Skip to content

Commit

Permalink
generated content from 2024-02-28
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Feb 28, 2024
1 parent 03d959b commit fb5aa17
Show file tree
Hide file tree
Showing 169 changed files with 3,864 additions and 0 deletions.
168 changes: 168 additions & 0 deletions mapping.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226423,3 +226423,171 @@ vulnerability,CVE-2024-25751,vulnerability--76229942-aa26-40df-9e3e-74b0bcb78264
vulnerability,CVE-2024-25767,vulnerability--1ff84dad-5237-4531-8c8a-ead1cb51d0a6
vulnerability,CVE-2021-46906,vulnerability--ddc72c06-1d11-43cd-9084-b8755375d357
vulnerability,CVE-2020-36775,vulnerability--3353fc1d-105e-460c-a8a0-5d28beacafdc
vulnerability,CVE-2023-5993,vulnerability--be91ba3a-b53e-4e31-b324-9d513b06865b
vulnerability,CVE-2023-48681,vulnerability--81a8d247-f43e-46de-817a-a4ed899ba6d1
vulnerability,CVE-2023-48679,vulnerability--b29c6a4b-d71d-4f4e-a162-31587376c981
vulnerability,CVE-2023-48678,vulnerability--9b137581-46a8-4d7b-8397-6bfbbbffb434
vulnerability,CVE-2023-48682,vulnerability--9ad969a1-cfaf-464d-958b-745c00557dc5
vulnerability,CVE-2023-48680,vulnerability--e9818b71-3a91-4098-98a1-308bd84e09b3
vulnerability,CVE-2023-7115,vulnerability--fafee25f-bda9-43f2-b923-b455d316ba72
vulnerability,CVE-2023-7016,vulnerability--420e51a7-2260-4c56-b19a-9881d8ecedb7
vulnerability,CVE-2023-7202,vulnerability--d988d363-62db-4001-a01b-5d02a86256ec
vulnerability,CVE-2023-7198,vulnerability--4aa2084e-8389-4d4d-8cbc-6b424195c71b
vulnerability,CVE-2023-7033,vulnerability--46205d8b-8569-48f8-ad9a-6fa040805e7d
vulnerability,CVE-2023-7203,vulnerability--718ef7ec-ffd4-4c33-836e-edcaabd8c46d
vulnerability,CVE-2023-7165,vulnerability--dd6468be-a2e8-4fe5-82b4-1d2fdd90c810
vulnerability,CVE-2023-7167,vulnerability--7db3ed15-c235-478b-a01c-80fce0517d77
vulnerability,CVE-2023-41506,vulnerability--b7611655-a9c2-4319-afd5-55e2ba90a338
vulnerability,CVE-2023-6584,vulnerability--945bc0e6-db0d-4df7-8931-c08ea13edc3b
vulnerability,CVE-2023-6585,vulnerability--1f34cf21-f1c4-46ff-93b7-2561f43373df
vulnerability,CVE-2023-51747,vulnerability--2898014e-10d6-4a76-a5ae-a323ae41ad95
vulnerability,CVE-2023-51518,vulnerability--5646dac2-f997-4ea4-9a8d-596d00e5a014
vulnerability,CVE-2023-50380,vulnerability--ad3d88dd-7405-4fa7-8b89-187cf1b97085
vulnerability,CVE-2023-50379,vulnerability--27318d2a-9294-4e17-bf17-1fdb9447b802
vulnerability,CVE-2024-22251,vulnerability--45ff5879-3409-4a98-8d2b-1ee12ebaf5e6
vulnerability,CVE-2024-22544,vulnerability--51bca6f5-19b5-408c-8682-4e3a3197f83e
vulnerability,CVE-2024-22917,vulnerability--cd960c51-fec4-4c42-aa0e-2ca31c0d3f15
vulnerability,CVE-2024-22543,vulnerability--637e1240-5258-45e7-9794-7702c1efbf50
vulnerability,CVE-2024-1918,vulnerability--775ef7ec-7a37-40e5-8077-08883b502b15
vulnerability,CVE-2024-1653,vulnerability--714f72ae-53b4-4831-96d4-f51227ac0def
