Security
Headlines
HeadlinesLatestCVEs

Headline

Siemens SINEC OS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF

  1. EXECUTIVE SUMMARY CVSS v3.1 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM, SCALANCE Vulnerabilities: NULL Pointer Dereference, Use After Free, Unchecked Input for Loop Condition, Out-of-bounds Write, Out-of-bounds Read, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’), Deadlock, Improper Resource Locking, Improper Input Validation, Stack-based Buffer Overflow, Use of NullPointerException Catch to Detect NULL Pointer Dereference, Improper Control of Resource Identifiers (‘Resource Injection’), Incorrect Calculation of Buffer Size, Missing Write Protection for Parametric Data Values, Missing Initialization of a Variable, Divide By Zero, Transmission of Private Resources into a New Sphere (‘Resource Leak’), Incomplete Cleanup, Double Free, Improper Locking
  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker remote code execution.
  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions prior to 3.1 Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family: All versions prior to 3.1 Siemens SCALANCE XCM-/XRM-/XCH-/XRH-300 family: All versions prior to 3.1 3.2 VULNERABILITY OVERVIEW 3.2.1 NULL POINTER DEREFERENCE CWE-476 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. CVE-2021-44879 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). 3.2.2 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit. CVE-2022-48935 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.3 USE AFTER FREE CWE-416 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. CVE-2023-3567 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.4 USE AFTER FREE CWE-416 A use-after-free vulnerability was found in drivers/nvme/target/tcp.cinnvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem. CVE-2023-5178 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.5 UNCHECKED INPUT FOR LOOP CONDITION CWE-606 Applications that use the functions DH_generate_key() to generate an X9.42 DH key and DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. If the keys or parameters being checked are obtained from an untrusted source, this may lead to a denial of service (DoS). While DH_check() performs all necessary checks (as of CVE-2023-3817), DH_check_pub_key() does not perform these checks, making it vulnerable to excessively large P and Q parameters. Similarly, while DH_generate_key() checks for an excessively large P, it does not check for an excessively large Q. An application calling DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a denial of service attack. DH_generate_key() and DH_check_pub_key() are also invoked by several other OpenSSL functions. Applications using these functions may similarly be affected. Other affected functions include DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). The OpenSSL pkey command line application (when using the "-pubcheck" option) and the OpenSSL genpkey command line application are also vulnerable. The OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-5678 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 3.2.6 OUT-OF-BOUNDS WRITE CWE-787 A heap out-of-bounds write vulnerability in the Linux kernel’s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event’s sibling_list is smaller than its child’s sibling_list, it can increment or write to memory locations outside of the allocated buffer. It is recommended to upgrade past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. CVE-2023-5717 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.7 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds access vulnerability involving netfilter was reported and fixed in commit f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family). While creating a new netfilter table, the lack of a safeguard against invalid nf_tables family (pf) values within the nf_tables_newtable function allows an attacker to achieve out-of-bounds access. CVE-2023-6040 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.8 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). CVE-2023-6121 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 3.2.9 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.10 OUT-OF-BOUNDS WRITE CWE-787 A heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. A perf_event’s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). It is recommended to upgrade past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. CVE-2023-6931 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.11 USE AFTER FREE CWE-416 A use-after-free vulnerability in the Linux kernel’s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object, which is freed by another thread. It is recommended to upgrade past commit e2b706c691905fe78468c361aaabc719d0a496f1. CVE-2023-6932 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.12 USE AFTER FREE CWE-416 An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. CVE-2023-35827 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.13 USE AFTER FREE CWE-416 A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. CVE-2023-39198 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.14 OUT-OF-BOUNDS WRITE CWE-787 An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. CVE-2023-45863 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.15 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. CVE-2023-46343 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2.16 USE AFTER FREE CWE-416 bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. CVE-2023-51779 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.17 USE AFTER FREE CWE-416 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. CVE-2023-51780 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.18 USE AFTER FREE CWE-416 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. CVE-2023-51781 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.19 USE AFTER FREE CWE-416 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. CVE-2023-51782 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.20 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. CVE-2023-52340 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2.21 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction. CVE-2023-52433 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.22 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment(). CVE-2023-52435 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.23 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete. CVE-2023-52475 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.24 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors. CVE-2023-52477 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.25 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect. CVE-2023-52478 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H). 3.2.26 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: drm: Don’t unref the same fb many times by mistake due to deadlock handling. CVE-2023-52486 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.27 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn(). CVE-2023-52502 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.28 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives(). CVE-2023-52504 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H). 3.2.29 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid. CVE-2023-52507 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.30 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work(). CVE-2023-52509 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H). 3.2.31 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe. CVE-2023-52510 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H). 3.2.32 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired. CVE-2023-52581 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.33 DEADLOCK CWE-833 In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget(). CVE-2023-52583 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.34 IMPROPER RESOURCE LOCKING CWE-413 In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking. CVE-2023-52587 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H). 3.2.35 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus(). CVE-2023-52594 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.36 IMPROPER INPUT VALIDATION CWE-20 In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset. CVE-2023-52595 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.37 IMPROPER INPUT VALIDATION CWE-20 In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register. CVE-2023-52597 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.38 IMPROPER INPUT VALIDATION CWE-20 In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly. CVE-2023-52598 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H). 