback
— Fixes: a2d274c62e44 ("usbnet: ipheth: add CDC NCM support")
Reason: dev->rcvbulk_callback() was added in the broken commit, and the
CVE fix is to remove the return statement on failure.
Note: The CVE fix is preventing driver to stop on non-critical failures
-- I think this shouldn't be a CVE
CVE-2024-46819 kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4
- Fixes: 28f87950d935 ("drm/amdgpu: clear ras controller status registers when interrupt occurs")
Reason: ras_manager was first brought into usage in the above mentioned
broken commit.
CVE-2024-40997 kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit
— Fixes: ffa5096a7c33 ("cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors")
Reason: memory allocation in amd_pstate_epp_cpu_init() with kzalloc is
added in the above mentioned broken commit.
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
cve/published/2024/CVE-2024-40997.vulnerable | 2 +-
cve/published/2024/CVE-2024-46819.vulnerable | 1 +
cve/published/2024/CVE-2024-46861.vulnerable | 1 +
cve/published/2024/CVE-2024-49994.vulnerable | 1 +
4 files changed, 4 insertions(+), 1 deletion(-)
create mode 100644 cve/published/2024/CVE-2024-46819.vulnerable
create mode 100644 cve/published/2024/CVE-2024-46861.vulnerable
create mode 100644 cve/published/2024/CVE-2024-49994.vulnerable
diff --git a/cve/published/2024/CVE-2024-40997.vulnerable b/cve/published/2024/CVE-2024-40997.vulnerable
index c45e2b019603..b715f1e960e6 100644
--- a/cve/published/2024/CVE-2024-40997.vulnerable
+++ b/cve/published/2024/CVE-2024-40997.vulnerable
@@ -1 +1 @@
-ec437d71db77a181227bf6d0ac9d4a80e58ecf0f
+ffa5096a7c338641f70fb06d4778e8cf400181a8
diff --git a/cve/published/2024/CVE-2024-46819.vulnerable b/cve/published/2024/CVE-2024-46819.vulnerable
new file mode 100644
index 000000000000..d8021d7b9571
--- /dev/null
+++ b/cve/published/2024/CVE-2024-46819.vulnerable
@@ -0,0 +1 @@
+28f87950d935eec2ba1076933535213f4f5c8a06
diff --git a/cve/published/2024/CVE-2024-46861.vulnerable b/cve/published/2024/CVE-2024-46861.vulnerable
new file mode 100644
index 000000000000..84ad606d707a
--- /dev/null
+++ b/cve/published/2024/CVE-2024-46861.vulnerable
@@ -0,0 +1 @@
+a2d274c62e44b1995c170595db3865c6fe701226
diff --git a/cve/published/2024/CVE-2024-49994.vulnerable b/cve/published/2024/CVE-2024-49994.vulnerable
new file mode 100644
index 000000000000..7ab1e0c8c338
--- /dev/null
+++ b/cve/published/2024/CVE-2024-49994.vulnerable
@@ -0,0 +1 @@
+44abff2c0b970ae3d310b97617525dc01f248d7c
--
2.46.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] Add vulnerable commits for few CVEs
2025-03-10 6:23 Harshit Mogalapalli
@ 2025-03-10 7:37 ` Greg KH
2025-03-10 8:48 ` Harshit Mogalapalli
0 siblings, 1 reply; 8+ messages in thread
From: Greg KH @ 2025-03-10 7:37 UTC (permalink / raw)
To: Harshit Mogalapalli
Cc: cve, andypma, Jesse.Zhang, forst, adobriyan, vegard.nossum,
linux-kernel
On Sun, Mar 09, 2025 at 11:23:49PM -0700, Harshit Mogalapalli wrote:
> CVE-2024-49994: block: fix integer overflow in BLKSECDISCARD
> — Fixes: 44abff2c0b97 ("block: decouple REQ_OP_SECURE_ERASE from REQ_OP_DISCARD")
> Reason: The overflowing addition in blk_ioctl_secure_erase() is added in
> above mentioned broken commit.
>
> CVE-2024-46861 kernel: usbnet: ipheth: do not stop RX on failing RX callback
> — Fixes: a2d274c62e44 ("usbnet: ipheth: add CDC NCM support")
> Reason: dev->rcvbulk_callback() was added in the broken commit, and the
> CVE fix is to remove the return statement on failure.