vulnerability,CVE-2024-1927,vulnerability--1c25657d-2c63-4e40-b8c7-85b004d029fd
vulnerability,CVE-2024-1921,vulnerability--388931ae-905f-48b6-b9f2-bbe187ab8801
vulnerability,CVE-2024-1923,vulnerability--77af5035-3f04-4cd3-8d6d-b711e63801a6
vulnerability,CVE-2024-1925,vulnerability--165ba2a2-f653-4a8c-acb1-19691d4b9a24
vulnerability,CVE-2024-1649,vulnerability--bd99ba15-5ebd-441e-9f7f-25863e4bceac
vulnerability,CVE-2024-1323,vulnerability--71d909d6-3538-4a94-9bf5-c192f251c933
vulnerability,CVE-2024-1926,vulnerability--cbb35392-decf-4699-83a6-ad5fc17f80da
vulnerability,CVE-2024-1650,vulnerability--70118877-760d-4ad2-b27f-0b4fa880afd2
vulnerability,CVE-2024-1906,vulnerability--805eac10-73c1-40cc-92c0-0ef3dc4d301f
vulnerability,CVE-2024-1909,vulnerability--1f5cada1-1fd0-488a-9083-f620e89dfb56
vulnerability,CVE-2024-1652,vulnerability--b3b3cbc7-e25e-43a7-9f20-943b2bffc9ad
vulnerability,CVE-2024-1687,vulnerability--47937f6d-33e8-4be9-b063-c1f9fc99a88c
vulnerability,CVE-2024-1722,vulnerability--f9feaaf2-b791-41b2-a35f-2267198603fd
vulnerability,CVE-2024-1686,vulnerability--0f9d998f-607a-40db-8e96-7a0b74e09bc0
vulnerability,CVE-2024-1922,vulnerability--487250b3-7ce3-48ad-be0c-c67e7aae7d99
vulnerability,CVE-2024-1907,vulnerability--1e3df7ef-853b-4e67-8c9f-d9eb129ba4ff
vulnerability,CVE-2024-1919,vulnerability--6e2109fd-3996-4c29-a458-8602241106ae
vulnerability,CVE-2024-1920,vulnerability--4216b602-4791-4b26-a7b9-cbc8aec663ba
vulnerability,CVE-2024-1910,vulnerability--a96080d8-2a08-4290-aaf4-5788fe940daf
vulnerability,CVE-2024-1106,vulnerability--776b5429-21d8-4a7a-9778-983820a96201
vulnerability,CVE-2024-1912,vulnerability--5c3c70ec-81d4-461a-aedd-c96d34e0b344
vulnerability,CVE-2024-1403,vulnerability--a722d267-aaf9-4e53-aa1f-ede9fd658200
vulnerability,CVE-2024-1698,vulnerability--98a0acd8-f68a-482b-a768-91e8c1131759
vulnerability,CVE-2024-1928,vulnerability--c6821f5a-b670-4916-8d7c-ff8bcf587ed9
vulnerability,CVE-2024-1924,vulnerability--be2629cd-8447-4014-b88e-55ad5d92d8dc
vulnerability,CVE-2024-26301,vulnerability--b301e714-240e-4c29-bbb7-437897286b31
vulnerability,CVE-2024-26294,vulnerability--ce4461db-b0e6-43bb-9974-e80c0fbf768e
vulnerability,CVE-2024-26297,vulnerability--0941c3d8-d3b8-4738-81d8-7166edd3a1bb
vulnerability,CVE-2024-26142,vulnerability--af6759c7-eb35-4fed-97b1-a1ade52e881b
vulnerability,CVE-2024-26143,vulnerability--aa19bf93-9c1c-42fd-9d77-0d620d974815
vulnerability,CVE-2024-26470,vulnerability--87ceec53-ffd3-4b77-b265-9002200766e3
vulnerability,CVE-2024-26298,vulnerability--1a60774f-f50b-4eff-9567-36a597463eff
vulnerability,CVE-2024-26472,vulnerability--7cbec04c-b993-420f-bfe1-2e32202762fe
vulnerability,CVE-2024-26302,vulnerability--577d38ba-4c52-4365-8346-b71259ccdae7
vulnerability,CVE-2024-26300,vulnerability--b07397bf-3d83-4729-8648-d29d9a384c5c
vulnerability,CVE-2024-26144,vulnerability--4cafb103-807b-43ba-a79c-9320fc801da1
