search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2024-0562 - bc572a47 #4534

Open witchcraze opened 5 months ago

witchcraze commented 5 months ago

[CVE Configuration Update Request] Update Suggestion - CVE-2024-0562 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-0562 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-0562.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-0562.json

- CVE-2024-0562
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.64
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.19.0 up to (excluding) 5.19.6
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.64
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.19.6
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.0
- Reference (Commit)
  - writeback: avoid use-after-free after removing device
    - Fixed by
      - 5.15.64 (f96b9f7c1676923bce871e728bb49c0dfa5013cc)
      - 5.19.6 (9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7)
      - 6.0 (f87904c075515f3e1d8f4a7115869d3b914674fd) (upstream)
    - Will be introduced by
      - 5.15 (45a2966fd641)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2024-0562 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:redhat:enterprise_linux:9.0
cpe:/o:redhat:enterprise_linux:8.0
cpe:/o:linux:linux_kernel:6.0:rc2
cpe:/o:linux:linux_kernel:6.0:rc1
cpe:/o:linux:linux_kernel 6.0
witchcraze commented 5 months ago 
- CVE-2024-0562
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15 up to (excluding) 5.15.64
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.19.6
- Reference
  - https://ubuntu.com/security/CVE-2024-0562
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.64
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.19.6
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.0
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
- Reference (Commit)
  - writeback: avoid use-after-free after removing device
    - Fixed by
      - 5.15.64 (f96b9f7c1676923bce871e728bb49c0dfa5013cc)
      - 5.19.6 (9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7)
      - 6.0 (f87904c075515f3e1d8f4a7115869d3b914674fd) (upstream)
    - Will be introduced by
      - 5.15 (45a2966fd641)
- I Checked
  - From ubuntu page
    - Introduced by 45a2966fd64147518dc5bca25f447bd0fb5359ac Fixed by f87904c075515f3e1d8f4a7115869d3b914674fd
  - f87904c075515f3e1d8f4a7115869d3b914674fd is written as upstream commit in each ChangeLog
  - 45a2966fd64147518dc5bca25f447bd0fb5359ac is written in ChangeLog-5.15
witchcraze commented 3 months ago

ちょっと違う反映になった