> Note: The CVE fix is preventing driver to stop on non-critical failures
> -- I think this shouldn't be a CVE
It's it a denial of service if the driver does not work for normal
issues that can be triggered?
> CVE-2024-46819 kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4
> - Fixes: 28f87950d935 ("drm/amdgpu: clear ras controller status registers when interrupt occurs")
> Reason: ras_manager was first brought into usage in the above mentioned
> broken commit.
>
> CVE-2024-40997 kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit
> — Fixes: ffa5096a7c33 ("cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors")
> Reason: memory allocation in amd_pstate_epp_cpu_init() with kzalloc is
> added in the above mentioned broken commit.
>
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Thanks for all of these, I'll go apply this now and update the database
entries.
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Add vulnerable commits for few CVEs
2025-03-10 7:37 ` Greg KH
@ 2025-03-10 8:48 ` Harshit Mogalapalli
0 siblings, 0 replies; 8+ messages in thread
From: Harshit Mogalapalli @ 2025-03-10 8:48 UTC (permalink / raw)
To: Greg KH
Cc: cve, andypma, Jesse.Zhang, forst, adobriyan, vegard.nossum,
linux-kernel
Hi Greg,
On 10/03/25 13:07, Greg KH wrote:
...
>> CVE-2024-46861 kernel: usbnet: ipheth: do not stop RX on failing RX callback
>> — Fixes: a2d274c62e44 ("usbnet: ipheth: add CDC NCM support")
>> Reason: dev->rcvbulk_callback() was added in the broken commit, and the
>> CVE fix is to remove the return statement on failure.
>> Note: The CVE fix is preventing driver to stop on non-critical failures
>> -- I think this shouldn't be a CVE
>
> It's it a denial of service if the driver does not work for normal
> issues that can be triggered?
>
Ah yes, I agree, thanks for explaining.
...
>> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
>
> Thanks for all of these, I'll go apply this now and update the database
> entries.
>
Thanks a lot!
Regards,
Harshit
> greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] Add vulnerable commits for few CVEs
@ 2025-05-10 16:10 Harshit Mogalapalli
2025-05-10 16:47 ` Greg KH
0 siblings, 1 reply; 8+ messages in thread
From: Harshit Mogalapalli @ 2025-05-10 16:10 UTC (permalink / raw)
To: cve; +Cc: linux-kernel, vegard.nossum, Harshit Mogalapalli
CVE-2025-21872: Re-mapping the entire mokvar_table is the problem and
the re-mapping is first done in this Fixes: 58c909022a5a ("efi: Support
for MOK variable config table"), so this is the broken commit
CVE-2025-21833: The fix moves dev_pasid dereference inside
WARN_ON_ONCE() as there is a possibility of dev_pasid being NULL, this
dereference is first introduced while adding debugfs support per file in
Fixes: d87731f60931 ("iommu/vt-d: debugfs: Create/remove debugfs file
per {device, pasid}")
CVE-2025-21832E: The problem is that iov_iter_revert() is done before a
negative return check which was was first added in Fixes: 3e1f941dd9f3
("block: fix DIO handling regressions in blkdev_read_iter()")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
cve/published/2025/CVE-2025-21832.vulnerable | 1 +
cve/published/2025/CVE-2025-21833.vulnerable | 1 +
cve/published/2025/CVE-2025-21872.vulnerable | 1 +
3 files changed, 3 insertions(+)
create mode 100644 cve/published/2025/CVE-2025-21832.vulnerable
create mode 100644 cve/published/2025/CVE-2025-21833.vulnerable
create mode 100644 cve/published/2025/CVE-2025-21872.vulnerable
diff --git a/cve/published/2025/CVE-2025-21832.vulnerable b/cve/published/2025/CVE-2025-21832.vulnerable
new file mode 100644
index 000000000000..feb566fe0511
--- /dev/null
+++ b/cve/published/2025/CVE-2025-21832.vulnerable