vulnerability,CVE-2024-26542,vulnerability--a445601e-bcf0-459d-8fa7-ae01836d6371
vulnerability,CVE-2024-26295,vulnerability--acf9dbcb-71e3-4d22-806a-24deae3d4483
vulnerability,CVE-2024-26299,vulnerability--3150b5d2-d294-47c9-8b39-1d2886f4365d
vulnerability,CVE-2024-26464,vulnerability--4d1190d0-3754-4e0e-9c81-56f81f0ff672
vulnerability,CVE-2024-26296,vulnerability--14202597-b05f-4f8d-86a2-7d02efbbd9b4
vulnerability,CVE-2024-26473,vulnerability--fc1d41d6-5e6b-4fd3-af88-e8241e51e666
vulnerability,CVE-2024-26471,vulnerability--a4cf6557-58b0-4cee-bfab-052ece7a34aa
vulnerability,CVE-2024-27905,vulnerability--9f3eaf49-2f5b-4981-a0ea-6cde61d9dc82
vulnerability,CVE-2024-27507,vulnerability--a2ad04d2-adb1-4b31-a166-ef02fa5fa24b
vulnerability,CVE-2024-27099,vulnerability--91500f0e-f4ca-4102-b3f0-422d77984a8e
vulnerability,CVE-2024-27356,vulnerability--445ebf0d-226d-4e22-acf6-b1d094c9820e
vulnerability,CVE-2024-27508,vulnerability--053c3fb9-8312-4f5b-bc8b-2af1f9e2f606
vulnerability,CVE-2024-0819,vulnerability--8815632e-9721-4046-bb46-e39d231dd291
vulnerability,CVE-2024-0197,vulnerability--1b3a3c60-1431-4121-a2cc-3871f16766bf
vulnerability,CVE-2024-0855,vulnerability--2a944f69-eac3-4ec1-b93d-2d9361ac7a58
vulnerability,CVE-2024-0551,vulnerability--21888e0a-8804-4bc6-bd66-c381b444db5c
vulnerability,CVE-2024-0759,vulnerability--23007887-4536-4a64-ad9b-54d9ecc412a7
vulnerability,CVE-2024-0763,vulnerability--1973c269-9070-4b2f-b006-e6d66d9343da
vulnerability,CVE-2024-24100,vulnerability--168689d0-86f1-4b1b-8097-e2174479b4c3
vulnerability,CVE-2024-24323,vulnerability--0b4ae33f-2e37-48b7-a413-f2acfcb56be1
vulnerability,CVE-2024-24095,vulnerability--75a4e8d2-38cb-4f75-95ee-e9c2097126a1
vulnerability,CVE-2024-24027,vulnerability--43384625-bd27-440f-88ca-0ce51e30f539
vulnerability,CVE-2024-24096,vulnerability--632aeb5d-36d1-4505-b3e4-e4ddb0e196ba
vulnerability,CVE-2024-24099,vulnerability--2eae8704-ef23-4818-af2e-eb6ad8b07b9a
vulnerability,CVE-2024-24720,vulnerability--095795ab-42da-4640-b5a2-1be6482a26d8
vulnerability,CVE-2024-21742,vulnerability--023a78a5-2f6d-4208-b82e-ffb0731b7934
vulnerability,CVE-2024-25840,vulnerability--6788bb2e-5f83-4f93-a563-2cf9c009854e
vulnerability,CVE-2024-25166,vulnerability--c031a9d6-437c-4306-b99c-a85e02b0e428
vulnerability,CVE-2024-25398,vulnerability--b0fdb915-ab4c-446b-bc7a-e9553be13622
vulnerability,CVE-2024-25843,vulnerability--d6a1fccd-3730-44ea-a230-6fdffc1bfa23
vulnerability,CVE-2024-25841,vulnerability--e6d85037-64b7-4fe9-8588-7a3fc71c709c
vulnerability,CVE-2024-25723,vulnerability--ac2fe199-ff67-4530-9c6f-ae5bdc006a7a
vulnerability,CVE-2024-25846,vulnerability--625b273b-6cdf-4f34-91f9-15b18fcb2879
vulnerability,CVE-2024-25399,vulnerability--87044afe-7838-475a-b4df-8baa6432121b
vulnerability,CVE-2024-25400,vulnerability--f95ed59d-598f-4ec9-9200-503c69f62b29
