{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36947", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-30T15:25:07.079Z", "datePublished": "2024-05-30T15:35:44.482Z", "dateUpdated": "2024-12-19T09:02:59.751Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:02:59.751Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix dentry leak\n\nsimple_recursive_removal() drops the pinning references to all positives\nin subtree. For the cases when its argument has been kept alive by\nthe pinning alone that's exactly the right thing to do, but here\nthe argument comes from dcache lookup, that needs to be balanced by\nexplicit dput().\n\nFucked-up-by: Al Viro <[email protected]>"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/qib/qib_fs.c"], "versions": [{"version": "e41d237818598c0b17458b4d0416b091a7959e55", "lessThan": "24dd9b08df718f20ccf2dd1519909fefd8c233ee", "status": "affected", "versionType": "git"}, {"version": "e41d237818598c0b17458b4d0416b091a7959e55", "lessThan": "bd8f78c71defbcb7a9ed331e7f287507df972b00", "status": "affected", "versionType": "git"}, {"version": "e41d237818598c0b17458b4d0416b091a7959e55", "lessThan": "db71ca93259dd1078bcfea3afafde2143cfc2da7", "status": "affected", "versionType": "git"}, {"version": "e41d237818598c0b17458b4d0416b091a7959e55", "lessThan": "02ee394a5d899d9bd2f0759382e9481cab6166f8", "status": "affected", "versionType": "git"}, {"version": "e41d237818598c0b17458b4d0416b091a7959e55", "lessThan": "aa23317d0268b309bb3f0801ddd0d61813ff5afb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/qib/qib_fs.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.159", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"}, {"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"}, {"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"}, {"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"}, {"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"}], "title": "qibfs: fix dentry leak", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T16:31:52.904125Z", "id": "CVE-2024-36947", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T17:54:49.575Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.138Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.138Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-36947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T16:31:52.904125Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T16:32:02.970Z"}}], "cna": {"title": "qibfs: fix dentry leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e41d23781859", "lessThan": "24dd9b08df71", "versionType": "git"}, {"status": "affected", "version": "e41d23781859", "lessThan": "bd8f78c71def", "versionType": "git"}, {"status": "affected", "version": "e41d23781859", "lessThan": "db71ca93259d", "versionType": "git"}, {"status": "affected", "version": "e41d23781859", "lessThan": "02ee394a5d89", "versionType": "git"}, {"status": "affected", "version": "e41d23781859", "lessThan": "aa23317d0268", "versionType": "git"}], "programFiles": ["drivers/infiniband/hw/qib/qib_fs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.13"}, {"status": "unaffected", "version": "0", "lessThan": "5.13", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.159", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.91", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.31", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.10", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/infiniband/hw/qib/qib_fs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"}, {"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"}, {"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"}, {"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"}, {"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix dentry leak\n\nsimple_recursive_removal() drops the pinning references to all positives\nin subtree. For the cases when its argument has been kept alive by\nthe pinning alone that's exactly the right thing to do, but here\nthe argument comes from dcache lookup, that needs to be balanced by\nexplicit dput().\n\nFucked-up-by: Al Viro <[email protected]>"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:28:36.441Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36947", "state": "PUBLISHED", "dateUpdated": "2024-11-07T17:54:49.575Z", "dateReserved": "2024-05-30T15:25:07.079Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T15:35:44.482Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix dentry leak\n\nsimple_recursive_removal() drops the pinning references to all positives\nin subtree. For the cases when its argument has been kept alive by\nthe pinning alone that's exactly the right thing to do, but here\nthe argument comes from dcache lookup, that needs to be balanced by\nexplicit dput().\n\nFucked-up-by: Al Viro <[email protected]>"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: qibfs: arreglar la fuga de dentry simple_recursive_removal() elimina las referencias de fijaci\u00f3n a todos los positivos en el sub\u00e1rbol. Para los casos en los que su argumento se ha mantenido vivo solo mediante la fijaci\u00f3n, eso es exactamente lo correcto, pero aqu\u00ed el argumento proviene de la b\u00fasqueda de dcache, que debe equilibrarse con dput() expl\u00edcito. Jodido por: Al Viro "}], "id": "CVE-2024-36947", "lastModified": "2024-11-21T09:22:52.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-30T16:15:17.647", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: qibfs: fix dentry leak", "id": "2284461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284461"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nqibfs: fix dentry leak\nsimple_recursive_removal() drops the pinning references to all positives\nin subtree. For the cases when its argument has been kept alive by\nthe pinning alone that's exactly the right thing to do, but here\nthe argument comes from dcache lookup, that needs to be balanced by\nexplicit dput().\nFucked-up-by: Al Viro <[email protected]>"], "name": "CVE-2024-36947", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36947\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36947\nhttps://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36947-e69f@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.159, kernel 6.1.91, kernel 6.6.31, kernel 6.8.10, kernel 6.9"}