search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2024-0841 - 1531fc79 #4539

Open witchcraze opened 1 month ago

witchcraze commented 1 month ago

[CVE Configuration Update Request] Update Suggestion - CVE-2024-0841 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-0841 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-0841.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-0841.json

- CVE-2024-0841
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.212
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.151
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.271
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.79
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.18
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.6
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.212
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.151
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.271
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.79
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.18
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.6
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
- Reference (Commit)
  - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - Fixed by
      - 5.10.212 (80d852299987a8037be145a94f41874228f1a773)
      - 5.15.151 (22850c9950a4e43a67299755d11498f3292d02ff)
      - 5.4.271 (1dde8ef4b7a749ae1bc73617c91775631d167557)
      - 6.1.79 (2e2c07104b4904aed1389a59b25799b95a85b5b9)
      - 6.6.18 (13c5a9fb07105557a1fa9efdb4f23d7ef30b7274)
      - 6.7.6 (ec78418801ef7b0c22cd6a30145ec480dd48db39)
      - 6.8 (79d72c68c58784a3e1cd2378669d51bfd0cb7498) (upstream)
    - Will be introduced by
      - 5.1 (32021982a324)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2024-0841 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:redhat:enterprise_linux:9.0
cpe:/o:redhat:enterprise_linux:8.0
cpe:/o:linux:linux_kernel:-
witchcraze commented 1 month ago 
- CVE-2024-0841
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.1 up to (excluding) 5.4.271
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.212
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.151
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.79
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.18
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.6
- Reference
  - https://ubuntu.com/security/CVE-2024-0841
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.271
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.212
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.151
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.79
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.18
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.6
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.1
- Reference (Commit)
  - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - Fixed by
      - 5.4.271 (1dde8ef4b7a749ae1bc73617c91775631d167557)
      - 5.10.212 (80d852299987a8037be145a94f41874228f1a773)
      - 5.15.151 (22850c9950a4e43a67299755d11498f3292d02ff)
      - 6.1.79 (2e2c07104b4904aed1389a59b25799b95a85b5b9)
      - 6.6.18 (13c5a9fb07105557a1fa9efdb4f23d7ef30b7274)
      - 6.7.6 (ec78418801ef7b0c22cd6a30145ec480dd48db39)
      - 6.8 (79d72c68c58784a3e1cd2378669d51bfd0cb7498) (upstream)
    - Will be introduced by
      - 5.1 (32021982a324)
- I Checked
  - From ubuntu page
    - Introduced by 32021982a324dce93b4ae00c06213bf45fb319c8 Fixed by 79d72c68c58784a3e1cd2378669d51bfd0cb7498
  - 79d72c68c58784a3e1cd2378669d51bfd0cb7498 is written as upstream commit in each ChangeLog
  - 32021982a324dce93b4ae00c06213bf45fb319c8 is written in ChangeLog-5.1