vulnerability,CVE-2021-46965,vulnerability--1aaf48a5-0a0d-443e-940f-d531bebcb676
vulnerability,CVE-2021-46947,vulnerability--47a98c9b-ab99-4e49-935c-9b17e2d1b029
vulnerability,CVE-2021-46926,vulnerability--60abdbd7-3098-4471-aaf9-2e1f6043f5a2
vulnerability,CVE-2021-46908,vulnerability--1a06796e-e220-4f81-bde2-62cbb9037e5b
vulnerability,CVE-2021-46954,vulnerability--4f6addbb-0f47-4710-a9e9-d02e569c2eb5
vulnerability,CVE-2021-46920,vulnerability--47796629-3935-4c60-a4d4-267fee578bd9
vulnerability,CVE-2021-46923,vulnerability--2d680f69-4d7a-4257-8eab-409b95762c63
vulnerability,CVE-2021-46955,vulnerability--95e72412-6463-49eb-ac6a-d42128da1c46
vulnerability,CVE-2021-46957,vulnerability--4a768f61-0272-42d8-81d9-dd958ec84dc2
vulnerability,CVE-2021-46945,vulnerability--2b64b38d-39ec-407b-a033-b9ea8f289162
vulnerability,CVE-2021-46964,vulnerability--57140b87-972b-483f-aeb2-c439bc35004f
vulnerability,CVE-2021-46962,vulnerability--92450d32-0136-4061-b869-b59fcfe77655
vulnerability,CVE-2021-46953,vulnerability--4abe7dbc-6987-45c8-a2e8-4bbebf604d60
vulnerability,CVE-2021-46948,vulnerability--8654cd3b-9d46-4461-840d-7c4a33ebbdcc
vulnerability,CVE-2021-46914,vulnerability--fcab332e-2786-4e2b-acb6-036851fd2a57
vulnerability,CVE-2021-46924,vulnerability--6fc055df-9406-4fd1-a58c-7dbf41fba1e2
vulnerability,CVE-2021-46970,vulnerability--0abda760-0fcf-4c75-9833-77c6a853f6d7
vulnerability,CVE-2021-46951,vulnerability--15e0d118-fec7-42ae-adfa-9e4bd5b662bb
vulnerability,CVE-2021-46963,vulnerability--b00b4987-8f75-4b6a-b042-9baba3a1633b
vulnerability,CVE-2021-46907,vulnerability--05fb6b97-4deb-409c-bd82-e3eadaae7aa0
vulnerability,CVE-2021-46971,vulnerability--27348969-6c89-40e4-82ae-e0901b3391ce
vulnerability,CVE-2021-46913,vulnerability--9b15f13d-18fd-4231-b088-03e1b2db937f
vulnerability,CVE-2021-46949,vulnerability--7bd5cfc6-e531-49d5-abe2-6696d3156dcc
vulnerability,CVE-2021-46969,vulnerability--38e6ccc7-a34e-45ea-a532-03522ba0003d
vulnerability,CVE-2021-46925,vulnerability--8f28c81f-deb2-46b2-a229-0edffb19d262
vulnerability,CVE-2021-46930,vulnerability--7e1ff11c-a5ab-4020-b964-10c86cbd8ee0
vulnerability,CVE-2021-46916,vulnerability--e4463f3f-7e9e-4007-93d4-c133bb27b4fb
vulnerability,CVE-2021-46939,vulnerability--4354c769-0dd9-4373-9582-90a97cf8c492
vulnerability,CVE-2021-46975,vulnerability--78076842-2699-4927-bc69-0e03805ddc97
vulnerability,CVE-2021-46936,vulnerability--edee0513-de9c-48fd-851c-9e202bafceb1
vulnerability,CVE-2021-46927,vulnerability--96120a7d-cee5-4354-8028-4c1d36e09524
vulnerability,CVE-2021-46950,vulnerability--bf7c26fd-6781-47b2-9d65-46cdfeeed55e
vulnerability,CVE-2021-46967,vulnerability--22d77842-7fb7-466c-a5c7-dcfbb1dfbe6e
vulnerability,CVE-2021-46921,vulnerability--9774af0c-8535-473b-bc1b-e692379c76c3
vulnerability,CVE-2021-46929,vulnerability--c735ea93-4ca2-42cc-a568-bb09ee41bc5e
vulnerability,CVE-2021-46909,vulnerability--9f11f1bc-4332-439f-8117-5ba1274891e6
