search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2024-0646 - c2cddd50 #4538

Open witchcraze opened 2 weeks ago

witchcraze commented 2 weeks ago

[CVE Configuration Update Request] Update Suggestion - CVE-2024-0646 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-0646 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-0646.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-0646.json

- CVE-2024-0646
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.208
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.147
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.267
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.69
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.7
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.208
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.147
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.267
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.69
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.7
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7
- Reference (Commit)
  - net: tls, update curr on splice as well
    - Fixed by
      - 5.10.208 (c6b2a6b827d4b2d0f36b520e54e083df9b330a7b)
      - 5.15.147 (ba5efd8544fa62ae85daeb36077468bf2ce974ab)
      - 5.4.267 (c67bf30baf261b467988fd40668bc893b71586b9)
      - 6.1.69 (9b3d3a7f3c4d710c1dd3f723851c3eeaf42642bc)
      - 6.6.7 (eb30a025982f61910f32e99778db3c0ceceaff5c)
      - 6.7 (c5a595000e2677e865a39f249c056bc05d6e55fd) (upstream)
    - Will be introduced by
      - 4.20 (d829e9c4112b)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2024-0646 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:redhat:enterprise_linux:9.0
cpe:/o:redhat:enterprise_linux:8.0
cpe:/o:linux:linux_kernel:6.7:rc4
cpe:/o:linux:linux_kernel:6.7:rc3
cpe:/o:linux:linux_kernel:6.7:rc2
cpe:/o:linux:linux_kernel:6.7:rc1
cpe:/o:linux:linux_kernel 6.7
witchcraze commented 2 weeks ago 
- CVE-2024-0646
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.267
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.208
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.147
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.69
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.7
- Reference
  - https://ubuntu.com/security/CVE-2024-0646
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.267
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.208
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.147
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.69
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.7
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.20
- Reference (Commit)
  - net: tls, update curr on splice as well
    - Fixed by
      - 5.4.267 (c67bf30baf261b467988fd40668bc893b71586b9)
      - 5.10.208 (c6b2a6b827d4b2d0f36b520e54e083df9b330a7b)
      - 5.15.147 (ba5efd8544fa62ae85daeb36077468bf2ce974ab)
      - 6.1.69 (9b3d3a7f3c4d710c1dd3f723851c3eeaf42642bc)
      - 6.6.7 (eb30a025982f61910f32e99778db3c0ceceaff5c)
      - 6.7 (c5a595000e2677e865a39f249c056bc05d6e55fd) (upstream)
    - Will be introduced by
      - 4.20 (d829e9c4112b)
- I Checked
  - From ubuntu page
    - Introduced by d829e9c4112b52f4f00195900fd4c685f61365ab Fixed by c5a595000e2677e865a39f249c056bc05d6e55fd
  - c5a595000e2677e865a39f249c056bc05d6e55fd is written as upstream commit in each ChangeLog
  - d829e9c4112b52f4f00195900fd4c685f61365ab is written in ChangeLog-4.20