3.2.39 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt. CVE-2023-52599 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.40 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode. CVE-2023-52600 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.41 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree. CVE-2023-52601 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.42 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch. CVE-2023-52602 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.43 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot. CVE-2023-52603 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.44 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree. CVE-2023-52604 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.45 STACK-BASED BUFFER OVERFLOW CWE-121 In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations. CVE-2023-52606 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.46 USE OF NULLPOINTEREXCEPTION CATCH TO DETECT NULL POINTER DEREFERENCE CWE-395 In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add. CVE-2023-52607 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.47 DEADLOCK CWE-833 In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng. CVE-2023-52615 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.48 IMPROPER INPUT VALIDATION CWE-20 In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove. CVE-2023-52617 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.49 IMPROPER CONTROL OF RESOURCE IDENTIFIERS (‘RESOURCE INJECTION’) CWE-99 In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number. CVE-2023-52619 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.50 INCORRECT CALCULATION OF BUFFER SIZE CWE-131 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg. CVE-2023-52622 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.51 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning. CVE-2023-52623 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.52 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER). CVE-2023-52637 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.53 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets. CVE-2023-52654 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.54 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit. CVE-2023-52655 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.55 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove(). CVE-2023-52670 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.56 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator. CVE-2023-52753 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.57 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker. CVE-2023-52764 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.58 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access. CVE-2023-52774 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.59 IMPROPER CONTROL OF RESOURCE IDENTIFIERS (‘RESOURCE INJECTION’) CWE-99 In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave(). CVE-2023-52784 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.60 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe(). CVE-2023-52789 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.61 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible. CVE-2023-52791 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.62 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlan_route_v6_outbound() helper. CVE-2023-52796 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.63 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf. CVE-2023-52799 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.64 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for db_maxag and db_agpref. CVE-2023-52804 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 3.2.65 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc. CVE-2023-52805 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 3.2.66 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream. CVE-2023-52806 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.67 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup(). CVE-2023-52809 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.68 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage. CVE-2023-52810 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.69 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET. CVE-2023-52813 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.70 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL. CVE-2023-52817 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.71 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7. CVE-2023-52818 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). 3.2.72 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga. CVE-2023-52819 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). 3.2.73 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don’t return unset power in ieee80211_get_tx_power(). CVE-2023-52832 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). 3.2.74 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound. CVE-2023-52835 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.75 IMPROPER CONTROL OF RESOURCE IDENTIFIERS (‘RESOURCE INJECTION’) CWE-99 In the Linux kernel, the following vulnerability has been resolved: locking/ww_mutex/test: Fix potential workqueue corruption. CVE-2023-52836 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.76 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe. CVE-2023-52838 has been assigned to this vulnerability. A CVSS v3.1 base score of 2.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). 3.2.77 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function(). CVE-2023-52840 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.78 IMPROPER INPUT VALIDATION CWE-20 In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header. CVE-2023-52843 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.79 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING. CVE-2023-52845 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.80 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer. CVE-2023-52847 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H). 3.2.81 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization. CVE-2023-52853 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.82 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency. CVE-2023-52855 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.83 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data. CVE-2023-52858 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2.84 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device. CVE-2023-52864 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.85 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data. CVE-2023-52865 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.86 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow. CVE-2023-52867 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.87 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow. CVE-2023-52868 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.88 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption. CVE-2023-52871 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). 3.2.89 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data. CVE-2023-52873 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.90 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data. CVE-2023-52875 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.91 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data. CVE-2023-52876 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.92 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: tracing: Have trace_event_file have ref counters. CVE-2023-52879 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.93 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent. CVE-2023-52881 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2.94 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge(). CVE-2023-52919 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.95 USE AFTER FREE CWE-416 A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. CVE-2024-0193 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.96 USE AFTER FREE CWE-416 A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak. CVE-2024-0584 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.97 MISSING WRITE PROTECTION FOR PARAMETRIC DATA VALUES CWE-1314 An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2024-0646 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.98 NULL POINTER DEREFERENCE CWE-476 A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. CVE-2024-0841 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.99 USE AFTER FREE CWE-416 A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. CVE-2024-1086 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.100 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc. CVE-2024-26581 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.101 OUT-OF-BOUNDS READ CWE-125 In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions. CVE-2024-26593 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). 