vulnerability,CVE-2021-46972,vulnerability--acd58dca-9724-4b71-aea2-983303348a5f
vulnerability,CVE-2021-46917,vulnerability--714d413e-a648-47d5-9e49-13b23a85adb8
vulnerability,CVE-2021-46961,vulnerability--87ab38d0-9e7b-47be-8f06-866cbc7e942f
vulnerability,CVE-2021-46941,vulnerability--54c40a82-6354-49b6-8cd0-791d23ee9cfc
vulnerability,CVE-2021-46935,vulnerability--06143ef6-8b10-482b-bb92-deff5f73b491
vulnerability,CVE-2021-46911,vulnerability--c0850ce3-5e50-4c01-a332-c7c771994684
vulnerability,CVE-2021-46919,vulnerability--ebf2abfd-65fd-4e4d-8083-9b47c4d9e1db
vulnerability,CVE-2021-46956,vulnerability--198bcb76-c6c7-490c-a0e7-d1c82eed9567
vulnerability,CVE-2021-46922,vulnerability--3c1d151e-b750-4a9b-b9eb-4b19cfd4be41
vulnerability,CVE-2021-46942,vulnerability--0d9f3337-8cad-419b-8795-c4e92ac5a0ab
vulnerability,CVE-2021-46973,vulnerability--f6eae48f-ee6c-4118-a3dc-93a24e89e8c8
vulnerability,CVE-2021-46943,vulnerability--946764b8-2773-4793-8430-47ab70f6f8ac
vulnerability,CVE-2021-46940,vulnerability--edce597d-3dba-4343-ab04-39996bde51ea
vulnerability,CVE-2021-46912,vulnerability--bf02e141-2d40-44da-8e98-defca0df77d9
vulnerability,CVE-2021-46946,vulnerability--cee18e98-bd65-4666-be58-f3ad99d06bdd
vulnerability,CVE-2021-46910,vulnerability--a4ea6d1d-9e4f-4980-add5-2d74e5b43b1a
vulnerability,CVE-2021-46960,vulnerability--f0150b57-5492-4d99-ba0f-f45b86dc9b32
vulnerability,CVE-2021-46928,vulnerability--d8177950-b744-47e7-9335-22347485f2a5
vulnerability,CVE-2021-46944,vulnerability--f1b1fa7e-bff4-4ed9-8be7-a6a673a9f2ad
vulnerability,CVE-2021-46915,vulnerability--75eb644a-57cb-44b8-aca6-803b27dc257b
vulnerability,CVE-2021-46938,vulnerability--061f0ee5-aeeb-4254-bb66-7b650651628f
vulnerability,CVE-2021-46958,vulnerability--13a841e3-4df8-498f-aa45-d058eade2287
vulnerability,CVE-2021-46966,vulnerability--238fc76f-524b-48a7-9cef-ff48444bd839
vulnerability,CVE-2021-46932,vulnerability--a7f80d04-4dce-40d0-89d5-8e755649d0c5
vulnerability,CVE-2021-46937,vulnerability--71527f4c-45fd-4b61-b098-ef2890917a53
vulnerability,CVE-2021-46933,vulnerability--b2c5dd7f-c946-488a-894e-2665418c961e
vulnerability,CVE-2021-46968,vulnerability--20f9c041-c2c4-471a-80cc-ae6fe2453211
vulnerability,CVE-2021-46931,vulnerability--a565ead3-d249-422f-a29c-5d38f95e320d
vulnerability,CVE-2021-46934,vulnerability--534fb5f9-ab32-4c7e-9c09-b1c0cacfccf0
vulnerability,CVE-2021-46952,vulnerability--cc95c970-65ef-4e9c-8335-de97a4b877ed
vulnerability,CVE-2021-46918,vulnerability--124515ca-bbff-4997-95a8-603f07519ae2
vulnerability,CVE-2021-46974,vulnerability--3291f551-7ef5-4b93-a3bb-0d24a71e0901
vulnerability,CVE-2020-36777,vulnerability--1781bb17-f914-43db-bc0b-6c57730f6c82
vulnerability,CVE-2020-36776,vulnerability--e62ca37b-d67e-41e9-b9eb-55e14ce58e7f
22 changes: 22 additions & 0 deletions objects/vulnerability/vulnerability--023a78a5-2f6d-4208-b82e-ffb0731b7934.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"type": "bundle",
"id": "bundle--1c7a6b5d-7b02-4b7c-aa50-345a884073df",
"objects": [
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--023a78a5-2f6d-4208-b82e-ffb0731b7934",
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
"created": "2024-02-28T00:26:36.631567Z",
"modified": "2024-02-28T00:26:36.631567Z",
"name": "CVE-2024-21742",
"description": "Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2024-21742"
}
]
}
]
}
22 changes: 22 additions & 0 deletions objects/vulnerability/vulnerability--053c3fb9-8312-4f5b-bc8b-2af1f9e2f606.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"type": "bundle",
"id": "bundle--365fe17d-a05f-4dcd-be4b-71a9c670b0da",
"objects": [
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--053c3fb9-8312-4f5b-bc8b-2af1f9e2f606",
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
"created": "2024-02-28T00:26:36.493697Z",
"modified": "2024-02-28T00:26:36.493697Z",
"name": "CVE-2024-27508",
"description": "Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2024-27508"
}
]
}
]
}
22 changes: 22 additions & 0 deletions objects/vulnerability/vulnerability--05fb6b97-4deb-409c-bd82-e3eadaae7aa0.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"type": "bundle",
"id": "bundle--444067c9-7fd9-4253-b818-40a3bd350b99",
"objects": [
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--05fb6b97-4deb-409c-bd82-e3eadaae7aa0",
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
"created": "2024-02-28T00:26:38.486174Z",
"modified": "2024-02-28T00:26:38.486174Z",
"name": "CVE-2021-46907",
"description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Don't use vcpu->run->internal.ndata as an array index\n\n__vmx_handle_exit() uses vcpu->run->internal.ndata as an index for\nan array access. Since vcpu->run is (can be) mapped to a user address\nspace with a writer permission, the 'ndata' could be updated by the\nuser process at anytime (the user process can set it to outside the\nbounds of the array).\nSo, it is not safe that __vmx_handle_exit() uses the 'ndata' that way.",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2021-46907"
}
]
}
]
}
22 changes: 22 additions & 0 deletions objects/vulnerability/vulnerability--06143ef6-8b10-482b-bb92-deff5f73b491.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"type": "bundle",
"id": "bundle--f6c0e128-7e14-47d3-8865-80a0dcdea4a6",
"objects": [
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--06143ef6-8b10-482b-bb92-deff5f73b491",
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
"created": "2024-02-28T00:26:38.52207Z",
"modified": "2024-02-28T00:26:38.52207Z",
"name": "CVE-2021-46935",
"description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads < 8 bytes.",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2021-46935"
}
]
}
]
}
Loading

0 comments on commit fb5aa17

Please sign in to comment.