@@ -0,0 +1 @@
+3e1f941dd9f33776b3df4e30f741fe445ff773f3
diff --git a/cve/published/2025/CVE-2025-21833.vulnerable b/cve/published/2025/CVE-2025-21833.vulnerable
new file mode 100644
index 000000000000..86fa313ab645
--- /dev/null
+++ b/cve/published/2025/CVE-2025-21833.vulnerable
@@ -0,0 +1 @@
+d87731f609318a27e9aa3d01cf97798599d32839
diff --git a/cve/published/2025/CVE-2025-21872.vulnerable b/cve/published/2025/CVE-2025-21872.vulnerable
new file mode 100644
index 000000000000..96c8b40950cc
--- /dev/null
+++ b/cve/published/2025/CVE-2025-21872.vulnerable
@@ -0,0 +1 @@
+58c909022a5a56cd1d9e89c8c5461fd1f6a27bb5
--
2.47.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] Add vulnerable commits for few CVEs
2025-05-10 16:10 Harshit Mogalapalli
@ 2025-05-10 16:47 ` Greg KH
2025-05-10 16:56 ` Harshit Mogalapalli
0 siblings, 1 reply; 8+ messages in thread
From: Greg KH @ 2025-05-10 16:47 UTC (permalink / raw)
To: Harshit Mogalapalli; +Cc: cve, linux-kernel, vegard.nossum
On Sat, May 10, 2025 at 09:10:43AM -0700, Harshit Mogalapalli wrote:
> CVE-2025-21872: Re-mapping the entire mokvar_table is the problem and
> the re-mapping is first done in this Fixes: 58c909022a5a ("efi: Support
> for MOK variable config table"), so this is the broken commit
>
> CVE-2025-21833: The fix moves dev_pasid dereference inside
> WARN_ON_ONCE() as there is a possibility of dev_pasid being NULL, this
> dereference is first introduced while adding debugfs support per file in
> Fixes: d87731f60931 ("iommu/vt-d: debugfs: Create/remove debugfs file
> per {device, pasid}")
>
> CVE-2025-21832E: The problem is that iov_iter_revert() is done before a
I don't think CVE entries have "E" on the end of them :)
I'll edit this when I apply it in a few minutes, thanks!
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Add vulnerable commits for few CVEs
2025-05-10 16:47 ` Greg KH
@ 2025-05-10 16:56 ` Harshit Mogalapalli
0 siblings, 0 replies; 8+ messages in thread
From: Harshit Mogalapalli @ 2025-05-10 16:56 UTC (permalink / raw)
To: Greg KH; +Cc: cve, linux-kernel, vegard.nossum
Hi Greg,
On 10/05/25 22:17, Greg KH wrote:
> On Sat, May 10, 2025 at 09:10:43AM -0700, Harshit Mogalapalli wrote:
>> CVE-2025-21872: Re-mapping the entire mokvar_table is the problem and
>> the re-mapping is first done in this Fixes: 58c909022a5a ("efi: Support
>> for MOK variable config table"), so this is the broken commit
>>
>> CVE-2025-21833: The fix moves dev_pasid dereference inside
>> WARN_ON_ONCE() as there is a possibility of dev_pasid being NULL, this
>> dereference is first introduced while adding debugfs support per file in
>> Fixes: d87731f60931 ("iommu/vt-d: debugfs: Create/remove debugfs file
>> per {device, pasid}")
>>
>> CVE-2025-21832E: The problem is that iov_iter_revert() is done before a
>
> I don't think CVE entries have "E" on the end of them :)
>
Oops, sorry for that, that was a typo, I remember how this happened, I
copied starting from -2025.. and pasted it in incorrect mode, that ended
up leaving a E from CVE moved to the end, missed fixing it.
> I'll edit this when I apply it in a few minutes, thanks!
>
Thanks a lot.
Regards,
Harshit
> greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-05-10 16:57 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-20 17:10 [PATCH] Add vulnerable commits for few CVEs Harshit Mogalapalli
2025-01-21 10:56 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2025-03-10 6:23 Harshit Mogalapalli
2025-03-10 7:37 ` Greg KH
2025-03-10 8:48 ` Harshit Mogalapalli
2025-05-10 16:10 Harshit Mogalapalli
2025-05-10 16:47 ` Greg KH
2025-05-10 16:56 ` Harshit Mogalapalli
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox