-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
GSD-automation
committed
Apr 15, 2024
1 parent
53d559d
commit 2e8eee7
Showing
103 changed files
with
5,095 additions
and
126 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -261,7 +261,7 @@ | |
| } | ||
| ], | ||
| "id": "CVE-2024-1488", | ||
| "lastModified": "2024-04-11T12:15:07.933", | ||
| "lastModified": "2024-04-15T04:15:14.577", | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
|
|
@@ -300,6 +300,18 @@ | |
| "source": "[email protected]", | ||
| "url": "https://access.redhat.com/errata/RHSA-2024:1780" | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "url": "https://access.redhat.com/errata/RHSA-2024:1801" | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "url": "https://access.redhat.com/errata/RHSA-2024:1802" | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "url": "https://access.redhat.com/errata/RHSA-2024:1804" | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2024-1488" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,6 +33,63 @@ | |
| } | ||
| ] | ||
| } | ||
| }, | ||
| "nvd.nist.gov": { | ||
| "cve": { | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request." | ||
| } | ||
| ], | ||
| "id": "CVE-2024-1655", | ||
| "lastModified": "2024-04-15T04:15:14.723", | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "cvssData": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 8.8, | ||
| "baseSeverity": "HIGH", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", | ||
| "version": "3.1" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 5.9, | ||
| "source": "[email protected]", | ||
| "type": "Secondary" | ||
| } | ||
| ] | ||
| }, | ||
| "published": "2024-04-15T04:15:14.723", | ||
| "references": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "url": "https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html" | ||
| } | ||
| ], | ||
| "sourceIdentifier": "[email protected]", | ||
| "vulnStatus": "Received", | ||
| "weaknesses": [ | ||
| { | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-78" | ||
| } | ||
| ], | ||
| "source": "[email protected]", | ||
| "type": "Primary" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,6 +10,7 @@ | |
| "aliases": [ | ||
| "CVE-2024-24862" | ||
| ], | ||
| "details": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus->spi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n", | ||
| "id": "GSD-2024-24862", | ||
| "modified": "2024-02-02T06:02:55.482923Z", | ||
| "schema_version": "1.4.0" | ||
|
|
@@ -18,18 +19,169 @@ | |
| "namespaces": { | ||
| "cve.org": { | ||
| "CVE_data_meta": { | ||
| "ASSIGNER": "cve@mitre.org", | ||
| "ASSIGNER": "security@openanolis.org", | ||
| "ID": "CVE-2024-24862", | ||
| "STATE": "RESERVED" | ||
| "STATE": "PUBLIC" | ||
| }, | ||
| "affects": { | ||
| "vendor": { | ||
| "vendor_data": [ | ||
| { | ||
| "product": { | ||
| "product_data": [ | ||
| { | ||
| "product_name": "Linux kernel", | ||
| "version": { | ||
| "version_data": [ | ||
| { | ||
| "version_affected": "<", | ||
| "version_name": "v6.2", | ||
| "version_value": "v6.9-rc3" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| "vendor_name": "Linux" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "\u5218\u6000\u8fdc <[email protected]>" | ||
| }, | ||
| { | ||
| "lang": "en", | ||
| "value": "\u767d\u5bb6\u9a79 <[email protected]>" | ||
| } | ||
| ], | ||
| "data_format": "MITRE", | ||
| "data_type": "CVE", | ||
| "data_version": "4.0", | ||
| "description": { | ||
| "description_data": [ | ||
| { | ||
| "lang": "eng", | ||
| "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." | ||
| "value": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus->spi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n" | ||
| } | ||
| ] | ||
| }, | ||
| "generator": { | ||
| "engine": "Vulnogram 0.1.0-dev" | ||
| }, | ||
| "impact": { | ||
| "cvss": [ | ||
| { | ||
| "attackComplexity": "HIGH", | ||
| "attackVector": "LOCAL", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 5.3, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "CHANGED", | ||
| "userInteraction": "REQUIRED", | ||
| "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", | ||
| "version": "3.1" | ||
| } | ||
| ] | ||
| }, | ||
| "problemtype": { | ||
| "problemtype_data": [ | ||
| { | ||
| "description": [ | ||
| { | ||
| "cweId": "CWE-476", | ||
| "lang": "eng", | ||
| "value": "CWE-476 NULL Pointer Dereference" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| "references": { | ||
| "reference_data": [ | ||
| { | ||
| "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748", | ||
| "refsource": "MISC", | ||
| "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748" | ||
| } | ||
| ] | ||
| }, | ||
| "solution": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&id=1f886a7bfb3faf4c1021e73f045538008ce7634e\">https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&id=1...</a><br>" | ||
| } | ||
| ], | ||
| "value": " https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&id=1... https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/ \n" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "UNKNOWN" | ||
| } | ||
| }, | ||
| "nvd.nist.gov": { | ||
| "cve": { | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus->spi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n" | ||
| } | ||
| ], | ||
| "id": "CVE-2024-24862", | ||
| "lastModified": "2024-04-14T13:15:48.400", | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "cvssData": { | ||
| "attackComplexity": "HIGH", | ||
| "attackVector": "LOCAL", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 5.3, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "CHANGED", | ||
| "userInteraction": "REQUIRED", | ||
| "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", | ||
| "version": "3.1" | ||
| }, | ||
| "exploitabilityScore": 0.8, | ||
| "impactScore": 4.0, | ||
| "source": "[email protected]", | ||
| "type": "Secondary" | ||
| } | ||
| ] | ||
| }, | ||
| "published": "2024-04-14T13:15:48.400", | ||
| "references": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748" | ||
| } | ||
| ], | ||
| "sourceIdentifier": "[email protected]", | ||
| "vulnStatus": "Received", | ||
| "weaknesses": [ | ||
| { | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-476" | ||
| } | ||
| ], | ||
| "source": "[email protected]", | ||
| "type": "Secondary" | ||
| } | ||
| ] | ||
| } | ||
|
|
||
Oops, something went wrong.