3.2.102 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache. CVE-2024-26598 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.103 NULL POINTER DEREFERENCE CWE-476 In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP. CVE-2024-26600 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.104 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved:sched/membarrier: reduce the ability to hammer on sys_membarrier. CVE-2024-26602 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.105 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work. CVE-2024-26606 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.106 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump. CVE-2024-26615 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.107 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time. CVE-2024-26625 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.108 MISSING INITIALIZATION OF A VARIABLE CWE-456 In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. CVE-2024-26635 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.109 IMPROPER RESOURCE LOCKING CWE-413 In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes. CVE-2024-26636 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.110 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map. CVE-2024-26645 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.111 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add(). CVE-2024-26663 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.112 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds memory access. CVE-2024-26664 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.113 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race. CVE-2024-26671 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.114 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations. CVE-2024-26673 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.115 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K. CVE-2024-26675 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.116 IMPROPER RESOURCE LOCKING CWE-413 In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error(). CVE-2024-26679 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.117 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels. CVE-2024-26684 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.118 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write. CVE-2024-26685 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.119 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super. CVE-2024-26688 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.120 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers(). CVE-2024-26696 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.121 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes. CVE-2024-26697 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.122 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC. CVE-2024-26702 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.123 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len. CVE-2024-26704 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.124 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(). CVE-2024-26720 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.125 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work(). CVE-2024-26722 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.126 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref. CVE-2024-26735 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.127 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status(). CVE-2024-26736 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.128 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet. CVE-2024-26748 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.129 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable(). CVE-2024-26749 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.130 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiod_lookup_table. CVE-2024-26751 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.131 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data. CVE-2024-26752 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.132 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp(). CVE-2024-26754 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.133 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don’t modify the data when using authenticated encryption. CVE-2024-26763 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.134 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio. CVE-2024-26764 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.135 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error. CVE-2024-26766 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.136 IMPROPER RESOURCE LOCKING CWE-413 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal(). Places the logic for checking if the group’s block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a corrupted block bitmap. CVE-2024-26772 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.137 IMPROPER RESOURCE LOCKING CWE-413 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found(). CVE-2024-26773 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.138 DIVIDE BY ZERO CWE-369 In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero. CVE-2024-26777 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.139 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero. CVE-2024-26778 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.140 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit. CVE-2024-26779 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.141 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization. CVE-2024-26788 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.142 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read. CVE-2024-26790 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.143 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names. CVE-2024-26791 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.144 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink(). CVE-2024-26793 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.145 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset. CVE-2024-26801 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.146 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth. CVE-2024-26804 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.147 USE AFTER FREE CWE-416 In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in skb_datagram_iter. CVE-2024-26805 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.148 TRANSMISSION OF PRIVATE RESOURCES INTO A NEW SPHERE (‘RESOURCE LEAK’) CWE-402 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup. CVE-2024-26825 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.149 INCOMPLETE CLEANUP CWE-459 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure. CVE-2024-26835 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.150 TRANSMISSION OF PRIVATE RESOURCES INTO A NEW SPHERE (‘RESOURCE LEAK’) CWE-402 In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return. CVE-2024-26839 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 3.2.151 TRANSMISSION OF PRIVATE RESOURCES INTO A NEW SPHERE (‘RESOURCE LEAK’) CWE-402 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache(). CVE-2024-26840 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.152 IMPROPER CONTROL OF RESOURCE IDENTIFIERS (‘RESOURCE INJECTION’) CWE-99 In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling. CVE-2024-26845 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 3.2.153 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation. CVE-2024-26910 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.154 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs. CVE-2024-27405 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2.155 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change. CVE-2024-27410 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.156 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ. CVE-2024-27412 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.157 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size. CVE-2024-27413 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.158 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back. CVE-2024-27414 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.159 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST. CVE-2024-27416 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.160 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential “struct net” leak in inet6_rtm_getaddr(). CVE-2024-27417 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.161 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA. CVE-2024-35833 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.162 DOUBLE FREE CWE-415 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups. CVE-2024-35835 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.163 IMPROPER LOCKING CWE-667 In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING. CVE-2024-39476 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER Siemens ProductCERT reported these vulnerabilities to CISA.
  4. MITIGATIONS Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk: All affected products: Update to V3.1 or later version As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals. Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage For more information see the associated Siemens security advisory SSA-613116 in HTML and CSAF. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
  5. UPDATE HISTORY August 14, 2025: Initial Republication of Siemens ProductCERT SSA-613116
us-cert
Open in Source
#vulnerability#web#mac#apple#linux#dos#git#rce#perl#samba#buffer_overflow#auth#rpm#wifi#ssl

us-cert: Latest News

Siemens SINEC OS
us-cert