search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2024-26581 - f7799e94 #5161

Open witchcraze opened 2 weeks ago

witchcraze commented 2 weeks ago

[CVE Configuration Update Request] Update Suggestion - CVE-2024-26581 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-26581 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-26581.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-26581.json

- CVE-2024-26581
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.316
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.210
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.149
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.269
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.78
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.17
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.5
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.316
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.210
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.149
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.269
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.78
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.17
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.5
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
- Reference (Commit)
  - netfilter: nft_set_rbtree: skip end interval element from gc
    - Fixed by
      - 4.19.316 (c60d252949caf9aba537525195edae6bbabc35eb)
      - 5.10.210 (4cee42fcf54fec46b344681e7cc4f234bb22f85a)
      - 5.15.149 (2bab493a5624444ec6e648ad0d55a362bcb4c003)
      - 5.4.269 (10e9cb39313627f2eae4cd70c4b742074e998fd8)
      - 6.1.78 (1296c110c5a0b45a8fcf58e7d18bc5da61a565cb)
      - 6.6.17 (b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7)
      - 6.7.5 (6eb14441f10602fa1cf691da9d685718b68b78a9)
      - 6.8 (60c0c230c6f046da536d3df8b39a20b9a9fd6af0) (upstream)
    - Will be introduced by
      - 4.19.316 (8284a79136c3)
      - 5.10.190 (893cb3c3513c)
      - 5.15.124 (50cbb9d195c1)
      - 5.4.262 (acaee227cf79)
      - 6.1.43 (89a4d1a89751)
      - 6.4.8 (cd6673393239)
      - 6.5 (f718863aca46)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2024-26581 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 5.4.269
cpe:/o:linux:linux_kernel 5.11.0 5.15.149
cpe:/o:linux:linux_kernel 5.16.0 6.1.78
cpe:/o:linux:linux_kernel 5.5.0 5.10.210
cpe:/o:linux:linux_kernel 6.2.0 6.6.17
cpe:/o:linux:linux_kernel 6.7.0 6.7.5