search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2024-38577 - 257caa0b #5189

Open witchcraze opened 5 days ago

witchcraze commented 5 days ago

[CVE Configuration Update Request] Update Suggestion - CVE-2024-38577 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-38577 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-38577.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-38577.json

- CVE-2024-38577
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.226
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.167
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.93
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.10.0 up to (excluding) 6.10
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.33
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8.12
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.9.0 up to (excluding) 6.9.3
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.226
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.167
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.93
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.10
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.33
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8.12
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.9.3
- Reference (Commit)
  - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
    - Fixed by
      - 5.10.226 (17c43211d45f13d1badea3942b76bf16bcc49281)
      - 5.15.167 (af7b560c88fb420099e29890aa682b8a3efc8784)
      - 6.1.93 (08186d0c5fb64a1cc4b43e009314ee6b173ed222)
      - 6.10 (cc5645fddb0ce28492b15520306d092730dffa48) (upstream)
      - 6.6.33 (32d988f48ed287e676a29a15ac30701c35849aec)
      - 6.8.12 (6593d857ce5b5b802fb73d8091ac9c84b92c1697)
      - 6.9.3 (1a240e138071b25944ded0f5b3e357aa99fabcb7)
    - Will be introduced by
      - 5.8 (edf3775f0ad6)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2024-38577 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 5.8 6.1.93
cpe:/o:linux:linux_kernel 6.2 6.6.33
cpe:/o:linux:linux_kernel 6.7 6.8.12
cpe:/o:linux:linux_kernel 6.9 6.9.3