CHK NVD : CVE-2024-22705 - f11c476e

[CVE Configuration Update Request] Update Suggestion - CVE-2024-22705 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-22705 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-22705.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-22705.json

- CVE-2024-22705
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.146
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.71
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.10
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.32
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.12
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.9.0 up to (excluding) 6.9
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.146
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.71
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.10
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.32
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.12
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.9
- Reference (Commit)
  - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
    - Fixed by
      - 5.15.146 (d739f2b6d8f57aa9377362cd8c0b1152a4dd6bd5)
      - 6.1.71 (7a3bbbadac4be9d30b45e9f1134e94294f79ce77)
      - 6.6.10 (7d5f219f1ef69f27eb8cbfb794d634fc9c4d24ac)
      - 6.6.32 (9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72)
      - 6.7 (d10c77873ba1e9e6b91905018e29e196fd5f863d)
      - 6.7.12 (3b8da67191e938a63d2736dabb4ac5d337e5de57)
      - 6.8.3 (4f97e6a9d62cb1fce82fbf4baff44b83221bc178)
      - 6.9 (a80a486d72e20bd12c335bcd38b6e6f19356b0aa) (upstream)
    - Will be introduced by
      - 5.15 (e2f34481b24d)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2024-22705	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel:6.7:rc7
cpe:/o:linux:linux_kernel:6.7:rc6
cpe:/o:linux:linux_kernel:6.7:rc5
cpe:/o:linux:linux_kernel:6.7:rc4
cpe:/o:linux:linux_kernel:6.7:rc3
cpe:/o:linux:linux_kernel:6.7:rc2
cpe:/o:linux:linux_kernel:6.7:rc1
cpe:/o:linux:linux_kernel	6.6.10

witchcraze / NVD_CHECK

CHK NVD : CVE-2024-22705 - f11c476e #5159